-
1.发明申请UNAUTHORIZED ACCESS AND/OR INSTRUCTION PREVENTION, DETECTION, AND/OR REMEDIATION, AT LEAST IN PART, BY STORAGE PROCESSOR 有权未经授权的访问和/或指令的预防,检测和/或修复,至少由存储处理器公开(公告)号:US20140109170A1
公开(公告)日:2014-04-17
申请号:US13995244
申请日:2012-10-17
申请人: Daniel Nemiroff , Paul J. Thadikaran , Paritosh Saxena , Nicholas D. Triantafillou , Andrew H. Gafken
发明人: Daniel Nemiroff , Paul J. Thadikaran , Paritosh Saxena , Nicholas D. Triantafillou , Andrew H. Gafken
IPC分类号: G06F21/55
CPC分类号: G06F21/55 , G06F21/554 , G06F21/568 , G06F21/78
摘要: An embodiment may include a storage processor that may be comprised, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute at least one host operating system (OS). The storage processor may execute at least one operation in isolation from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may facilitate, at least in part: (1) prevention, at least in part, of unauthorized access to storage, (2) prevention, at least in part, of execution by the at least one host CPU of at least one unauthorized instruction, (3) detection, at least in part, of the at least one unauthorized instruction, and/or (4) remediation, at least in part, of at least one condition associated, at least in part, with the at least unauthorized instruction.
摘要翻译: 一个实施例可以包括可以至少部分地包括在主机中的存储处理器。 主机可以包括至少一个主机中央处理单元(CPU),以执行至少一个主机操作系统(OS)。 存储处理器可以与至少一个主机CPU和至少一个主机OS的干扰和控制隔离起来执行至少一个操作。 所述至少一个操作可以至少部分地促进:(1)至少部分地防止非法访问存储,(2)至少部分地防止所述至少一个主机CPU执行 至少一个未经授权的指令,(3)至少部分地至少检测至少一个未经授权的指令,和/或(4)至少部分地至少部分地与 至少未经授权的指令。
-
公开(公告)号:US09367328B2
公开(公告)日:2016-06-14
申请号:US13536859
申请日:2012-06-28
申请人: Daniel Nemiroff , Paul J. Thadikaran , Andrew H. Gafken , Purushottam Goel , Nicholas D. Triantafillou , Paritosh Saxena , Debra Cablao
发明人: Daniel Nemiroff , Paul J. Thadikaran , Andrew H. Gafken , Purushottam Goel , Nicholas D. Triantafillou , Paritosh Saxena , Debra Cablao
CPC分类号: G06F21/577 , G06F9/4401 , G06F21/554 , G06F21/561 , G06F21/575 , G06F21/6218 , G06F21/64 , G06F2221/033 , H04L9/3247
摘要: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.
摘要翻译: 描述用于主机OS组件的带外验证的技术和系统的实施例。 在实施例中,带外主机OS引导序列验证系统(“BSVS”)可以在主机OS进程或“带外”检测的情况下访问系统存储器.BSVS可以访问系统存储器中的主机OS组件 并且可以从主机OS组件的内存覆盖区生成签名。 然后可以将这些签名与可信签名进行比较以验证主机OS组件的完整性。 在实施例中,可以在主机OS的引导期间或者根据需要执行该验证。 在实施例中,信任签名可以在引导之前被BSVS预先存储; 在一些实施例中,可信任签名可以被预先计算,然后由BSVS存储。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20140006760A1
公开(公告)日:2014-01-02
申请号:US13536859
申请日:2012-06-28
申请人: Daniel Nemiroff , Paul J. Thadikaran , Andrew H. Gafken , Purushottam Goel , Nicholas D. Triantafillou , Paritosh Saxena , Debra Cablao
发明人: Daniel Nemiroff , Paul J. Thadikaran , Andrew H. Gafken , Purushottam Goel , Nicholas D. Triantafillou , Paritosh Saxena , Debra Cablao
IPC分类号: G06F15/177 , H04L9/32
CPC分类号: G06F21/577 , G06F9/4401 , G06F21/554 , G06F21/561 , G06F21/575 , G06F21/6218 , G06F21/64 , G06F2221/033 , H04L9/3247
摘要: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.
