-
公开(公告)号:US08510760B2
公开(公告)日:2013-08-13
申请号:US12987813
申请日:2011-01-10
IPC分类号: G06F9/44
CPC分类号: G06F12/0866 , G06F13/387
摘要: Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules.
摘要翻译: 这里描述了系统和方法来提供计算设备上的安全的主机资源管理。 其他实施例包括用于从隔离执行环境管理一个或多个主机设备驱动器的装置和系统。 另外的实施例包括用于从主机设备上的可管理资源查询和接收事件数据的方法。 另外的实施例包括用于将事件数据从一个或多个主机设备驱动程序报告给一个或多个能力模块的数据结构。
-
82.发明授权Secure platform voucher service for software components within an execution environment 有权在执行环境中的软件组件的安全平台凭证服务公开(公告)号:US08499151B2
公开(公告)日:2013-07-30
申请号:US13412382
申请日:2012-03-05
申请人: David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
发明人: David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
IPC分类号: H04L29/06
CPC分类号: G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要: Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.
摘要翻译: 用于执行环境中的软件的安全平台凭证服务的设备,物品,方法和系统。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制仅通过认证的,授权和验证的软件组件进行访问的存储器区域。 配置远程实体或网关只需要知道平台的公钥或证书层次结构来接收任何组件的验证。 验证或凭证有助于向远程实体确保在平台或网络上运行的恶意软件无法访问配置的资料。 代表在受保护的内存区域中提供的经认证/授权/验证的软件组件的软件组件可访问的基础平台来锁定和解锁秘密。
-
83.发明授权Using chipset-based protected firmware for host software tamper detection and protection 有权使用基于芯片组的保护固件进行主机软件篡改检测和保护公开(公告)号:US08490189B2
公开(公告)日:2013-07-16
申请号:US12586705
申请日:2009-09-25
IPC分类号: H04L29/00
CPC分类号: G06F17/30265 , G06F21/55 , G06F21/56 , G06F21/565 , G06F21/567 , G06F2221/2105
摘要: A method, system, and computer program product for a host software tamper detection and protection service. A secure partition that is isolated from a host operating system of the host system, which may be implemented by firmware of a chipset of the host system, obtains file metadata from the host system and uses the file metadata to identify a first file for examination for tampering. The secure partition obtains data blocks for the first file, communicates with a service via an out-of-band communication channel, and uses information obtained from the service and the data blocks to determine whether the first file has been corrupted. The secure partition obtains the file metadata and the data blocks for the first file without invoking an operating system or file system of the host system.
摘要翻译: 用于主机软件篡改检测和保护服务的方法,系统和计算机程序产品。 与主机系统的芯片组的固件实现的与主机系统的主机操作系统隔离的安全分区从主机系统获取文件元数据,并使用该文件元数据来识别第一文件以便检查 篡改。 安全分区获取第一文件的数据块,经由带外通信信道与服务通信,并使用从服务和数据块获得的信息来确定第一文件是否已被破坏。 安全分区在不调用主机系统的操作系统或文件系统的情况下获得文件元数据和第一文件的数据块。
-
84.发明授权Method and apparatus for supporting a virtual private network architecture on a partitioned platform 有权用于在分区平台上支持虚拟专用网络架构的方法和装置公开(公告)号:US08281387B2
公开(公告)日:2012-10-02
申请号:US11479609
申请日:2006-06-30
申请人: Ajay Gupta , Jeong Yoon , Jesse Walker , Kapil Sood , Karanvir Grewal , Hormuzd M. Khosravi
发明人: Ajay Gupta , Jeong Yoon , Jesse Walker , Kapil Sood , Karanvir Grewal , Hormuzd M. Khosravi
IPC分类号: G06F9/00
CPC分类号: H04L63/0272 , G06F21/562
摘要: A computer system includes a service partition, not directly accessible to a user, having a security agent to inspect data entering and exiting the computer system on a virtual private network (VPN) tunnel, and a service partition VPN unit to communicate with a VPN gateway. The computer system also includes a user partition, accessible to a user, having a user partition VPN unit to initiate construction of the VPN tunnel with the VPN gateway. Other embodiments are described and claimed.
