OUT-OF-BAND HOST OS BOOT SEQUENCE VERIFICATION
    5.
    发明申请
    OUT-OF-BAND HOST OS BOOT SEQUENCE VERIFICATION 审中-公开
    带外操作系统引导序列验证

    公开(公告)号:US20160283721A1

    公开(公告)日:2016-09-29

    申请号:US15179665

    申请日:2016-06-10

    Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.

    Abstract translation: 描述用于主机OS组件的带外验证的技术和系统的实施例。 在实施例中,带外主机OS引导序列验证系统(“BSVS”)可以在主机OS进程或“带外”检测的情况下访问系统存储器.BSVS可以访问系统存储器中的主机OS组件 并且可以从主机OS组件的内存覆盖区生成签名。 然后可以将这些签名与可信签名进行比较以验证主机OS组件的完整性。 在实施例中,可以在主机OS的引导期间或者根据需要执行该验证。 在实施例中,信任签名可以在引导之前被BSVS预先存储; 在一些实施例中,可信任签名可以被预先计算,然后由BSVS存储。 可以描述和要求保护其他实施例。

    Providing integrity verification and attestation in a hidden execution environment
    6.
    发明授权
    Providing integrity verification and attestation in a hidden execution environment 有权
    在隐藏的执行环境中提供完整性验证和证明

    公开(公告)号:US08887267B2

    公开(公告)日:2014-11-11

    申请号:US13782484

    申请日:2013-03-01

    CPC classification number: G06F21/554 G06F21/44 G06F21/57 G06F21/64

    Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.

    Abstract translation: 在一个实施例中,处理器包括微代码存储器,其包括处理器指令,用于创建和执行在系统软件不可见的隐藏环境中执行的隐藏资源管理器(HRM)。 处理器还可以包括扩展寄存器,用于存储包括隐藏环境的至少一个内核代码模块的测量值和至少一个内核代码模块的验证状态的安全信息。 描述和要求保护其他实施例。

    PLATFORM SECURITY MECHANISM
    7.
    发明申请

    公开(公告)号:US20210312044A1

    公开(公告)日:2021-10-07

    申请号:US17354125

    申请日:2021-06-22

    Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

    Secure access management of devices

    公开(公告)号:US10049234B2

    公开(公告)日:2018-08-14

    申请号:US15144331

    申请日:2016-05-02

    Abstract: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.

    Providing integrity verification and attestation in a hidden execution environment
    10.
    发明授权
    Providing integrity verification and attestation in a hidden execution environment 有权
    在隐藏的执行环境中提供完整性验证和证明

    公开(公告)号:US09195824B2

    公开(公告)日:2015-11-24

    申请号:US14496186

    申请日:2014-09-25

    CPC classification number: G06F21/554 G06F21/44 G06F21/57 G06F21/64

    Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.

    Abstract translation: 在一个实施例中,处理器包括微代码存储器,其包括处理器指令,用于创建和执行在系统软件不可见的隐藏环境中执行的隐藏资源管理器(HRM)。 处理器还可以包括扩展寄存器,用于存储包括隐藏环境的至少一个内核代码模块的测量值和至少一个内核代码模块的验证状态的安全信息。 描述和要求保护其他实施例。

Patent Agency Ranking