公开(公告)号：US20240241944A1

公开(公告)日：2024-07-18

申请号：US18619826

申请日：2024-03-28

申请人： Ned M. Smith ,  Kshitij Arun Doshi ,  Adrian Hoban ,  Eric W. Multanen ,  Malini Bhandaru ,  Sunil Cheruvu ,  Thijs Metsch ,  Manjunath Ranganathaiah ,  Anahit Tarkhanyan ,  Sharad Mishra ,  Igor Duarte Cardoso ,  Todd Malsbary ,  Bruno Vavala ,  Adarsh Chittilapplly ,  Subin John ,  Alpesh Ramesh Rodage

发明人： Ned M. Smith ,  Kshitij Arun Doshi ,  Adrian Hoban ,  Eric W. Multanen ,  Malini Bhandaru ,  Sunil Cheruvu ,  Thijs Metsch ,  Manjunath Ranganathaiah ,  Anahit Tarkhanyan ,  Sharad Mishra ,  Igor Duarte Cardoso ,  Todd Malsbary ,  Bruno Vavala ,  Adarsh Chittilapplly ,  Subin John ,  Alpesh Ramesh Rodage

IPC分类号： G06F21/54

CPC分类号： G06F21/54 ,  G06F2221/033

摘要： Various systems and methods are described for implementing security intents for the execution of workloads in cloud-to-edge (C2E) and cloud-native execution environments. An example technique for implementing security intents for a workload on a computing node of a cluster includes: identifying a workload for execution on the computing node; identifying security intents that define levels of respective security requirements for the execution of the workload on the computing node; adapting an execution environment of the computing node, based on the identified security intents; and controlling the execution of the workload within the execution environment, based on the identified security intents, to dynamically monitor and adapt to changing security conditions during the execution of the workload.

公开(公告)号：US20240259465A1

公开(公告)日：2024-08-01

申请号：US18619949

申请日：2024-03-28

申请人： Igor Duarte Cardoso ,  Todd Malsbary ,  Eric W. Multanen ,  Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam

发明人： Igor Duarte Cardoso ,  Todd Malsbary ,  Eric W. Multanen ,  Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam

IPC分类号： H04L67/10 ,  G06F11/30 ,  G06F21/57

CPC分类号： H04L67/10 ,  G06F11/3006 ,  G06F21/577

摘要： Various systems and methods for providing intent-based workload orchestration described herein. A data center system may include a plurality of compute nodes and an orchestration node. The orchestration node may be configured to identify a workload for execution on the plurality of compute nodes; identify intents that define requirements for the execution of the workload on the plurality of compute nodes; monitor the execution of the workload to produce monitoring data; and control the execution of the workload based on the intents and the monitoring data, to dynamically adapt to changed conditions during the execution of the workload.

公开(公告)号：US20240022609A1

公开(公告)日：2024-01-18

申请号：US18373059

申请日：2023-09-26

申请人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Malini Bhandaru ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam ,  Bruno Vavala ,  Vidya Ranganathan

发明人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Malini Bhandaru ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam ,  Bruno Vavala ,  Vidya Ranganathan

IPC分类号： H04L9/40 ,  G06F9/50

CPC分类号： H04L63/20 ,  G06F9/5088

摘要： Various systems and methods are described for implementing cloud-to-edge (C2E) security are disclosed, including systems and methods for the execution of various workloads that are distributed among multiple edge computing nodes. An example technique for managing distributed workloads includes: identifying characteristics of a distributed workload from an execution of the distributed workload, for a distributed workload that is partitioned among multiple computing nodes; evaluating a trust status of the distributed workload in response to a change in the execution of the distributed workload, including verifying resources to execute the distributed workload and verifying security policies associated with the resources; and controlling the execution of the distributed workload among the multiple computing nodes, based on the characteristics and the evaluated trust status.

公开(公告)号：US20240244088A1

公开(公告)日：2024-07-18

申请号：US18622080

申请日：2024-03-29

申请人： Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： H04L9/40 ,  G06F9/50

CPC分类号： H04L63/20 ,  G06F9/5083 ,  H04L63/083

摘要： Various systems and methods for providing cloud-to-edge workload orchestration described herein. A computing node is configured to receive a distributed workload configuration including security intents; decompose, based on the distributed workload configuration, a workload into a plurality of sub-workloads; identify an infrastructure resource of the plurality of compute nodes to execute a sub-workload of the plurality of sub-workloads; determine that an operating environment of the infrastructure resource satisfies the security intents; bind the sub-workload to the infrastructure resource, wherein the binding produces a token that is presented by the sub-workload to the infrastructure resource, and wherein the token is used to ensure trust among framework layers; and deploy the sub-workload to the infrastructure resource.