摘要翻译: 描述用于主机OS组件的带外验证的技术和系统的实施例。 在实施例中,带外主机OS引导序列验证系统(“BSVS”)可以在主机OS进程或“带外”的检测的情况下访问系统存储器。 BSVS可以访问系统存储器中的主机OS组件,并且可以从主机OS组件的内存占用中产生签名。 然后可以将这些签名与可信签名进行比较以验证主机OS组件的完整性。 在实施例中,可以在主机OS的引导期间或者根据需要执行该验证。 在实施例中,信任签名可以在引导之前被BSVS预先存储; 在一些实施例中,可信任签名可以被预先计算,然后由BSVS存储。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20120159041A1
公开(公告)日:2012-06-21
申请号:US12971670
申请日:2010-12-17
申请人: Paritosh Saxena , Nicholas D. Triantafillou , Paul J. Thadikaran , Mark E. Scott-Nash , Sanjeev N. Trika , Akshay Kadam , Karthikeyan Vaidyanathan , Richard Mangold
发明人: Paritosh Saxena , Nicholas D. Triantafillou , Paul J. Thadikaran , Mark E. Scott-Nash , Sanjeev N. Trika , Akshay Kadam , Karthikeyan Vaidyanathan , Richard Mangold
CPC分类号: G06F21/79 , G06F21/31 , G06F21/57 , G06F21/575 , G06F21/78 , G06F2221/2101 , G06F2221/2127
摘要: An anti-malware approach uses a storage drive with the capability to lock selected memory areas. Platform assets such as OS objects are stored in the locked areas and thus, unauthorized changes to them may not be made by an anti-malware entity.
摘要翻译: 反恶意软件方法使用具有锁定所选存储区域的能力的存储驱动器。 诸如OS对象的平台资产存储在锁定区域中,因此,未经反恶意软件实体可能未对其进行修改。
-
5.发明授权User controllable platform-level trigger to set policy for protecting platform from malware 有权用户可控的平台级触发器设置保护平台免受恶意软件的策略公开(公告)号:US09372988B2
公开(公告)日:2016-06-21
申请号:US13976253
申请日:2011-12-22
CPC分类号: G06F21/56 , G06F21/554 , G06F21/566 , H04L63/145
摘要: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.
摘要翻译: 描述了保护存储在设备的存储系统中的数据免受恶意软件交替的系统,设备和方法的实施例。 在一些实施例中,系统接收到要保护数据的指示。 此外,系统进一步触发设备的中断,并保护数据免受恶意软件的交替。
-
6.发明授权Systems and methods for providing anti-malware protection on storage devices 有权在存储设备上提供防恶意软件保护的系统和方法公开(公告)号:US09183390B2
公开(公告)日:2015-11-10
申请号:US13976373
申请日:2011-12-22
申请人: Paul J. Thadikaran , Adam Greer Wright , Thomas R. Bowen , Janet Yabeny Sholar , Reginald D. Nepomuceno , Nicholas D. Triantafillou , Richard Paul Mangold , Darren Lasko , Anand S. Ramalingam , Paritosh Saxena , Unnikrishnan Jayakumar , William B. Lindquist , John A. List
发明人: Paul J. Thadikaran , Adam Greer Wright , Thomas R. Bowen , Janet Yabeny Sholar , Reginald D. Nepomuceno , Nicholas D. Triantafillou , Richard Paul Mangold , Darren Lasko , Anand S. Ramalingam , Paritosh Saxena , Unnikrishnan Jayakumar , William B. Lindquist , John A. List
IPC分类号: G06F21/56
CPC分类号: G06F21/56 , G06F21/566 , G06F21/567 , G06F21/78 , H04L63/08 , H04L63/145
摘要: Systems and methods for providing anti-malware protection on storage devices are described. In one embodiment, a storage device includes a controller, firmware, and memory. The firmware communicates with an authorized entity (e.g., external entity, operating system) to establish a secure communication channel. The system includes secure storage to securely store data.