摘要翻译: 计算机系统包括不能直接访问用户的服务分区,具有用于检查在虚拟专用网(VPN)隧道上进入和退出计算机系统的数据的安全代理以及与VPN网关通信的服务分区VPN单元 。 计算机系统还包括用户可访问的用户分区,具有用户分区VPN单元以启动与VPN网关的VPN隧道的构建。 描述和要求保护其他实施例。
-
公开(公告)号:US08281043B2
公开(公告)日:2012-10-02
申请号:US12836341
申请日:2010-07-14
CPC分类号: G06F3/0604 , G06F3/0617 , G06F3/0659 , G06F3/067
摘要: A method, apparatus, system, and computer program product for enabling out-of-band access to storage devices through port-sharing hardware. Providing out-of-band access to storage devices enables system management functions to be performed when an operating system is non-functional as well as when the operating system is active. Storage commands originating with a management service can be interleaved with storage commands issued by the host operating system. The host operating system maintains ownership and control over its storage devices, but management activities can be performed while the host operating system is operational.
摘要翻译: 一种用于通过端口共享硬件对存储设备进行带外访问的方法,装置,系统和计算机程序产品。 提供对存储设备的带外访问可使系统管理功能在操作系统不起作用以及操作系统处于活动状态时执行。 源自管理服务的存储命令可以与主机操作系统发出的存储命令交错。 主机操作系统维护对其存储设备的所有权和控制权,但是可以在主机操作系统运行时执行管理活动。
-
86.发明申请SECURE LOCAL BOOT USING THIRD PARTY DATA STORE (3PDS) BASED ISO IMAGE 有权使用第三方数据存储(3PDS)基于ISO映像的安全本地引导公开(公告)号:US20120159137A1
公开(公告)日:2012-06-21
申请号:US12970698
申请日:2010-12-16
IPC分类号: G06F15/177
CPC分类号: G06F21/572 , G06F21/575
摘要: In some embodiments, the invention involves a method and apparatus for secure/authenticated local boot of a host operating system on a computing platform using active management technology (AMT) with a third party data store (3PDS)-based ISO firmware image. A portion of non-volatile memory is hardware secured against access by the host processor and OS, and accessible only to the AMT. The AMT comprises an AT/ATAPI protocol emulator to access an ISO boot image from secured memory, while appearing to the host processor as a communication with an AT/ATAPI device. Other embodiments are described and claimed.
摘要翻译: 在一些实施例中,本发明涉及一种用于使用基于第三方数据存储(3PDS)的ISO固件映像的主动管理技术(AMT)在计算平台上安全/认证的主机操作系统本地引导的方法和装置。 非易失性存储器的一部分是由主机处理器和OS访问的硬件安全的,并且只能由AMT访问。 AMT包括AT / ATAPI协议仿真器,用于从安全存储器访问ISO引导映像,同时作为与AT / ATAPI设备的通信向主机处理器呈现。 描述和要求保护其他实施例。
-
公开(公告)号:US20110078799A1
公开(公告)日:2011-03-31
申请号:US12658876
申请日:2010-02-17
申请人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
发明人: Ravi L. Sahita , David M. Durham , Steve Orrin , Yasser Rasheed , Prasanna G. Mulgaonkar , Paul S. Schmitz , Hormuzd M. Khosravi
摘要: In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.
摘要翻译: 在一些实施例中,方法可以提供带外(OOB)代理来保护平台。 OOB代理可能能够使用非TRS方法来测量和保护带内安全代理。 在一些实施例中,可管理性引擎可以向带内和带外安全代理提供带外连接,并提供对系统存储器资源的访问,而不必依赖于OS服务。 这可以用于受信任的反恶意软件和修复服务。
-
88.发明申请公开(公告)号:US20100325729A1
公开(公告)日:2010-12-23
申请号:US12487878
申请日:2009-06-19
IPC分类号: G06F21/00
CPC分类号: G06F21/565
摘要: An embodiment may include circuitry that may be comprised in a host. The host may include memory and a host processor to execute an operating system. The circuitry may be to determine, independently of the operating system and the host processor, the authenticity of signature list information, based at least in part upon authentication information received by the circuitry from a remote server. The circuitry also may be to determine, independently of the operating system and the host processor, based at least in part upon comparison of at least one portion of the signature list information with at least one portion of contents of the memory, whether authorized and/or malicious data are present in the at least one portion of the contents of the memory. Of course, many variations, modifications, and alternatives are possible without departing from this embodiment.
