-
1.发明申请公开(公告)号:US20220206943A1
公开(公告)日:2022-06-30
申请号:US17137666
申请日:2020-12-30
IPC分类号: G06F12/0802 , G06F9/30
摘要: A method, system and apparatus for protecting against out-of-bounds references, including storing an address of a buffer in a general register and storing bounds information (BI) for the buffer in a bounds information register, and when a content of the general register is used as an address in a load or store operation, using a content of the bounds information register to determine if the load or store is out of bounds.
-
公开(公告)号:US11068607B2
公开(公告)日:2021-07-20
申请号:US15917622
申请日:2018-03-10
发明人: Richard H. Boivie , Jonathan D. Bradbury , William E. Hall , Guerney D. H. Hunt , Jentje Leenstra , Jeb R. Linton , James A. O'Connor, Jr. , Elaine R. Palmer , Dimitrios Pendarakis
摘要: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.
-
公开(公告)号:US20210110040A1
公开(公告)日:2021-04-15
申请号:US16601633
申请日:2019-10-15
摘要: In an approach to protecting against out-of-bounds buffer references, an apparatus comprises one or more processor cores and a bounds-checking functional unit in each processor core configured to manage bounds information for one or more memory buffers. When a buffer is allocated, an address range of the buffer is stored. When a pointer is assigned an address within the address range of the buffer, the address range of the buffer is associated with the pointer. When the pointer is used to compute an address for an operation, whether the address for the operation is within the address range associated with the pointer is determined. If the address is not within the address range associated with the pointer, signaling that an error has occurred.
-
公开(公告)号:US10901918B2
公开(公告)日:2021-01-26
申请号:US16204661
申请日:2018-11-29
发明人: HariGovind V. Ramasamy , Eugen Schenfeld , Valentina Salapura , John A. Bivens , Yaoping Ruan , Min Li , Ashish Kundu , Ruchi Mahindru , Richard H. Boivie
摘要: Server resources in a data center are disaggregated into shared server resource pools, which include a pool of secure processors. Advantageously, servers are constructed dynamically, on-demand and based on a tenant's workload requirements, by allocating from these resource pools. According to this disclosure, secure processor modules for new servers are allocated to provide security for data-in-use (and data-at-rest) in a dynamic fashion so that virtual and non-virtual capacity can be adjusted in the disaggregate compute system without any downtime, e.g., based on workload security requirements and data sensitivity characteristics. The approach herein optimizes an overall utilization of an available secure processors resource pool in the disaggregated environment. The resulting disaggregate compute system that is configured according to the approach cryptographically-protects workload data whenever it is outside the CPU chip.
-
公开(公告)号:US10523640B2
公开(公告)日:2019-12-31
申请号:US16212095
申请日:2018-12-06
发明人: Richard H. Boivie , Alyson Comer , John C. Dayka , Donna N. Dillenberger , Kenneth A. Goldman , Mohit Kapur , Dimitrios Pendarakis , James A. Ruddy , Peter G. Sutton , Enriquillo Valdez
摘要: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
-
公开(公告)号:US09819653B2
公开(公告)日:2017-11-14
申请号:US14865761
申请日:2015-09-25
CPC分类号: H04L63/0428 , G06F11/0709 , G06F11/0793 , H04L9/006 , H04L9/30 , H04L9/3263 , H04L63/06 , H04L63/10 , H04L2209/24
摘要: A computer-implemented method, system, and/or computer program product protects access to resources through use of a secure processor. A resource server receives an encrypted request from a requesting computer for access to a requested resource within the resource server. The requested resource is physically within an isolation area in the resource server that is initially communicatively protected from a network that connects the requesting computer to the resource server. The resource server establishes a communication session between a first secure processor in the resource server and a second processor in the requesting computer to provide secure communication between the requesting computer and the requested resource.
