公开(公告)号：WO2013141838A1

公开(公告)日：2013-09-26

申请号：PCT/US2012/029656

申请日：2012-03-19

Applicant: INTEL CORPORATION ,  THADIKARAN, Paul ,  TRIANTAFILLOU, Nicholas D ,  SAXENA, Paritosh

Inventor： THADIKARAN, Paul ,  TRIANTAFILLOU, Nicholas D ,  SAXENA, Paritosh

IPC: G06F21/22 ,  G06F9/30 ,  G06F13/14

CPC classification number: G06F21/62 ,  G06F9/30178 ,  G06F13/14 ,  G06F21/56 ,  G06F21/606 ,  G06F21/80 ,  G06F2221/2107

Abstract: Disclosed is a system and method for extending anti-malware protection to systems having multiple storage devices, such as RAID. In embodiments, a trusted connection may be established between a host and a controller of the multiple storage devices. The trusted connection may use various information encryption techniques to undermine attempts by malware to preserve malware-infected locations on the storage devices by redirecting anti-malware protection related operations by the host. Through an encrypted and trusted connection between the host and a controller of the multiple storage devices, anti-virus and/or anti-malware software (hereinafter, AVS) may transmit encrypted anti-malware protection related operations to the controller of the multiple storage devices, overcoming detection and/or diversion by the malware. Other embodiments may be described and claimed.

Abstract translation: 公开了一种将反恶意软件保护扩展到具有诸如RAID的多个存储设备的系统的系统和方法。 在实施例中，可以在主机和多个存储设备的控制器之间建立可信连接。 可信连接可以使用各种信息加密技术来破坏恶意软件的尝试，以通过重定向主机的反恶意软件保护相关操作来保存存储设备上的恶意软件感染位置。 通过主机与多个存储设备的控制器之间的加密和信任的连接，防病毒和/或反恶意软件软件（以下称为AVS）可以向多个存储设备的控制器发送加密的反恶意软件保护相关操作 ，克服恶意软件的检测和/或转移。 可以描述和要求保护其他实施例。

公开(公告)号：WO2013095573A1

公开(公告)日：2013-06-27

申请号：PCT/US2011/067032

申请日：2011-12-22

Applicant: INTEL CORPORATION ,  TRIANTAFILLOU, Nicholas D. ,  BRADFIELD, Terry Ryun ,  SAXENA, Paritosh ,  THADIKARAN, Paul J. ,  NOVICK, David Owen

Inventor： TRIANTAFILLOU, Nicholas D. ,  BRADFIELD, Terry Ryun ,  SAXENA, Paritosh ,  THADIKARAN, Paul J. ,  NOVICK, David Owen

IPC: G06F21/20 ,  G06F21/22

CPC classification number: H04L63/08 ,  G06F21/12 ,  G06F21/56 ,  G06F21/606 ,  G06F21/78 ,  H04L2463/101

Abstract: Embodiments of systems, apparatuses, and methods to enable a value-added storage service of a storage system coupled to a client are described. In some embodiments, a system establishes a secure root of trust for the client. In addition, the system establishes a secure tunnel between an application of the client and a storage system of the client. Furthermore, the system securely downloads a license for the value-added storage service to the storage system and provides the license from the storage system to an application via the secure tunnel.

Abstract translation: 描述了实现耦合到客户机的存储系统的增值存储服务的系统，装置和方法的实施例。 在一些实施例中，系统为客户端建立安全的信任根。 此外，该系统在客户端的应用程序和客户机的存储系统之间建立安全通道。 此外，系统安全地向存储系统下载增值存储服务的许可证，并通过安全隧道将许可从存储系统提供给应用。

公开(公告)号：WO2015088548A1

公开(公告)日：2015-06-18

申请号：PCT/US2013/074913

申请日：2013-12-13

Applicant: INTEL CORPORATION ,  TRIANTAFILLOU, Nicholas, D. ,  KEAFFABER, Todd, A. ,  KAVAS, Shai, Skavas

Inventor： TRIANTAFILLOU, Nicholas, D. ,  KEAFFABER, Todd, A. ,  KAVAS, Shai, Skavas