公开(公告)号：US20240243924A1

公开(公告)日：2024-07-18

申请号：US18622200

申请日：2024-03-29

申请人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： H04L9/32

CPC分类号： H04L9/3247

摘要： Various systems and methods are described for implementing attestation microservices and an attestation microservice mesh for cloud-to-edge (C2E) and cloud-native deployments are disclosed. An example method performed by a computing node for coordinating attestation with a distributed workload includes: generating, with an attestation service, first attestation information to provide attestation of a resource at the computing node; generating, with the attestation service, second attestation information to provide attestation of a microservice at the computing node, with the microservice to use the resource at the computing node; generating, with the attestation service, third attestation information to provide attestation of a distributed workload, with the distributed workload to execute the microservice at the computing node; and outputting an attestation result for the distributed workload, based on the first attestation information, the second attestation information, and the third attestation information.

公开(公告)号：US20240205023A1

公开(公告)日：2024-06-20

申请号：US18587632

申请日：2024-02-26

申请人： Anahit Tarkhanyan ,  Ned M. Smith ,  Lawrence A. Booth, JR. ,  Periyakaruppan Kalaiyappan ,  Sunil Cheruvu

发明人： Anahit Tarkhanyan ,  Ned M. Smith ,  Lawrence A. Booth, JR. ,  Periyakaruppan Kalaiyappan ,  Sunil Cheruvu

IPC分类号： H04L9/32

CPC分类号： H04L9/3247

摘要： Various systems and methods for managing data provenance are described herein. A networked computing device is configured to receive, from an edge node, a first data and a first data provenance capsule for the first data; process the first data using a data transformation function to produce second data; generate a second data provenance capsule for the second data; bind the second data provenance capsule to the second data with a digital signature, the digital signature using the first data provenance capsule as an ingredient of the digital signature; and transmit the second data and the second data provenance capsule to a destination node.

公开(公告)号：US20230342478A1

公开(公告)日：2023-10-26

申请号：US18217341

申请日：2023-06-30

申请人： Vidya Ranganathan ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Vidya Ranganathan ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： G06F21/57 ,  G06F9/455

CPC分类号： G06F21/577 ,  G06F9/45558 ,  G06F2009/4557

摘要： Various systems and methods are described for implementing attestation operations. A computing device includes a processor; and memory to store instructions, which when executed by the processor, cause the computing device to: receive a workload from a source computing device over a network shared with the computing device; determine whether the workload has valid attestation; establish attestation for the workload when the workload does not have valid attestation; determine whether the attestation is compliant with a policy; and execute the workload when the attestation is compliant with the policy.

公开(公告)号：US20100037323A1

公开(公告)日：2010-02-11

申请号：US12538040

申请日：2009-08-07

申请人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

摘要翻译： 确保客户端的技术。 当诸如便携式计算机的客户端经历操作状态的改变时，操作系统代理向服务器发送状态消息。 状态消息描述客户端操作状态的变化。 操作系统代理是在客户机的操作系统中执行的一个或多个软件模块。 客户端从服务器收到策略消息。 策略消息包含一个BIOS代理存储在客户端的BIOS中的策略数据。 策略数据标识客户端应遵循的一个或多个安全策略。

公开(公告)号：US20100037291A1

公开(公告)日：2010-02-11

申请号：US12538044

申请日：2009-08-07

申请人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F21/20

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.

摘要翻译： 确保客户端的技术。 操作系统代理是在诸如便携式计算机的客户端的操作系统中执行的一个或多个软件模块。 操作系统代理的部分可以监视客户端的资源。 操作系统代理向BIOS代理发送一条描述操作系统代理的操作状态的消息。 BIOS代理是在客户端的BIOS中操作的一个或多个软件模块。 BIOS代理根据存储在客户端的BIOS内的策略数据描述的策略来执行动作。 响应于（a）消息描述的操作状态或（b）BIOS代理在预期的时间段之后未接收到消息的情况下，BIOS代理执行动作。

公开(公告)号：US08332953B2

公开(公告)日：2012-12-11

申请号：US12538040

申请日：2009-08-07

申请人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

发明人： Jacques Lemieux ,  Anahit Tarkhanyan ,  Ravi Gupta ,  Gaurav Banga

IPC分类号： G06F7/04

CPC分类号： G06F21/57 ,  G06F21/88

摘要： Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

摘要翻译： 确保客户端的技术。 当诸如便携式计算机的客户端经历操作状态的改变时，操作系统代理向服务器发送状态消息。 状态消息描述客户端操作状态的变化。 操作系统代理是在客户机的操作系统中执行的一个或多个软件模块。 客户端从服务器收到策略消息。 策略消息包含一个BIOS代理存储在客户端的BIOS中的策略数据。 策略数据标识客户端应遵循的一个或多个安全策略。