-
1.发明申请METHOD AND SYSTEM FOR ENTERPRISE NETWORK SINGLE-SIGN-ON BY A MANAGEABILITY ENGINE 有权用于企业网络的方法和系统由可管理性引擎单点登录公开(公告)号:US20150095638A1
公开(公告)日:2015-04-02
申请号:US14508494
申请日:2014-10-07
申请人: Ned M. Smith , Purushottam Goel
发明人: Ned M. Smith , Purushottam Goel
CPC分类号: G06F21/335 , G06F21/31 , G06F21/33 , G06F21/41 , G06F21/575 , G06F21/72 , G06F21/80 , G06F2221/034 , G06F2221/2103 , G09G2358/00 , H04L9/0822 , H04L9/083 , H04L9/3213 , H04L63/0807 , H04L63/0815
摘要: A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.
摘要翻译: 可管理性引擎(ME)在预引导认证期间从用户接收认证响应,并向用户注册密钥分配中心(KDC),指示用户已成功认证到PC。 KDC以密钥加密密钥(KEK)的形式向ME提供单点登录凭证。 PC随后可以使用KEK来获取用于建立对企业服务器的安全访问的证书。
-
公开(公告)号:US20130179693A1
公开(公告)日:2013-07-11
申请号:US13782484
申请日:2013-03-01
IPC分类号: G06F21/44
CPC分类号: G06F21/554 , G06F21/44 , G06F21/57 , G06F21/64
摘要: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.
-
3.发明申请Providing Integrity Verification And Attestation In A Hidden Execution Environment 有权在隐藏的执行环境中提供完整性验证和证明公开(公告)号:US20110145598A1
公开(公告)日:2011-06-16
申请号:US12639616
申请日:2009-12-16
CPC分类号: G06F21/554 , G06F21/44 , G06F21/57 , G06F21/64
摘要: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,处理器包括微代码存储器,其包括处理器指令,用于创建和执行在系统软件不可见的隐藏环境中执行的隐藏资源管理器(HRM)。 处理器还可以包括扩展寄存器,用于存储包括隐藏环境的至少一个内核代码模块的测量值和至少一个内核代码模块的验证状态的安全信息。 描述和要求保护其他实施例。
-
公开(公告)号:US08850543B2
公开(公告)日:2014-09-30
申请号:US13726140
申请日:2012-12-23
CPC分类号: G06F21/44 , G06F17/3033 , G06F21/305 , H04L9/0877 , H04L9/3226 , H04L9/3234 , H04L63/0876 , H04L63/102 , H04L63/107 , H04L63/20
摘要: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.
摘要翻译: 识别计算设备参与与特定域的安全会话的机会。 接收特定域的域标识符,并且使用计算设备的安全微控制器来识别存储在计算设备的安全存储器中的计算设备的安全的持久硬件标识符。 基于特定域的硬件标识符和域标识符,导出计算设备和特定域的配对的安全标识符,并且安全标识符通过安全信道发送到特定域。 特定域可以从安全标识符中验证计算设备的身份,并且至少部分地基于安全标识符将安全策略应用于涉及计算设备和特定域的事务。
-
公开(公告)号:US20090165099A1
公开(公告)日:2009-06-25
申请号:US11963062
申请日:2007-12-21
申请人: Avigdor Eldar , Howard C. Herbert , Purushottam Goel , Uri Blumenthal , David Hines , Carey Smith
发明人: Avigdor Eldar , Howard C. Herbert , Purushottam Goel , Uri Blumenthal , David Hines , Carey Smith
IPC分类号: G06F21/00
CPC分类号: H04L41/0869 , H04L41/046 , H04L41/0806
摘要: Active management technology (AMT) may be provisioned in a client device automatically, which may provide a secure connection between the provisioning server and the client device. The client device comprising the active management technology may support zero-touch provisioning and one-touch provisioning.