IPC: H04B13/00 ,  H04B17/00 ,  H04K1/00

CPC classification number: H04B13/005 ,  H04B13/00 ,  H04K1/00 ,  H04L63/0861 ,  H04W12/06 ,  H04W76/11 ,  H04W84/18

Abstract: Various embodiments are generally directed to techniques to form and maintain secure communications among two or more body-carried devices disposed in close proximity to the body of a person to form a body area network (BAN). An apparatus to establish secure communications includes a processor component; a signal component for execution by the processor component to compare a signal characteristic of a security test signal to a known signal characteristic of the security test signal to derive a bioelectric characteristic, the security test signal received via a tissue; and a bioelectric component for execution by the processor component to determine whether to allow transmission of data through the tissue based on the bioelectric characteristic. Other embodiments are described and claimed.

Abstract translation: 各种实施例通常涉及用于在靠近人体设置的两个或多个身体携带设备之间形成和维护安全通信以形成身体区域网络（BAN）的技术。 一种用于建立安全通信的装置包括处理器组件; 用于由处理器组件执行以将安全测试信号的信号特性与安全测试信号的已知信号特征进行比较以获得生物电特性的信号分量，经由组织接收的安全测试信号; 以及用于由处理器部件执行以确定是否允许基于生物电特性传输通过组织的数据的生物电组件。 描述和要求保护其他实施例。

公开(公告)号：WO2013095572A1

公开(公告)日：2013-06-27

申请号：PCT/US2011/067029

申请日：2011-12-22

Applicant: INTEL CORPORATION ,  THADIKARAN, Paul J. ,  TRIANTAFILLOU, Nicholas D. ,  BOWEN, Thomas R. ,  SAXENA, Paritosh

Inventor： THADIKARAN, Paul J. ,  TRIANTAFILLOU, Nicholas D. ,  BOWEN, Thomas R. ,  SAXENA, Paritosh

IPC: G06F21/20 ,  G06F21/24

CPC classification number: G06F21/56 ,  G06F21/554 ,  G06F21/566 ,  H04L63/145

Abstract: Embodiments of systems, apparatuses, and methods to protect data stored in a storage system of a device from malware alternation are described. In some embodiments, a system receives an indication that the data is to be protected. In addition, the system further triggers an interrupt of the device and secures the data from the malware alternation.

Abstract translation: 描述了保护存储在设备的存储系统中的数据免受恶意软件交替的系统，设备和方法的实施例。 在一些实施例中，系统接收到要保护数据的指示。 此外，系统进一步触发设备的中断，并保护数据免受恶意软件的交替。

公开(公告)号：WO2013095571A1

公开(公告)日：2013-06-27

申请号：PCT/US2011/067026

申请日：2011-12-22

Applicant: INTEL CORPORATION ,  SAXENA, Paritosh ,  MANGOLD, Richard Paul ,  THADIKARAN, Paul J. ,  TRIANTAFILLOU, Nicholas D. ,  WRIGHT, Adam Greer ,  SHOLAR, Janet Yabeny ,  BOWEN, Thomas R. ,  NEPOMUCENO, Reginald D.

Inventor： SAXENA, Paritosh ,  MANGOLD, Richard Paul ,  THADIKARAN, Paul J. ,  TRIANTAFILLOU, Nicholas D. ,  WRIGHT, Adam Greer ,  SHOLAR, Janet Yabeny ,  BOWEN, Thomas R. ,  NEPOMUCENO, Reginald D.

IPC: G06F21/22 ,  G06F13/14 ,  G06F13/38 ,  G06F12/00

CPC classification number: H04L63/029 ,  G06F21/53 ,  G06F21/57 ,  G06F21/572 ,  G06F21/80

Abstract: Embodiments of systems, apparatuses, and methods for securely transferring data between a storage system and an agent are described. In some embodiments, a system establishes a tunnel between the storage system and the agent. The system further securely transfers the data between the storage system and the agent using the tunnel. In one embodiment, the tunnel uses an action and results mailbox to transfer the data. In another embodiment, the tunnel is based on a trusted send facility.

