-
公开(公告)号:US11803639B2
公开(公告)日:2023-10-31
申请号:US17232264
申请日:2021-04-16
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Geoffrey Ndu , Theofrastos Koulouris , Nigel Edwards
CPC classification number: G06F21/554 , G06F21/552 , G06F2221/034
Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.
-
公开(公告)号:US11650936B2
公开(公告)日:2023-05-16
申请号:US16926628
申请日:2020-07-10
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Melvin K. Benedict , Nigel Edwards , Eric L. Pope
CPC classification number: G06F12/1433 , G06F21/44
Abstract: Systems and methods are provided for binding one or more components to an identification component of a hardware module. Each of the serial numbers for the one or more components are included within a module-specific authentication certificate that is stored within the identification component of the hardware module. When connected to a computing platform, an authentication system of the computing platform is capable of retrieving the module-specific authentication certificate. The authentication system can compare the list of serial numbers included in the module-specific authentication certificate with one or more serial numbers read over a first interface. If the two lists of serial numbers match, the authentication system can flag the hardware module as authenticate through authentication of all components of the hardware module.
-
公开(公告)号:US11636209B2
公开(公告)日:2023-04-25
申请号:US17464832
申请日:2021-09-02
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Geoffrey Ndu , Ludovic Emmanuel Paul Noel Jacquin , Nigel Edwards
Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.
-
公开(公告)号:US20210397713A1
公开(公告)日:2021-12-23
申请号:US16903946
申请日:2020-06-17
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Geoffrey Ndu , Nigel Edwards
IPC: G06F21/57 , G06F13/24 , G06F12/0815
Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.
-
公开(公告)号:US11138315B2
公开(公告)日:2021-10-05
申请号:US15873419
申请日:2018-01-17
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Geoffrey Ndu , Ludovic Emmanuel Paul Noel Jacquin , Nigel Edwards
Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.
-
Patent Agency Ranking
公开(公告)号:US10853090B2
公开(公告)日:2020-12-01
申请号:US15876370
申请日:2018-01-22
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Ludovic Emmanuel Paul Noel Jacquin , Hamza Attak , Nigel Edwards , Guilherme de Campos Magalhaes
Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.
-
公开(公告)号:US10776493B2
公开(公告)日:2020-09-15
申请号:US16159365
申请日:2018-10-12
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Thomas M. Laffey , Ludovic Emmanuel Paul Noel Jacquin , Nigel Edwards
Abstract: Secure management of computing code is provided herein. The computing code corresponds to computing programs including firmware and software that are stored in the memory of a computing device. When a processor attempts to read or execute computing code, a security controller measures that code and/or corresponding program, thereby generating a security measurement value. The security controller uses the security measurement value to manage access to the memory. The security measurement value can be analyzed together with integrity values of the computing programs, which are calculated while holding the reset of the processor. The integrity values indicate the validity or identity of the stored computing programs, and provide a reference point with which computing programs being read or executed can be compared. The security controller can manage access to memory based on the security measurement value by hiding or exposing portions of the memory to the processor.
-
公开(公告)号:US10764065B2
公开(公告)日:2020-09-01
申请号:US16253853
申请日:2019-01-22
Applicant: Hewlett Packard Enterprise Development LP
Inventor: Nigel Edwards , Michael R. Krause
Abstract: A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.
-
公开(公告)号:US10372909B2
公开(公告)日:2019-08-06
申请号:US15241502
申请日:2016-08-19
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Michael John Wray , Nigel Edwards
Abstract: Example implementations relate to determination as to whether a process is infected with malware. For example, in an implementation, information of a process extracted from a snapshot of system memory is obtained. A determination as to whether the process is infected with malware is made based on a process model.
-
公开(公告)号:US10230531B2
公开(公告)日:2019-03-12
申请号:US15323705
申请日:2014-10-23
Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
Inventor: Nigel Edwards , Michael R. Krause
Abstract: A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.
-
-
-
-
-
-
-
-
-
Search Results
60
records
(took 0.025 seconds)
