公开(公告)号：US08745224B2

公开(公告)日：2014-06-03

申请号：US11321271

申请日：2005-12-28

申请人： Ned M. Smith

发明人： Ned M. Smith

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： G06F21/85 ,  G06F21/74 ,  G06F2221/2105 ,  G06F2221/2141

摘要： A method and apparatus for dynamic provisioning of an access control policy in an input/output (I/O) controller hub are described. In one embodiment, the method includes the establishment of a control channel during evaluation stages of a network access request. In one embodiment, the control channel enables resource enumeration of a hardware platform while disabling data read/write processing of the hardware platform. Once resource enumeration is completed, conditional control settings for each enumerated platform resource are sent to a network policy decision point. Once transmitted, if the conditional control settings identify the hardware platform as having a non-compliant configuration, conditional control settings for at least one enumerated resource of the hardware platform are modified according to a received access control policy to provide compliance of the hardware platform configuration to enable network access. Other embodiments are described and claimed.

摘要翻译： 描述了用于在输入/输出（I / O）控制器集线器中动态供应访问控制策略的方法和装置。 在一个实施例中，该方法包括在网络访问请求的评估阶段期间建立控制信道。 在一个实施例中，控制通道在禁用硬件平台的数据读/写处理的同时能够实现硬件平台的资源枚举。 一旦资源枚举完成，每个枚举的平台资源的条件控制设置被发送到网络策略决策点。 一旦传输，如果条件控制设置将硬件平台识别为具有不兼容配置，则根据接收到的访问控制策略修改硬件平台的至少一个枚举资源的条件控制设置，以提供硬件平台配置的符合性 启用网络访问。 描述和要求保护其他实施例。

公开(公告)号：US20130248717A1

公开(公告)日：2013-09-26

申请号：US13992001

申请日：2011-12-28

申请人： Victoria C. Moore ,  Ned M. Smith

发明人： Victoria C. Moore ,  Ned M. Smith

IPC分类号： G01J5/02

CPC分类号： G01J5/02 ,  G06F11/3058 ,  G06F13/14 ,  G06F21/00 ,  G06F21/31 ,  G06F2221/2133 ,  G06F2221/2139

摘要： According to some embodiments, a method and apparatus are provided to receive a first signal from a sensor, determine that a user is present based on the received first signal, receive a second signal from the sensor, and determine if the user is still present based on the received second signal.

摘要翻译： 根据一些实施例，提供了一种方法和装置，用于从传感器接收第一信号，基于接收的第一信号确定用户存在，从传感器接收第二信号，并确定用户是否仍然存在 接收到的第二个信号。

公开(公告)号：US20120303952A1

公开(公告)日：2012-11-29

申请号：US13116698

申请日：2011-05-26

申请人： Ned M. Smith ,  Sanjay Bakshi ,  Suresh Sugumar

发明人： Ned M. Smith ,  Sanjay Bakshi ,  Suresh Sugumar

IPC分类号： H04L9/32

CPC分类号： H04L63/10 ,  G06F21/44 ,  G06F21/629 ,  H04L63/0823 ,  H04L63/0876

摘要： A manageability engine or adjunct processor on a computer platform may receive a request for activation and use of features embedded within that platform from a service provider authorized by the manageability engine's manufacturer. The manageability engine may initiate a request for authority through the service provider to a permit server. The permit server may provide, through the service provider, proof of the service provider's authority, together with a certificate identifying the service provider. Then the manageability engine may enable activation of the features on the platform coupled to the manageability engine, but only by the one particular service provider who has been authorized.