Abstract translation: 描述了用于在存储系统和代理之间安全地传送数据的系统，装置和方法的实施例。 在一些实施例中，系统在存储系统和代理之间建立隧道。 该系统使用隧道进一步安全地在存储系统和代理之间传输数据。 在一个实施例中，隧道使用动作和结果邮箱传送数据。 在另一个实施例中，隧道基于可信任的发送设施。

公开(公告)号：WO2013095566A1

公开(公告)日：2013-06-27

申请号：PCT/US2011/067016

申请日：2011-12-22

Applicant: INTEL CORPORATION ,  THADIKARAN, Paul, J. ,  TRIANTAFILLOU, Nicholas, D. ,  SAXENA, Paritosh

Inventor： THADIKARAN, Paul, J. ,  TRIANTAFILLOU, Nicholas, D. ,  SAXENA, Paritosh

IPC: G06F13/14 ,  G06F12/00

CPC classification number: G06F17/30082 ,  G06F3/062 ,  G06F3/0643 ,  G06F3/0673 ,  G06F21/562 ,  G06F21/80

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

Abstract translation: 描述用于提供对存储设备上的主机文件系统的认知的系统和方法。 在一个实施例中，存储设备包括主机接口和文件感知块。 主机接口提供主机和存储设备之间的接口。 文件感知块提供主机文件系统对存储设备的意识。

公开(公告)号：WO2012082413A1

公开(公告)日：2012-06-21

申请号：PCT/US2011/063175

申请日：2011-12-02

Applicant: INTEL CORPORATION ,  SAXENA, Paritosh ,  TRIANTAFILLOU, Nicholas D. ,  THADIKARAN, Paul J. ,  SCOTT-NASH, Mark E. ,  TRIKA, Sanjeev N. ,  KADAM, Akshay ,  VAIDYANATHAN, Karthikeyan ,  MANGOLD, Richard

Inventor： SAXENA, Paritosh ,  TRIANTAFILLOU, Nicholas D. ,  THADIKARAN, Paul J. ,  SCOTT-NASH, Mark E. ,  TRIKA, Sanjeev N. ,  KADAM, Akshay ,  VAIDYANATHAN, Karthikeyan ,  MANGOLD, Richard

IPC: G06F21/20 ,  G06F9/44

CPC classification number: G06F21/79 ,  G06F21/31 ,  G06F21/57 ,  G06F21/575 ,  G06F21/78 ,  G06F2221/2101 ,  G06F2221/2127

Abstract: An anti-malware approach uses a storage drive with the capability to lock selected memory areas. Platform assets such as OS objects are stored in the locked areas and thus, unauthorized changes to them may not be made by an anti-malware entity.

Abstract translation: 反恶意软件方法使用具有锁定所选存储区域的能力的存储驱动器。 诸如OS对象的平台资产存储在锁定区域中，因此，未经反恶意软件实体的更改不会对其进行未经授权的更改。

公开(公告)号：WO2013048492A1

公开(公告)日：2013-04-04

申请号：PCT/US2011/054420

申请日：2011-09-30

Applicant: INTEL CORPORATION ,  THADIKARAN, Paul, J. ,  TRIANTAFILLOU, Nicholas, D. ,  SAXENA, Paritosh

Inventor： THADIKARAN, Paul, J. ,  TRIANTAFILLOU, Nicholas, D. ,  SAXENA, Paritosh

IPC: G06F21/22 ,  G06F21/20 ,  G06F9/44

CPC classification number: G06F21/56 ,  G06F21/44 ,  G06F21/567

Abstract: A mechanism is described for facilitating a secure environment and acceleration of software applications according to one embodiment of the invention. A method of embodiments of the invention includes initiating a software application session at a computing device. The software application session includes an anti- virus/anti-malware software-based scanning session, and the scanning session includes scanning of a plurality of locations of a storage subsystem of the computing device. The method may further include accelerating the initiated session by performing session tasks relating to the initiated session without having to rely on an operating system of the computing device.