摘要翻译: 实施例可以包括可以包括在主机中的电路。 主机可以包括存储器和主机处理器来执行操作系统。 该电路可以至少部分地基于电路从远程服务器接收的认证信息来独立于操作系统和主处理器来确定签名列表信息的真实性。 电路还可以至少部分地基于对签名列表信息的至少一部分与存储器的内容的至少一部分进行比较来独立于操作系统和主处理器来确定是否授权和/ 或恶意数据存在于存储器的内容的至少一部分中。 当然,在不偏离本实施例的情况下,可以进行许多变化,修改和替换。
-
89.发明授权Remote configuration, provisioning and/or updating in a layer two authentication network 有权在第二层认证网络中进行远程配置,配置和/或更新公开(公告)号:US07805512B2
公开(公告)日:2010-09-28
申请号:US11967139
申请日:2007-12-29
申请人: Hormuzd M. Khosravi
发明人: Hormuzd M. Khosravi
IPC分类号: G06F15/16
CPC分类号: H04L63/0823 , H04L63/0876 , H04L63/162 , H04W12/06
摘要: A device capable of remote configuration, provisioning and/or updating comprising a network detector capable of detecting a network regardless of the state of the operating system on the device, wherein the network requires layer two authentication, and an Embedded Trust Agent capable of generating an authentication credential for layer two authentication and communicating the authentication credential via a layer two authentication protocol without a functioning operating system.
摘要翻译: 一种能够进行远程配置,配置和/或更新的设备,包括能够检测网络而不管设备上的操作系统的状态如何的网络检测器,其中网络需要第二层认证,以及能够生成 用于第二层身份验证的身份验证凭证,并通过第二层身份验证协议传递身份验证凭证,而无需运行正常的操作系统。
-
90.发明申请DETECTION AND REPORTING OF VIRTUALIZATION MALWARE IN COMPUTER PROCESSOR ENVIRONMENTS 有权虚拟化恶意软件在计算机处理器环境中的检测和报告公开(公告)号:US20090328042A1
公开(公告)日:2009-12-31
申请号:US12165155
申请日:2008-06-30
申请人: Hormuzd M. Khosravi , David Durham
发明人: Hormuzd M. Khosravi , David Durham
CPC分类号: G06F21/52 , G06F12/10 , G06F21/566 , G06F21/74
摘要: Methods and systems to detect virtualization of computer system resources, such as by malware, include methods and systems to evaluate information corresponding to a computer processor operating environment, outside of or secure from the operating environment, which may include one or more of a system management mode of operation and a management controller system. Information may include processor register values. Information may be obtained from within the operating environment, such as with a host application running within the operating environment. Information may be obtained outside of the operating environment, such as from a system state map. Information obtained from within the operating environment may be compared to corresponding information obtained outside of the operating environment. Direct memory address (DMA) translation information may be used to determine whether an operating environment is remapping DMA accesses. Page tables, interrupt tables, and segmentation tables may be used to reconstruct a view of linear memory corresponding to the operating environment, which may be scanned for malware or authorized code and data.
摘要翻译: 检测诸如恶意软件的计算机系统资源的虚拟化的方法和系统包括评估与操作环境之外或安全的操作环境相对应的计算机处理器操作环境的信息的方法和系统,其可以包括一个或多个系统管理 操作模式和管理控制器系统。 信息可能包括处理器寄存器值。 可以在操作环境内获得信息,例如在操作环境中运行的主机应用程序。 信息可以在操作环境之外获取,例如从系统状态图。 从操作环境中获取的信息可以与在操作环境之外获得的相应信息进行比较。 可以使用直接存储器地址(DMA)转换信息来确定操作环境是否重映射DMA访问。 页表,中断表和分段表可以用于重构与操作环境相对应的线性存储器的视图,其可以扫描恶意软件或授权的代码和数据。
-
-
-
-
-
-
-
-
-
搜索结果
93 条记录 (耗时 0.039 秒)