摘要翻译: 主动管理技术(AMT)可以自动地在客户端设备中提供,这可以在配置服务器和客户端设备之间提供安全的连接。 包括主动管理技术的客户端设备可以支持零接触供应和一键供应。
-
公开(公告)号:US20190318097A1
公开(公告)日:2019-10-17
申请号:US16457184
申请日:2019-06-28
申请人: Aditya Katragada , Prashant Dewan , Karunakara Kotary , Vinupama Godavarthi , Kumar Dwarakanath , Alex Izbinsky , Purushottam Goel
发明人: Aditya Katragada , Prashant Dewan , Karunakara Kotary , Vinupama Godavarthi , Kumar Dwarakanath , Alex Izbinsky , Purushottam Goel
摘要: There is disclosed in one example, a system-on-a-chip (SoC), including: a processor core; a fabric; an intellectual property (IP) block communicatively coupled to the processor core via the fabric, the IP block having a microcontroller configured to provide a microcontroller architecture; a firmware load interface configured to provide a standardized hardware interface to the microcontroller architecture, wherein the standardized hardware interface provides an architecture-agnostic mechanism to securely load a firmware to the intellectual property block; and logic to provide a loader to load a firmware to the IP block via the firmware load interface.
-
公开(公告)号:US09367328B2
公开(公告)日:2016-06-14
申请号:US13536859
申请日:2012-06-28
申请人: Daniel Nemiroff , Paul J. Thadikaran , Andrew H. Gafken , Purushottam Goel , Nicholas D. Triantafillou , Paritosh Saxena , Debra Cablao
发明人: Daniel Nemiroff , Paul J. Thadikaran , Andrew H. Gafken , Purushottam Goel , Nicholas D. Triantafillou , Paritosh Saxena , Debra Cablao
CPC分类号: G06F21/577 , G06F9/4401 , G06F21/554 , G06F21/561 , G06F21/575 , G06F21/6218 , G06F21/64 , G06F2221/033 , H04L9/3247
摘要: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.
摘要翻译: 描述用于主机OS组件的带外验证的技术和系统的实施例。 在实施例中,带外主机OS引导序列验证系统(“BSVS”)可以在主机OS进程或“带外”检测的情况下访问系统存储器.BSVS可以访问系统存储器中的主机OS组件 并且可以从主机OS组件的内存覆盖区生成签名。 然后可以将这些签名与可信签名进行比较以验证主机OS组件的完整性。 在实施例中,可以在主机OS的引导期间或者根据需要执行该验证。 在实施例中,信任签名可以在引导之前被BSVS预先存储; 在一些实施例中,可信任签名可以被预先计算,然后由BSVS存储。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20140181893A1
公开(公告)日:2014-06-26
申请号:US13726148
申请日:2012-12-23
IPC分类号: H04L29/06
CPC分类号: H04L63/0838 , G06F21/305 , G06F21/44 , H04L9/0877 , H04L9/3226 , H04L9/3234 , H04L63/0876 , H04L63/102 , H04L63/20 , H04L67/141
摘要: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier.
摘要翻译: 识别计算设备参与与特定域的安全会话的机会。 计算设备的安全微控制器用于识别对应于特定域并且存储在计算设备的安全存储器中的安全的持久种子。 基于种子导出安全标识符,并将其发送供特定域使用,以将计算设备认证到用于安全会话的特定域。 所述特定域可以至少部分地基于所述安全标识符来进一步对涉及所述计算设备和特定域的事务应用安全策略。
-
公开(公告)号:US20140096231A1
公开(公告)日:2014-04-03
申请号:US13629881
申请日:2012-09-28
申请人: Ned Smith , Purushottam Goel , Victoria Moore
发明人: Ned Smith , Purushottam Goel , Victoria Moore
CPC分类号: G06F21/82 , G06F21/00 , G06F21/35 , G06F21/604 , G06F2221/2137
摘要: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.
摘要翻译: 系统和方法可以提供实现一个或多个设备锁定过程以阻止对设备的访问。 在一个示例中,该方法可以包括接收用户不再存在的指示,启动定时机制以设置周期以发出第一设备锁定指令以锁定外围设备,将定时信息从定时机制中继到控制器 与外围设备相关的模块; 并且在所述周期期满时锁定所述外围设备。
-
公开(公告)号:US08510569B2
公开(公告)日:2013-08-13
申请号:US12639616
申请日:2009-12-16
申请人: Ned Smith , Vedvyas Shanbhogue , Arvind Kumar , Purushottam Goel
发明人: Ned Smith , Vedvyas Shanbhogue , Arvind Kumar , Purushottam Goel
CPC分类号: G06F21/554 , G06F21/44 , G06F21/57 , G06F21/64
摘要: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.025 秒)