摘要翻译: 描述了在存储设备上提供防恶意软件保护的系统和方法。 在一个实施例中,存储设备包括控制器,固件和存储器。 固件与授权实体(例如,外部实体,操作系统)通信以建立安全通信信道。 该系统包括安全存储以安全地存储数据。
-
7.发明申请ACTIVATION AND MONETIZATION OF FEATURES BUILT INTO STORAGE SUBSYSTEMS USING A TRUSTED CONNECT SERVICE BACK END INFRASTRUCTURE 有权使用有辱人格的连接服务后端基础设施将特征的活动和功能引入存储子系统公开(公告)号:US20130291070A1
公开(公告)日:2013-10-31
申请号:US13976258
申请日:2011-12-22
申请人: Nicholas D. Triantafillou , Terry Ryun Bradfield , Paritosh Saxena , Paul J. Thadikaran , David Owen Novick
发明人: Nicholas D. Triantafillou , Terry Ryun Bradfield , Paritosh Saxena , Paul J. Thadikaran , David Owen Novick
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , G06F21/12 , G06F21/56 , G06F21/606 , G06F21/78 , H04L2463/101
摘要: Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel.
摘要翻译: 描述了实现耦合到客户机的存储系统的增值存储服务的系统,装置和方法的实施例。 在一些实施例中,系统为客户端建立安全的信任根。 此外,系统在客户端的应用程序和客户端的存储系统之间建立安全通道。 此外,系统安全地将增值存储服务的许可证下载到存储系统,并通过安全隧道将许可从存储系统提供给应用。
-
8.发明申请SYSTEMS AND METHODS FOR PROVIDING DYNAMIC FILE SYSTEM AWARENESS ON STORAGE DEVICES 有权用于在存储设备上提供动态文件系统意识的系统和方法公开(公告)号:US20130275479A1
公开(公告)日:2013-10-17
申请号:US13976378
申请日:2011-12-22
IPC分类号: G06F17/30
CPC分类号: G06F17/30082 , G06F3/062 , G06F3/0643 , G06F3/0673 , G06F21/562 , G06F21/80
摘要: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.
摘要翻译: 描述用于提供对存储设备上的主机文件系统的认知的系统和方法。 在一个实施例中,存储设备包括主机接口和文件感知块。 主机接口提供主机和存储设备之间的接口。 文件感知块提供主机文件系统对存储设备的意识。
-
9.发明授权Systems and methods for providing dynamic file system awareness on storage devices 有权在存储设备上提供动态文件系统感知的系统和方法公开(公告)号:US09529805B2
公开(公告)日:2016-12-27
申请号:US13976378
申请日:2011-12-22
CPC分类号: G06F17/30082 , G06F3/062 , G06F3/0643 , G06F3/0673 , G06F21/562 , G06F21/80
摘要: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.
摘要翻译: 描述用于提供对存储设备上的主机文件系统的认知的系统和方法。 在一个实施例中,存储设备包括主机接口和文件感知块。 主机接口提供主机和存储设备之间的接口。 文件感知块提供主机文件系统对存储设备的意识。
-
公开(公告)号:US09135446B2
公开(公告)日:2015-09-15
申请号:US13630043
申请日:2012-09-28
CPC分类号: H04L63/14 , G06F21/10 , G06F21/57 , H04L63/029 , H04L63/0428 , H04L63/0478
摘要: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, transferring first data from the storage device to the agent via the secure tunnel, the secure tunnel to prevent software executing in an operating system from modifying the data, and identifying a data modification by comparing the first data to second data.
摘要翻译: 公开了提供安全存储的系统和方法。 示例性方法包括在存储设备和代理之间建立安全通道,经由安全隧道将第一数据从存储设备传送到代理,安全隧道以防止操作系统中的软件执行修改数据,以及识别 通过将第一数据与第二数据进行比较来进行数据修改。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.028 秒)