Abstract translation: 描述了根据本发明的一个实施例的用于促进软件应用的安全环境和加速的机制。 本发明的实施例的方法包括在计算设备处发起软件应用会话。 软件应用会话包括基于反病毒/反恶意软件的基于扫描的扫描会话，扫描会话包括扫描计算设备的存储子系统的多个位置。 该方法还可以包括通过执行与发起的会话相关的会话任务来加速发起的会话，而不必依赖于计算设备的操作系统。

公开(公告)号：WO2012064539A1

公开(公告)日：2012-05-18

申请号：PCT/US2011/058533

申请日：2011-10-31

Applicant: INTEL CORPORATION ,  TRIANTAFILLOU, Nicholas D. ,  SAXENA, Paritosh ,  STRONG, Robert W. ,  HEILER, Richard J. ,  TAMIR, Eliezer ,  BEN-MICHAEL, Simoni ,  STEWART, Brad W. ,  KADAM, Akshay ,  LONG, Men ,  DOYLE, James T. ,  KHOSRAVI, Hormuzd M. ,  MOSUR, Lokpraveen B. ,  PULLIN, Edward J. ,  SCHMITZ, Paul S. ,  BARRETT, Carol L. ,  THADIKARAN, Paul J.

Inventor： TRIANTAFILLOU, Nicholas D. ,  SAXENA, Paritosh ,  STRONG, Robert W. ,  HEILER, Richard J. ,  TAMIR, Eliezer ,  BEN-MICHAEL, Simoni ,  STEWART, Brad W. ,  KADAM, Akshay ,  LONG, Men ,  DOYLE, James T. ,  KHOSRAVI, Hormuzd M. ,  MOSUR, Lokpraveen B. ,  PULLIN, Edward J. ,  SCHMITZ, Paul S. ,  BARRETT, Carol L. ,  THADIKARAN, Paul J.

IPC: G06F21/20 ,  G06F12/14

CPC classification number: G06F21/566

Abstract: Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non- volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device.

Abstract translation: 用于数据存储设备本地实现安全管理功能的技术。 在一个实施例中，数据存储设备的安全管理过程是确定对数据存储设备的非易失性介质的访问是否被授权。 在某些实施例中，数据存储设备限制对非易失性存储介质的安全区域的访问，该安全区域存储由数据存储设备的安全管理过程使用和/或生成的信息。

公开(公告)号：WO2014062178A1

公开(公告)日：2014-04-24

申请号：PCT/US2012/060629

申请日：2012-10-17

Applicant: INTEL CORPORATION ,  NEMIROFF, Daniel ,  THADIKARAN, Paul J. ,  SAXENA, Paritosh ,  TRIANTAFILLOU, Nicholas D. ,  GAFKEN, Andrew H.

Inventor： NEMIROFF, Daniel ,  THADIKARAN, Paul J. ,  SAXENA, Paritosh ,  TRIANTAFILLOU, Nicholas D. ,  GAFKEN, Andrew H.

IPC: G06F21/22

CPC classification number: G06F21/55 ,  G06F21/554 ,  G06F21/568 ,  G06F21/78

Abstract: An embodiment may include a storage processor that may be comprised, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute at least one host operating system (OS). The storage processor may execute at least one operation in isolation from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may facilitate, at least in part: (1) prevention, at least in part, of unauthorized access to storage, (2) prevention, at least in part, of execution by the at least one host CPU of at least one unauthorized instruction, (3) detection, at least in part, of the at least one unauthorized instruction, and/or (4) remediation, at least in part, of at least one condition associated, at least in part, with the at least unauthorized instruction.

Abstract translation: 一个实施例可以包括可以至少部分地包括在主机中的存储处理器。 主机可以包括至少一个主机中央处理单元（CPU），以执行至少一个主机操作系统（OS）。 存储处理器可以与至少一个主机CPU和至少一个主机OS的干扰和控制隔离起来执行至少一个操作。 所述至少一个操作可以至少部分地促进：（1）至少部分地防止非法访问存储，（2）至少部分地防止所述至少一个主机CPU执行 至少一个未经授权的指令，（3）至少部分地至少检测至少一个未经授权的指令，和/或（4）至少部分地至少部分地与 至少未经授权的指令。