公开(公告)号：US20050135351A1

公开(公告)日：2005-06-23

申请号：US10740647

申请日：2003-12-18

申请人： Pankaj Parmar ,  David Durham

发明人： Pankaj Parmar ,  David Durham

IPC分类号： G06F17/30 ,  H04L12/56 ,  H04L29/06 ,  H04L12/28

CPC分类号： H04L69/161 ,  H04L45/742 ,  H04L47/10 ,  H04L47/2441 ,  H04L49/205 ,  H04L69/22

摘要： An apparatus and method includes grouping filters to form a tree according to a bitmask. The bitmask includes entries indicating whether a value is assigned to an element of a filter. The method also includes receiving a packet that includes a particular bitmask, searching the tree to determine filters associated with the particular bitmask and the associated values, and returning a set of filters that are an intersection of the filters indicated by the associated values.

摘要翻译： 一种装置和方法包括根据位掩码对滤波器进行分组以形成树。 位掩码包括指示是否将值分配给过滤器的元素的条目。 该方法还包括接收包括特定位掩码的分组，搜索该树以确定与特定位掩码和相关联的值相关联的过滤器，以及返回一组滤波器，该滤波器是由相关联的值指示的滤波器的相交。

公开(公告)号：US20050114549A1

公开(公告)日：2005-05-26

申请号：US10723052

申请日：2003-11-26

申请人： David Durham ,  Pankaj Parmar

发明人： David Durham ,  Pankaj Parmar

IPC分类号： G06F15/16

CPC分类号： G06F9/544 ,  G06F9/545

摘要： An extensible definition of data exchanged between logical layered components of different platform hardware interfaces for management, configuration, and alerts and systems and methods for using same is disclosed. One embodiment is a mechanism for self-describing hardware and firmware components. An embodiment of the present invention is a system and method relating to a binary data definition and generic parser mechanism which allows efficient and runtime extensible definition of data exchanged between logical layered components of different platform hardware interfaces for management/configuration/alerting as well as providing generic basic input-output system (“BIOS”) and firmware data formats.

摘要翻译： 公开了用于管理，配置和警报的不同平台硬件接口的逻辑分层组件之间交换的数据的可扩展定义以及用于其的系统和方法。 一个实施例是用于自描述硬件和固件组件的机制。 本发明的一个实施例是涉及二进制数据定义和通用解析器机制的系统和方法，其允许在不同平台硬件接口的逻辑分层组件之间交换的数据的高效和运行时可扩展定义用于管理/配置/警报，以及提供 通用基本输入输出系统（“BIOS”）和固件数据格式。

公开(公告)号：US20150205732A1

公开(公告)日：2015-07-23

申请号：US14449467

申请日：2014-08-01

申请人： Uday SAVAGAONKAR ,  Ravi Sahita ,  David Durham ,  Men Long

发明人： Uday SAVAGAONKAR ,  Ravi Sahita ,  David Durham ,  Men Long

IPC分类号： G06F12/14

CPC分类号： G06F12/1408 ,  G06F12/1441 ,  G06F2212/1052

摘要： Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.

摘要翻译： 公开了系统，装置和方法，并且用于无缝地保护存储器区域以防止基于硬件的攻击。 在一个实施例中，一种装置包括解码器，控制逻辑和加密逻辑。 解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。 控制逻辑是将事务从存储器映射的输入/输出空间重定向到系统存储器。 密码逻辑是对数据进行交易操作。

公开(公告)号：US08839450B2

公开(公告)日：2014-09-16

申请号：US11833073

申请日：2007-08-02

申请人： David Durham ,  Hormuzd Khosravi ,  Uri Blumenthal ,  Men Long

发明人： David Durham ,  Hormuzd Khosravi ,  Uri Blumenthal ,  Men Long

IPC分类号： G06F12/14 ,  G06F17/30

CPC分类号： G06F21/6209 ,  G06F12/1408 ,  G06F12/1466 ,  G06F12/1475 ,  G06F21/52 ,  G06F21/53

摘要： Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

摘要翻译： 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置，物品，方法和系统的实施例。 一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制存储器区域，以便仅通过特定认证的，授权的和已验证的软件组件进行访问，即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。

公开(公告)号：US08826035B2

公开(公告)日：2014-09-02

申请号：US12646028

申请日：2009-12-23

申请人： David Durham ,  Men Long ,  Uday Savagaonkar

发明人： David Durham ,  Men Long ,  Uday Savagaonkar

IPC分类号： G06F21/00

CPC分类号： G06F21/79 ,  G06F21/72

摘要： In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed.

