公开(公告)号：US20100037323A1

公开(公告)日：2010-02-11

申请号：US12538040

申请日：2009-08-07

申请人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

摘要翻译： 确保客户端的技术。 当诸如便携式计算机的客户端经历操作状态的改变时，操作系统代理向服务器发送状态消息。 状态消息描述客户端操作状态的变化。 操作系统代理是在客户机的操作系统中执行的一个或多个软件模块。 客户端从服务器收到策略消息。 策略消息包含一个BIOS代理存储在客户端的BIOS中的策略数据。 策略数据标识客户端应遵循的一个或多个安全策略。

公开(公告)号：US20100037291A1

公开(公告)日：2010-02-11

申请号：US12538044

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/20

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.

摘要翻译： 确保客户端的技术。 操作系统代理是在诸如便携式计算机的客户端的操作系统中执行的一个或多个软件模块。 操作系统代理的部分可以监视客户端的资源。 操作系统代理向BIOS代理发送一条描述操作系统代理的操作状态的消息。 BIOS代理是在客户端的BIOS中操作的一个或多个软件模块。 BIOS代理根据存储在客户端的BIOS内的策略数据描述的策略来执行动作。 响应于（a）消息描述的操作状态或（b）BIOS代理在预期的时间段之后未接收到消息的情况下，BIOS代理执行动作。

公开(公告)号：US20240205023A1

公开(公告)日：2024-06-20

申请号：US18587632

申请日：2024-02-26

申请人： Anahit Tarkhanyan ,  Ned M. Smith ,  Lawrence A. Booth, JR. ,  Periyakaruppan Kalaiyappan ,  Sunil Cheruvu

发明人： Anahit Tarkhanyan ,  Ned M. Smith ,  Lawrence A. Booth, JR. ,  Periyakaruppan Kalaiyappan ,  Sunil Cheruvu

IPC分类号： H04L9/32

CPC分类号： H04L9/3247

摘要： Various systems and methods for managing data provenance are described herein. A networked computing device is configured to receive, from an edge node, a first data and a first data provenance capsule for the first data; process the first data using a data transformation function to produce second data; generate a second data provenance capsule for the second data; bind the second data provenance capsule to the second data with a digital signature, the digital signature using the first data provenance capsule as an ingredient of the digital signature; and transmit the second data and the second data provenance capsule to a destination node.

公开(公告)号：US20230342478A1

公开(公告)日：2023-10-26

申请号：US18217341

申请日：2023-06-30

申请人： Vidya Ranganathan ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Vidya Ranganathan ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： G06F21/57 ,  G06F9/455

CPC分类号： G06F21/577 ,  G06F9/45558 ,  G06F2009/4557

摘要： Various systems and methods are described for implementing attestation operations. A computing device includes a processor; and memory to store instructions, which when executed by the processor, cause the computing device to: receive a workload from a source computing device over a network shared with the computing device; determine whether the workload has valid attestation; establish attestation for the workload when the workload does not have valid attestation; determine whether the attestation is compliant with a policy; and execute the workload when the attestation is compliant with the policy.

公开(公告)号：US08332953B2

公开(公告)日：2012-12-11

申请号：US12538040

申请日：2009-08-07

申请人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F7/04

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

摘要翻译： 确保客户端的技术。 当诸如便携式计算机的客户端经历操作状态的改变时，操作系统代理向服务器发送状态消息。 状态消息描述客户端操作状态的变化。 操作系统代理是在客户机的操作系统中执行的一个或多个软件模块。 客户端从服务器收到策略消息。 策略消息包含一个BIOS代理存储在客户端的BIOS中的策略数据。 策略数据标识客户端应遵循的一个或多个安全策略。

公开(公告)号：US20240244088A1

公开(公告)日：2024-07-18

申请号：US18622080

申请日：2024-03-29

申请人： Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： H04L9/40 ,  G06F9/50

CPC分类号： H04L63/20 ,  G06F9/5083 ,  H04L63/083

摘要： Various systems and methods for providing cloud-to-edge workload orchestration described herein. A computing node is configured to receive a distributed workload configuration including security intents; decompose, based on the distributed workload configuration, a workload into a plurality of sub-workloads; identify an infrastructure resource of the plurality of compute nodes to execute a sub-workload of the plurality of sub-workloads; determine that an operating environment of the infrastructure resource satisfies the security intents; bind the sub-workload to the infrastructure resource, wherein the binding produces a token that is presented by the sub-workload to the infrastructure resource, and wherein the token is used to ensure trust among framework layers; and deploy the sub-workload to the infrastructure resource.