-
公开(公告)号:US20170134402A1
公开(公告)日:2017-05-11
申请号:US14933960
申请日:2015-11-05
发明人: Richard H. Boivie
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/53 , G06F21/577 , G06F2221/2119 , H04L63/06 , H04L63/08 , H04L63/0876 , H04L63/1483 , H04L63/20
摘要: Protection from malware download is provided. A first input is received to access one of an email attachment or a web site link using an application. A newly generated secure virtual machine is obtained from one of a network server or a cloud computing service. The one of the email attachment or the web site link is sent to the newly generated secure virtual machine for processing.
-
公开(公告)号:US09516021B2
公开(公告)日:2016-12-06
申请号:US14945485
申请日:2015-11-19
IPC分类号: G06F12/00 , G11C7/00 , H04L29/06 , G06F21/32 , G06K19/06 , G06F21/62 , G06F21/34 , G06F15/16 , G06F12/14
CPC分类号: H04L63/0853 , G06F21/32 , G06F21/34 , G06F21/6218 , G06F2221/2111 , G06K19/06037 , G06K19/06112 , H04L63/0861
摘要: A smart card includes a processing circuit, a memory that contains a protected object, an activity detector that receives a signal that describes a planned activity of a person who is in physical possession of the smart card, and an activity analyzer that evaluates features of the planned activity. In response to the activity analyzer determining that a predefined risk associated with the planned activity exceeds a predetermined value, the activity analyzer issues an instruction to a user to provide a biomarker to a biosensor. A blending logic blends real-time biometric data with a security object to generate a hybrid security object. A conversion logic uses the hybrid security object to convert a protected object into a usable object that can be utilized by the processing circuit within the smart card. A matrix barcode generator generates a matrix barcode that contains information about the user of the smart card.
摘要翻译: 智能卡包括处理电路,包含受保护对象的存储器,接收描述物理拥有智能卡的人的计划活动的信号的活动检测器以及评估所述智能卡的特征的活动分析器 计划活动。 响应于活动分析器确定与计划活动相关联的预定风险超过预定值,活动分析器向用户发出指令以向生物传感器提供生物标志物。 混合逻辑将实时生物特征数据与安全对象混合以生成混合安全对象。 转换逻辑使用混合安全对象将受保护对象转换成可由智能卡内的处理电路利用的可用对象。 矩阵条形码生成器生成包含关于智能卡的用户的信息的矩阵条形码。
-
公开(公告)号:US20150074392A1
公开(公告)日:2015-03-12
申请号:US14024665
申请日:2013-09-12
发明人: Richard H. Boivie , Alyson Comer , John C. Dayka , Donna N. Dillenberger , Kenneth A. Goldman , Mohit Kapur , Dimitrios Pendarakis , James A. Ruddy , Peter G. Sutton , Enriquillo Valdez
IPC分类号: G06F21/62
CPC分类号: H04L63/0428 , G06F21/602 , G06F21/6227 , G06F21/6245 , H04L63/0414 , H04L63/0485
摘要: A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.
摘要翻译: 提供了一种用于保护敏感信息的安全处理环境的处理器实现方法。 处理器实现的方法可以包括接收加密的数据并将加密的数据路由到安全处理环境。 然后可以解密加密的数据,并且可以找到包含敏感信息的字段。 该方法还可以包括对敏感信息进行模糊处理,并由安全处理环境返回解密数据和混淆数据。
-
10.发明授权公开(公告)号:US11966331B2
公开(公告)日:2024-04-23
申请号:US17137666
申请日:2020-12-30
IPC分类号: G06F12/08 , G06F9/30 , G06F12/0802
CPC分类号: G06F12/0802 , G06F9/3001 , G06F2212/1021
摘要: A method, system and apparatus for protecting against out-of-bounds references, including storing an address of a buffer in a general register and storing bounds information (BI) for the buffer in a bounds information register, and when a content of the general register is used as an address in a load or store operation, using a content of the bounds information register to determine if the load or store is out of bounds.
-
-
-
-
-
-
-
-
-
搜索结果
59 条记录 (耗时 0.031 秒)