摘要翻译： 计算机平台上的可管理引擎或附属处理器可以从可管理引擎制造商授权的服务提供商接收对该平台内嵌的特征的激活和使用的请求。 可管理性引擎可以通过服务提供商向许可服务器发起对权限的请求。 许可证服务器可以通过服务提供商提供服务提供商的权限的证明，以及标识服务提供商的证书。 然后可管理性引擎可以启用耦合到可管理性引擎的平台上的功能的激活，但是仅由被授权的一个特定服务提供商激活。

公开(公告)号：US20120047580A1

公开(公告)日：2012-02-23

申请号：US12858882

申请日：2010-08-18

申请人： Ned M. Smith ,  Gunner D. Danneels ,  Vedvyas Shanbhogue ,  Suresh Sugumar

发明人： Ned M. Smith ,  Gunner D. Danneels ,  Vedvyas Shanbhogue ,  Suresh Sugumar

IPC分类号： G06F21/00

CPC分类号： G06F21/53 ,  G06F21/564 ,  G06F21/575

摘要： An antivirus (AV) application specifies a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest. A loader verifies the fault handler code image and the fault handler manifest, creates a first security domain having a first security level, copies the fault handler code image to memory associated with the first security domain, and initiates execution of the fault handler. The loader requests the locking of memory pages in the guest OS that are reserved for the AV application. The fault handler locks the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory.

摘要翻译： 防病毒（AV）应用程序指定故障处理程序代码映像，故障处理程序清单，AV应用程序的存储位置和AV应用程序清单。 加载程序验证故障处理程序代码映像和故障处理程序清单，创建具有第一安全级别的第一安全域，将故障处理程序代码映像复制到与第一安全域相关联的存储器，并启动故障处理程序的执行。 加载程序请求锁定为AV应用程序保留的访客操作系统中的内存页面。 故障处理器通过在客户机操作系统内存中的选定代码段上设置陷阱来锁定加载到客户机操作系统内存中的AV应用程序的可执行代码映像。

公开(公告)号：US20110145558A1

公开(公告)日：2011-06-16

申请号：US12636884

申请日：2009-12-14

申请人： Hormuzd M. Khosravi ,  Ajith K. Illendula ,  Ned M. Smith ,  Yasser Rasheed ,  Tracie L. Zenti ,  Bryan K. Jorgensen

发明人： Hormuzd M. Khosravi ,  Ajith K. Illendula ,  Ned M. Smith ,  Yasser Rasheed ,  Tracie L. Zenti ,  Bryan K. Jorgensen

IPC分类号： G06F15/177 ,  G06F13/00

CPC分类号： G06F9/4416 ,  G06F13/105 ,  G06F13/4027

摘要： A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional.

摘要翻译： 管理引擎可用于在引导过程期间以及其后响应于操作系统枚举来捕获配置周期。 结果，可以创建虚拟总线设备。 总线设备可用于将软件提供给平台，即使操作系统损坏或不起作用。

公开(公告)号：US20240205023A1

公开(公告)日：2024-06-20

申请号：US18587632

申请日：2024-02-26

申请人： Anahit Tarkhanyan ,  Ned M. Smith ,  Lawrence A. Booth, JR. ,  Periyakaruppan Kalaiyappan ,  Sunil Cheruvu

发明人： Anahit Tarkhanyan ,  Ned M. Smith ,  Lawrence A. Booth, JR. ,  Periyakaruppan Kalaiyappan ,  Sunil Cheruvu

IPC分类号： H04L9/32

CPC分类号： H04L9/3247

摘要： Various systems and methods for managing data provenance are described herein. A networked computing device is configured to receive, from an edge node, a first data and a first data provenance capsule for the first data; process the first data using a data transformation function to produce second data; generate a second data provenance capsule for the second data; bind the second data provenance capsule to the second data with a digital signature, the digital signature using the first data provenance capsule as an ingredient of the digital signature; and transmit the second data and the second data provenance capsule to a destination node.