公开(公告)号：US20240243924A1

公开(公告)日：2024-07-18

申请号：US18622200

申请日：2024-03-29

申请人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： H04L9/32

CPC分类号： H04L9/3247

摘要： Various systems and methods are described for implementing attestation microservices and an attestation microservice mesh for cloud-to-edge (C2E) and cloud-native deployments are disclosed. An example method performed by a computing node for coordinating attestation with a distributed workload includes: generating, with an attestation service, first attestation information to provide attestation of a resource at the computing node; generating, with the attestation service, second attestation information to provide attestation of a microservice at the computing node, with the microservice to use the resource at the computing node; generating, with the attestation service, third attestation information to provide attestation of a distributed workload, with the distributed workload to execute the microservice at the computing node; and outputting an attestation result for the distributed workload, based on the first attestation information, the second attestation information, and the third attestation information.

公开(公告)号：US08745383B2

公开(公告)日：2014-06-03

申请号：US12538044

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.

摘要翻译： 确保客户端的技术。 操作系统代理是在诸如便携式计算机的客户端的操作系统中执行的一个或多个软件模块。 操作系统代理的部分可以监视客户端的资源。 操作系统代理向BIOS代理发送一条描述操作系统代理的操作状态的消息。 BIOS代理是在客户端的BIOS中操作的一个或多个软件模块。 BIOS代理根据存储在客户端的BIOS内的策略数据描述的策略来执行动作。 响应于（a）消息描述的操作状态或（b）BIOS代理在预期的时间段之后未接收到消息的情况下，BIOS代理执行动作。

公开(公告)号：US20240259465A1

公开(公告)日：2024-08-01

申请号：US18619949

申请日：2024-03-28

申请人： Igor Duarte Cardoso ,  Todd Malsbary ,  Eric W. Multanen ,  Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam

发明人： Igor Duarte Cardoso ,  Todd Malsbary ,  Eric W. Multanen ,  Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam

IPC分类号： H04L67/10 ,  G06F11/30 ,  G06F21/57

CPC分类号： H04L67/10 ,  G06F11/3006 ,  G06F21/577

摘要： Various systems and methods for providing intent-based workload orchestration described herein. A data center system may include a plurality of compute nodes and an orchestration node. The orchestration node may be configured to identify a workload for execution on the plurality of compute nodes; identify intents that define requirements for the execution of the workload on the plurality of compute nodes; monitor the execution of the workload to produce monitoring data; and control the execution of the workload based on the intents and the monitoring data, to dynamically adapt to changed conditions during the execution of the workload.

公开(公告)号：US08556991B2

公开(公告)日：2013-10-15

申请号：US12613440

申请日：2009-11-05

申请人： Anahit Tarkhanyan ,  Ravi Gupta

发明人： Anahit Tarkhanyan ,  Ravi Gupta

IPC分类号： G08B29/00

CPC分类号： G06F21/57 ,  G06F21/6218 ,  G06F21/88

摘要： Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client.

摘要翻译： 保护客户资源免遭盗窃或未经授权访问的技术。 BIOS代理将策略数据存储在客户机的BIOS中。 BIOS代理是在客户端的BIOS中运行的一个或多个软件模块。 策略数据描述了客户端要遵循的一个或多个安全策略。 响应于客户机遵循一个或多个安全策略中的至少一个，通过指示持久存储介质的控制器来拒绝对任何实体访问存储在永久存储器上的数据的客户端的持久存储介质 除非实体向控制者提供认可的认证凭证。 以这种方式，即使永久存储介质从客户端移除，恶意用户无法访问认可的认证凭证，也不能访问存储在持久存储介质上的数据。