公开(公告)号：US20090323961A1

公开(公告)日：2009-12-31

申请号：US12164663

申请日：2008-06-30

申请人： Nitin Sarangdhar ,  Ned Smith ,  Vincent Von Bokern

发明人： Nitin Sarangdhar ,  Ned Smith ,  Vincent Von Bokern

IPC分类号： H04L9/06 ,  G06F21/00

CPC分类号： H04L9/3234 ,  G06F12/1408 ,  G06F21/72 ,  G06F2212/1052 ,  H04L9/0833 ,  H04L9/0897 ,  H04L9/3226 ,  H04L9/3263 ,  H04L63/0428

摘要： In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.

摘要翻译： 在一个实施例中，提供了一种装置，其可以包括可移除地通信地耦合到至少一个存储装置的集成电路。 该实施例的集成电路可以至少部分地基于第一密钥来加密和/或解密数据，该数据至少部分地存储在和/或分别从至少一个 所述至少一个存储设备的区域。 所述至少一个区域和第二密钥可以至少部分由管理员授权的至少一个访问权限相关联。 至少部分地，第二密钥可以存储在至少一个存储设备的外部。 至少部分地，至少部分地基于涉及第二密钥的至少一个操作可获得第一密钥。 当然，在不脱离本实施例的情况下，许多替代，修改和变化是可能的。

公开(公告)号：US20130124876A1

公开(公告)日：2013-05-16

申请号：US13661654

申请日：2012-10-26

申请人： Nitin Sarangdhar ,  Ned Smith ,  Vincent Von Bokern

发明人： Nitin Sarangdhar ,  Ned Smith ,  Vincent Von Bokern

IPC分类号： G06F12/14

CPC分类号： H04L9/3234 ,  G06F12/1408 ,  G06F21/72 ,  G06F2212/1052 ,  H04L9/0833 ,  H04L9/0897 ,  H04L9/3226 ,  H04L9/3263 ,  H04L63/0428

摘要： In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.

公开(公告)号：US08300825B2

公开(公告)日：2012-10-30

申请号：US12164663

申请日：2008-06-30

申请人： Nitin Sarangdhar ,  Ned Smith ,  Vincent Von Bokern

发明人： Nitin Sarangdhar ,  Ned Smith ,  Vincent Von Bokern

IPC分类号： H04L9/00

CPC分类号： H04L9/3234 ,  G06F12/1408 ,  G06F21/72 ,  G06F2212/1052 ,  H04L9/0833 ,  H04L9/0897 ,  H04L9/3226 ,  H04L9/3263 ,  H04L63/0428

摘要： In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.

摘要翻译： 在一个实施例中，提供了一种装置，其可以包括可移除地通信地耦合到至少一个存储装置的集成电路。 该实施例的集成电路可以至少部分地基于第一密钥来加密和/或解密数据，该数据至少部分地存储在和/或分别从至少一个 所述至少一个存储设备的区域。 所述至少一个区域和第二密钥可以至少部分由管理员授权的至少一个访问权限相关联。 至少部分地，第二密钥可以存储在至少一个存储设备的外部。 至少部分地，至少部分地基于涉及第二密钥的至少一个操作可获得第一密钥。 当然，在不脱离本实施例的情况下，许多替代，修改和变化是可能的。

公开(公告)号：US20090245521A1

公开(公告)日：2009-10-01

申请号：US12059972

申请日：2008-03-31

申请人： Balaji Vembu ,  Nitin Sarangdhar ,  Vedvyas Shanbhogue

发明人： Balaji Vembu ,  Nitin Sarangdhar ,  Vedvyas Shanbhogue

IPC分类号： H04L9/00

CPC分类号： G06F21/606 ,  G06F21/10 ,  G06F21/84 ,  G06F2221/0735

摘要： In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed.