摘要翻译： 通常，在一个方面，本公开描述了包括密码引擎和第一和第二寄存器的过程。 加密引擎是对要写入存储器的数据进行加密，解密从存储器读取的数据，生成读取完整性检查值（ICV），并为存储器访问写入ICV。 密码引擎还通过分别用当前读取的MAC和当前的写入ICV异或生成的读取ICV和产生的写ICV来创建累积读取ICV和累积写入ICV，并通过比较累积读取ICV和 累积写ICV。 第一和第二寄存器分别在处理器处存储累积读和写ICV。 描述和要求保护其他实施例。

公开(公告)号：US20140245230A1

公开(公告)日：2014-08-28

申请号：US13996088

申请日：2011-12-27

申请人： Lenitra M. Durham ,  David Durham ,  Sangita Sharma

发明人： Lenitra M. Durham ,  David Durham ,  Sangita Sharma

IPC分类号： G06F3/0481 ,  G06F3/0486 ,  G06F3/0484

CPC分类号： G06F3/04815 ,  G06F3/017 ,  G06F3/0425 ,  G06F3/04842 ,  G06F3/0486

摘要： Systems and methods may provide for displaying a three-dimensional (3D) environment on a screen of a mobile device, and identifying a user interaction with an area behind the mobile device. In addition, the 3D environment can be modified based at least in part on the first user interaction. Moreover, the 3D environment may be modified based on movements of the mobile device as well as user interactions with the mobile device, allowing the user to navigate through the virtual 3D environment by moving the mobile/handheld device.

摘要翻译： 系统和方法可以提供在移动设备的屏幕上显示三维（3D）环境，并且识别与移动设备后面区域的用户交互。 另外，可以至少部分地基于第一用户交互来修改3D环境。 此外，可以基于移动设备的移动以及用户与移动设备的交互来修改3D环境，从而允许用户通过移动移动/手持设备在虚拟3D环境中导航。

公开(公告)号：US08799673B2

公开(公告)日：2014-08-05

申请号：US12651432

申请日：2009-12-31

申请人： Uday R. Savagaonkar ,  Ravi Sahita ,  David Durham ,  Men Long

发明人： Uday R. Savagaonkar ,  Ravi Sahita ,  David Durham ,  Men Long

IPC分类号： H04L29/06

CPC分类号： G06F12/1408 ,  G06F12/1441 ,  G06F2212/1052

摘要： Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.

摘要翻译： 公开了系统，装置和方法，并且用于无缝地保护存储器区域以防止基于硬件的攻击。 在一个实施例中，一种装置包括解码器，控制逻辑和加密逻辑。 解码器是对处理器和存储器映射的输入/输出空间之间的事务进行解码。 控制逻辑是将事务从内存映射的输入/输出空间重定向到系统内存。 密码逻辑是对数据进行交易操作。

公开(公告)号：US08671439B2

公开(公告)日：2014-03-11

申请号：US12460736

申请日：2009-07-23

申请人： David Durham ,  Ravi Sahita ,  Karanvir Grewal ,  Ned Smith ,  Kapil Sood

发明人： David Durham ,  Ravi Sahita ,  Karanvir Grewal ,  Ned Smith ,  Kapil Sood

IPC分类号： G06F21/00

CPC分类号： H04L63/10 ,  G06F2221/2141 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0209 ,  H04L63/08 ,  H04L63/20

摘要： Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

摘要翻译： 允许固件代理在主机平台上作为防篡改代理操作的体系结构和技术，可在主机平台上用作受信任的策略执行点（PEP），即使主机操作系统受到威胁也可执行策略。 PEP可用于在主机平台上打开访问控制和/或修复通道。 固件代理还可以根据授权的企业PDP实体在主机平台上作为本地策略决策点（PDP），通过在主机信任代理不响应时提供策略，并且当主机信任时可以用作被动代理 代理功能。

公开(公告)号：US20140068704A1

公开(公告)日：2014-03-06

申请号：US13863168

申请日：2013-04-15

申请人： Karanvir S. Grewal ,  Ravi L. Sahita ,  David Durham

发明人： Karanvir S. Grewal ,  Ravi L. Sahita ,  David Durham

IPC分类号： H04L29/06

CPC分类号： H04L63/0428 ,  G06F21/52 ,  G06F21/53 ,  G06F21/606 ,  G06F21/78 ,  G06F21/85

摘要： One particular example implementation of an apparatus for mitigating unauthorized access to data traffic, comprises: an operating system stack to allocate unprotected kernel transfer buffers; a hypervisor to allocate protected memory data buffers, where data is to be stored in the protected memory data buffers before being copied to the unprotected kernel transfer buffers; and an encoder module to encrypt the data stored in the protected memory data buffers, where the unprotected kernel transfer buffers receive a copy the encrypted data.

摘要翻译： 用于减轻对数据业务的未经授权访问的装置的一个特定示例实现包括：操作系统栈以分配未受保护的内核传送缓冲器; 分配受保护的存储器数据缓冲器的管理程序，其中数据将被存储在受保护的存储器数据缓冲器中，然后被复制到未受保护的内核传送缓冲器; 以及编码器模块，用于加密存储在受保护的存储器数据缓冲器中的数据，其中未受保护的内核传送缓冲器接收到加密数据的副本。

公开(公告)号：US08584204B2

公开(公告)日：2013-11-12

申请号：US12460736

申请日：2009-07-23

申请人： David Durham ,  Ravi Sahita ,  Karanvir Grewal ,  Ned Smith ,  Kapil Sood

发明人： David Durham ,  Ravi Sahita ,  Karanvir Grewal ,  Ned Smith ,  Kapil Sood

IPC分类号： G06F21/00

摘要： Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.