公开(公告)号：US20220116445A1

公开(公告)日：2022-04-14

申请号：US17559968

申请日：2021-12-22

申请人： Miltiadis Filippou ,  Dario Sabella ,  Kishen Maloor ,  Ned M. Smith

发明人： Miltiadis Filippou ,  Dario Sabella ,  Kishen Maloor ,  Ned M. Smith

IPC分类号： H04L67/10 ,  H04L67/12 ,  H04L67/568 ,  H04L41/0803

摘要： A machine-readable storage medium includes instructions stored thereupon, which when executed by processing circuitry of a computing node operable to implement a service mesh control plane (SMCP) in a MEC network, cause the processing circuitry to decode an attestation request received from a sidecar proxy of a deployable instance. The sidecar proxy is instantiated on a MEC host. Evidence information is collected from the deployable instance responsive to the attestation request, the evidence information comprising at least one security configuration of the deployable instance. An attestation of the evidence information is performed using a verified configuration of the deployable instance to generate an integrity report. An attestation token is generated based on the integrity report and is encoded for transmission to the MEC host. The attestation token authorizes the sidecar proxy to obtain configuration to facilitate a data exchange between the deployable instance and at least another deployable instance.

公开(公告)号：US20210314365A1

公开(公告)日：2021-10-07

申请号：US17351004

申请日：2021-06-17

申请人： Ned M. Smith ,  Jose Benchimol ,  Andrew Draper

发明人： Ned M. Smith ,  Jose Benchimol ,  Andrew Draper

IPC分类号： H04L29/06 ,  G06F11/34

摘要： Various examples of device and system implementations and methods for performing end-to-end attestation operations for multi-layer hardware devices are disclosed. In an example, attestation operations are performed by a verifier, including: obtaining layered attestation evidence regarding a state of a compute device, with the layered attestation evidence including attesting evidence provided from a second hardware layer of the compute device, such that the attesting evidence provided from the second hardware layer is generated from attesting evidence provided from a first hardware layer of the compute device to the second hardware layer of the compute device; obtaining endorsement information relating to the layered attestation evidence for the state of the compute device; determining an appraisal policy for performing attestation of the compute device from the layered attestation evidence; and applying the appraisal policy and the endorsement information to the layered attestation evidence, to perform attestation of the compute device.

公开(公告)号：US20210112456A1

公开(公告)日：2021-04-15

申请号：US17131407

申请日：2020-12-22

申请人： Satish Chandra Jha ,  S M Iftekharul Alam ,  Ned M. Smith ,  Vesh Raj Sharma Banjade ,  Xiaoyun May Wu ,  Ignacio Javier Alvarez Martinez ,  Arvind Merwaday

发明人： Satish Chandra Jha ,  S M Iftekharul Alam ,  Ned M. Smith ,  Vesh Raj Sharma Banjade ,  Xiaoyun May Wu ,  Ignacio Javier Alvarez Martinez ,  Arvind Merwaday

IPC分类号： H04W28/10 ,  H04W28/02 ,  H04W40/24 ,  H04W40/30 ,  H04L12/24

摘要： Various systems and methods for improving connectivity of a Mobility-as-a-Service (MaaS) node are described herein, including categorizing MaaS communication traffic of a MaaS node into different levels of priority and controlling duplication or repetition of the MaaS communication traffic using the categorized level of priority of the MaaS communication traffic.

公开(公告)号：US20200027022A1

公开(公告)日：2020-01-23

申请号：US16586593

申请日：2019-09-27

申请人： Satish Chandra Jha ,  S M Iftekharul Alam ,  Ned M. Smith

发明人： Satish Chandra Jha ,  S M Iftekharul Alam ,  Ned M. Smith

IPC分类号： G06N20/00 ,  H04L29/08

摘要： Systems and techniques for distributed machine learning (DML) in an information centric network (ICN) are described herein. Finite message exchanges, such as those used in many DML exercises, may be efficiently implemented by treating certain data packets as interest packets to reduce overall network overhead when performing the finite message exchange. Further, network efficiency in DML may be improved achieved by using local coordinating nodes to manage devices participating in a distributed machine learning exercise. Additionally, modifying a round of DML training to accommodate available participant devices, such as by using a group quality of service metric to select the devices, or extending the round execution parameters to include additional devices, may have an impact on DML performance.