摘要翻译： 在一些实施例中，本发明涉及在计算平台上确保来自恶意软件的敏感数据，更具体地说，涉及利用虚拟化技术和受保护的音频视频路径技术来禁止用户环境直接访问未加密的敏感数据。 在一个实施例中，服务操作系统（SOS）访问在用户环境虚拟机或能力操作系统（COS）中运行的应用所请求的敏感数据。 SOS应用程序在将数据传送到COS之前对敏感数据进行加密，COS会直接向图形引擎发出解密数据，然后在显示器上显示敏感数据。 描述和要求保护其他实施例。

公开(公告)号：US5948088A

公开(公告)日：1999-09-07

申请号：US979740

申请日：1997-11-26

申请人： Nitin Sarangdhar ,  Michael Rhodehamel ,  Matthew Fisch

发明人： Nitin Sarangdhar ,  Michael Rhodehamel ,  Matthew Fisch

IPC分类号： G06F13/38 ,  G06F13/40 ,  G06F13/42 ,  G06F9/38

CPC分类号： G06F13/387 ,  G06F13/4027 ,  G06F13/4217

摘要： Each of a plurality of device or agents connected to a computer system bus is provided with a mechanism for unilaterally and dynamically limiting the depth of a pipeline of the bus. Each agent includes a state machine which indicates whether the bus is in a throttled state, a stalled state or a free state. When in a free state, an agent having control of the bus may transmit any number of bus transactions and the depth of the pipeline may therefore increase. In the throttled state, the agent may transmit only a single bus transaction from the throttled state, the state machine always transitions either to the stalled state or to the free state. In the stalled state, no agents may transmit transactions onto the bus and the depth of the pipeline therefore cannot increase and instead may decrease with time as previously issued transactions are drained from the bus. Wired-OR logic is employed for allowing an agent to transmit a state transition signal to all other agents on the bus changing the state of the various state machines. Only a single state transition signal is required to completely control the state of the state machines. By employing wired-OR logic, any particular agent is capable of switching the state machines into a stalled state to prevent new bus transactions from being issued to the bus. In this manner, each agent is capable of unilaterally restricting or limiting the depth of the pipeline. Hardware or software is provided within each agent to control the state machine in a manner such that all state machines remain synchronized with each indicating the same state at substantially the same time.

摘要翻译： 连接到计算机系统总线的多个设备或代理中的每一个被提供有用于单方面和动态地限制总线管线深度的机构。 每个代理包括状态机，其指示总线是处于节流状态，停止状态还是空闲状态。 当处于空闲状态时，具有总线控制的代理可以发送任何数量的总线事务，并且管道的深度因此可能增加。 在节流状态下，代理可以仅从节流状态传送单个总线事务，状态机总是转换到停止状态或自由状态。 在停滞状态下，没有任何代理可以将事务发送到总线上，因此管道的深度不能增加，而是可以随着时间而减少，因为先前发布的交易从总线中排出。 有线逻辑用于允许代理向总线上的所有其他代理发送状态转换信号，以改变各种状态机的状态。 只需要一个状态转换信号来完全控制状态机的状态。 通过采用有线或逻辑，任何特定的代理能够将状态机切换到停止状态，以防止新总线事务被发送到总线。 以这种方式，每个代理能够单方面限制或限制管道的深度。 在每个代理中提供硬件或软件以以使得所有状态机在基本相同的时间保持与指示相同状态的状态同步的方式来控制状态机。

公开(公告)号：US20090006702A1

公开(公告)日：2009-01-01

申请号：US11768696

申请日：2007-06-26

申请人： Nitin Sarangdhar ,  Balaji Vembu

发明人： Nitin Sarangdhar ,  Balaji Vembu

IPC分类号： G06F13/14

CPC分类号： G06F13/14

摘要： A method and computer readable medium are disclosed. In one embodiment, the method includes enumerating multiple Universal Serial Bus (USB) devices on a computer platform running a multiple virtual machines (VMs). The method also includes assigning each of the USB devices to a VM, wherein each USB device may be assigned to a different VM. The method also includes making each USB device visible only to the VM it is assigned to. The method also includes limiting the bandwidth each of the VMs can schedule its assigned devices within a USB data transfer frame. This will allow all of the VMs to have access to the bandwidth of the frame by avoiding the problem of over-subscription when the schedule is merged.

