公开(公告)号：US20190238560A1

公开(公告)日：2019-08-01

申请号：US16116896

申请日：2018-08-29

Applicant: Intel Corporation

Inventor： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Paul J. Thadikaran ,  David M. Durham

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/10

CPC classification number: H04L63/14 ,  G06F21/10 ,  G06F21/57 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/0478

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

公开(公告)号：US09916454B2

公开(公告)日：2018-03-13

申请号：US15187530

申请日：2016-06-20

Applicant: Intel Corporation

Inventor： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Thomas R. Bowen ,  Paritosh Saxena

IPC: G06F21/57 ,  G06F12/14

CPC classification number: G06F21/575 ,  G06F12/1441 ,  G06F12/1466 ,  G06F2212/1052

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

公开(公告)号：US20160283721A1

公开(公告)日：2016-09-29

申请号：US15179665

申请日：2016-06-10

Applicant: Intel Corporation

Inventor： Daniel Nemiroff ,  Paul J. Thadikaran ,  Andrew H. Gafken ,  Purushottam Goel ,  Nicholas D. Triantafillou ,  Paritosh Saxena ,  Debra Cablao

IPC: G06F21/57 ,  G06F21/64 ,  G06F21/62 ,  G06F21/56

CPC classification number: G06F21/577 ,  G06F9/4401 ,  G06F21/554 ,  G06F21/561 ,  G06F21/575 ,  G06F21/6218 ,  G06F21/64 ,  G06F2221/033 ,  H04L9/3247

Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

Abstract translation: 描述用于主机OS组件的带外验证的技术和系统的实施例。 在实施例中，带外主机OS引导序列验证系统（“BSVS”）可以在主机OS进程或“带外”检测的情况下访问系统存储器.BSVS可以访问系统存储器中的主机OS组件 并且可以从主机OS组件的内存覆盖区生成签名。 然后可以将这些签名与可信签名进行比较以验证主机OS组件的完整性。 在实施例中，可以在主机OS的引导期间或者根据需要执行该验证。 在实施例中，信任签名可以在引导之前被BSVS预先存储; 在一些实施例中，可信任签名可以被预先计算，然后由BSVS存储。 可以描述和要求保护其他实施例。

公开(公告)号：US20150341371A1

公开(公告)日：2015-11-26

申请号：US14818654

申请日：2015-08-05

Applicant: INTEL CORPORATION

Inventor： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Paul J. Thadikaran ,  David Michael Durham

IPC: H04L29/06

CPC classification number: H04L63/14 ,  G06F21/10 ,  G06F21/57 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/0478

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

Abstract translation: 公开了提供安全存储的系统和方法。 示例性方法包括在存储设备和代理之间建立安全通道，经由安全隧道从代理向存储设备提供命令，响应于命令访问存储设备处的第一数据，并且识别对数据的修改 通过将第一数据与第二数据进行比较来存储在存储装置上，其中使用存储装置进行比较。

公开(公告)号：US10019574B2

公开(公告)日：2018-07-10

申请号：US15391702

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Paritosh Saxena

IPC: G06F21/56 ,  G06F17/30 ,  G06F3/06 ,  G06F21/80

CPC classification number: G06F21/564 ,  G06F3/0623 ,  G06F3/0643 ,  G06F3/0673 ,  G06F16/13 ,  G06F16/14 ,  G06F21/565 ,  G06F21/567 ,  G06F21/575 ,  G06F21/78 ,  G06F21/80 ,  G06F2221/034

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

公开(公告)号：US10091213B2

公开(公告)日：2018-10-02

申请号：US14818654

申请日：2015-08-05

Applicant: INTEL CORPORATION

Inventor： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Paul J. Thadikaran ,  David Michael Durham

IPC: H04L29/06 ,  G06F21/10 ,  G06F21/57

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

公开(公告)号：US20170235953A1

公开(公告)日：2017-08-17

申请号：US15391702

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Paritosh Saxena

IPC: G06F21/56 ,  G06F3/06 ,  G06F21/80 ,  G06F17/30

CPC classification number: G06F21/564 ,  G06F3/0623 ,  G06F3/0643 ,  G06F3/0673 ,  G06F17/30091 ,  G06F17/301 ,  G06F21/565 ,  G06F21/567 ,  G06F21/575 ,  G06F21/78 ,  G06F21/80 ,  G06F2221/034

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

公开(公告)号：US09158916B2

公开(公告)日：2015-10-13

申请号：US13995244

申请日：2012-10-17

Applicant: Intel Corporation

Inventor： Daniel Nemiroff ,  Paul J. Thadikaran ,  Paritosh Saxena ,  Nicholas D. Triantafillou ,  Andrew H. Gafken

IPC: G06F21/00 ,  G06F21/55

CPC classification number: G06F21/55 ,  G06F21/554 ,  G06F21/568 ,  G06F21/78

Abstract: An embodiment may include a storage processor that may be comprised, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute at least one host operating system (OS). The storage processor may execute at least one operation in isolation from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may facilitate, at least in part: (1) prevention, at least in part, of unauthorized access to storage, (2) prevention, at least in part, of execution by the at least one host CPU of at least one unauthorized instruction, (3) detection, at least in part, of the at least one unauthorized instruction, and/or (4) remediation, at least in part, of at least one condition associated, at least in part, with the at least unauthorized instruction.

Abstract translation: 一个实施例可以包括可以至少部分地包括在主机中的存储处理器。 主机可以包括至少一个主机中央处理单元（CPU），以执行至少一个主机操作系统（OS）。 存储处理器可以与至少一个主机CPU和至少一个主机OS的干扰和控制隔离起来执行至少一个操作。 所述至少一个操作可以至少部分地促进：（1）至少部分地防止非法访问存储，（2）至少部分地防止所述至少一个主机CPU执行 至少一个未经授权的指令，（3）至少部分地至少检测至少一个未经授权的指令，和/或（4）至少部分地至少部分地与 至少未经授权的指令。