摘要翻译： 公开了一种方法和计算机可读介质。 在一个实施例中，该方法包括在运行多个虚拟机（VM）的计算机平台上列举多个通用串行总线（USB）设备。 该方法还包括将每个USB设备分配给VM，其中每个USB设备可被分配给不同的VM。 该方法还包括使每个USB设备仅对其被分配给的VM可见。 该方法还包括限制每个VM的带宽可以在USB数据传输帧内调度其分配的设备。 这将允许所有VM通过避免在合并计划时超额订购的问题来访问帧的带宽。

公开(公告)号：US06009477A

公开(公告)日：1999-12-28

申请号：US213098

申请日：1998-12-17

申请人： Nitin Sarangdhar ,  Michael Rhodehamel ,  Matthew Fisch

发明人： Nitin Sarangdhar ,  Michael Rhodehamel ,  Matthew Fisch

IPC分类号： G06F13/38 ,  G06F13/42 ,  G06F3/00

CPC分类号： G06F13/4217 ,  G06F13/387

摘要： Each of a plurality of device or agents connected to a computer system bus is provided with a mechanism for unilaterally and dynamically limiting the depth of a pipeline of the bus. Each agent includes a state machine which indicates whether the bus is in a throttled state, a stalled state or a free state. When in a free state, an agent having control of the bus may transmit any number of bus transactions and the depth of the pipeline may therefore increase. In the throttled state, the agent may transmit only a single bus transaction from the throttled state, the state machine always transitions either to the stalled state or to the free state. In the stalled state, no agents may transmit transactions onto the bus and the depth of the pipeline therefore cannot increase and instead may decrease with time as previously issued transactions are drained from the bus. Wired-OR logic is employed for allowing an agent to transmit a state transition signal to all other agents on the bus changing the state of the various state machines only a single state transition signal is required to completely control the state of the state machines. By employing wired-OR logic, any particular agent is capable of switching the state machines into a stalled state to prevent new bus transactions from being issued to the bus. In this manner, each agent is capable of unilaterally restricting or limiting the depth of the pipeline. Hardware or software is provided within each agent to control the state machine in a manner such that all state machines remain synchronized with each indicating the same state at substantially the same time.

摘要翻译： 连接到计算机系统总线的多个设备或代理中的每一个被提供有用于单方面和动态地限制总线管线深度的机构。 每个代理包括状态机，其指示总线是处于节流状态，停止状态还是空闲状态。 当处于空闲状态时，具有总线控制的代理可以发送任何数量的总线事务，并且管道的深度因此可能增加。 在节流状态下，代理可以仅从节流状态传送单个总线事务，状态机总是转换到停止状态或自由状态。 在停滞状态下，没有任何代理可以将事务发送到总线上，因此管道的深度不能增加，而是可以随着时间而减少，因为先前发布的交易从总线中排出。 有线逻辑用于允许代理向总线上的所有其他代理发送状态转换信号，改变各种状态机的状态，仅需要单个状态转换信号来完全控制状态机的状态。 通过采用有线或逻辑，任何特定的代理能够将状态机切换到停止状态，以防止新总线事务被发送到总线。 以这种方式，每个代理能够单方面限制或限制管道的深度。 在每个代理中提供硬件或软件以以使得所有状态机在基本相同的时间保持与指示相同状态的状态同步的方式来控制状态机。

公开(公告)号：US5724527A

公开(公告)日：1998-03-03

申请号：US579932

申请日：1995-12-28

申请人： Milind Karnik ,  Joseph Batz ,  Keshavan Tiruvallur ,  Andrew Glew ,  Frank Binns ,  Shreekant Thakkar ,  Nitin Sarangdhar

发明人： Milind Karnik ,  Joseph Batz ,  Keshavan Tiruvallur ,  Andrew Glew ,  Frank Binns ,  Shreekant Thakkar ,  Nitin Sarangdhar

IPC分类号： G06F9/445 ,  G06F15/177

CPC分类号： G06F15/177 ,  G06F9/4405

摘要： A multiprocessor computing system includes a serial bus and implements a boot protocol in which each processor compares a vector field of a boot message issued on the serial bus by a first processor with an ID of the processor; a match indicating that the first processor is a bootstrap processor (BSP). The non-BSPs are halted and, after issuing a final message on the bus, the BSP fetches code to start a reset sequence. The BSP then sends a message to wake the non-BSPs, after which time the operating system software is given control. Faulty processors that fail to participate in the boot protocol do not stop the selection of a BSP as long as one processor in the system is functional.

摘要翻译： 多处理器计算系统包括串行总线并实现引导协议，其中每个处理器将由第一处理器在串行总线上发布的引导消息的向量字段与处理器的ID进行比较; 匹配指示第一处理器是引导处理器（BSP）。 非BSP被停止，并且在总线上发出最终消息之后，BSP获取代码以开始重置序列。 然后，BSP发送消息来唤醒非BSP，之后给予操作系统软件的控制。 无法参与引导协议的故障处理器只要系统中的一个处理器正常工作，就不会停止对BSP的选择。

公开(公告)号：US20170177909A1

公开(公告)日：2017-06-22

申请号：US14973271

申请日：2015-12-17

申请人： Nitin Sarangdhar ,  Jonathan Edwards ,  Scott Robinson ,  Karanvir Grewal

发明人： Nitin Sarangdhar ,  Jonathan Edwards ,  Scott Robinson ,  Karanvir Grewal

IPC分类号： G06F21/85 ,  G06F9/44 ,  G06F13/28 ,  G06F12/10 ,  G06F21/53 ,  G06F13/42 ,  G06F13/40 ,  G06F9/455 ,  G06F21/57

CPC分类号： G06F21/85 ,  G06F9/4401 ,  G06F9/45558 ,  G06F12/1081 ,  G06F12/1483 ,  G06F13/28 ,  G06F13/404 ,  G06F13/4282 ,  G06F21/53 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2212/152 ,  G06F2212/656 ,  G06F2213/0024 ,  G06F2213/2806 ,  G06F2221/2149

摘要： A technique allows for protecting a PCI device controller from a PCI BDF masquerade attack from Ring-0 and Ring-3 malware. The technique may use Virtualization technologies to create guest virtual machines that can use a hypervisor to allocate ACPI information from ACPI tables to a secure VM and using extended page tables (EPT) and VT-d policies to protect the MMIO memory range during illegal runtime events.

公开(公告)号：US5901297A

公开(公告)日：1999-05-04

申请号：US974750

申请日：1997-11-19

申请人： Matthew A. Fisch ,  Michael W. Rhodehamel ,  Nitin Sarangdhar

发明人： Matthew A. Fisch ,  Michael W. Rhodehamel ,  Nitin Sarangdhar

IPC分类号： G06F15/00 ,  G06F9/02 ,  G06F13/36 ,  G06F13/362 ,  G06F13/374 ,  G06F15/16

CPC分类号： G06F13/362 ,  G06F13/374

摘要： An initialization mechanism for symmetric arbitration agents ensures that multiple agents on a bus are each initialized with a different arbitration counter value. The arbitration counter of each bus agent is used to keep track of which agent was the last or current owner of the bus and which agent will be the next owner of the bus. All bus agents agree on which agent will be the priority agent at system reset and thus be allowed first ownership of the bus. Each agent's arbitration counter is initialized according to each agent's own agent identification. The arbitration pins of the bus agents are interconnected such that each agent determines for itself a unique agent identification based on which pin of its arbitration pins is active at system reset and the maximum number of bus agents allowed on the bus. After determining its agent identification, each bus agent initializes its arbitration counter such that every agent agrees which agent is the priority agent. Each agent performs this initialization based on its agent identification, the identity of the priority agent, and the maximum number of agents allowed on the bus.

摘要翻译： 对称仲裁代理的初始化机制确保总线上的多个代理各自以不同的仲裁计数器值进行初始化。 每个总线代理人的仲裁柜台用于跟踪哪个代理人是公交车的最后或当前所有者，哪个代理人将是公共汽车的下一个所有者。 所有总线代理商都同意在系统复位时哪个代理将是优先代理，从而允许首先拥有总线。 每个代理的仲裁计数器根据每个代理人的代理身份进行初始化。 总线代理的仲裁引脚相互连接，使得每个代理人自身可以根据其仲裁引脚的哪个引脚在系统复位时被激活，并在总线上允许的总线代理的最大数量来确定唯一的代理识别。 在确定其代理身份后，每个总线代理人初始化其仲裁柜台，以便每个代理商同意哪个代理机构是优先代理。 每个代理根据其代理标识，优先级代理的身份以及总线上允许的代理的最大数量来执行此初始化。