公开(公告)号：US09720868B2

公开(公告)日：2017-08-01

申请号：US14325238

申请日：2014-07-07

Applicant: Xilinx, Inc.

Inventor： Ygal Arbel ,  Sagheer Ahmad ,  Sarosh I. Azad

IPC: G06F13/364 ,  G06F13/40 ,  G06F12/14 ,  G06F21/78 ,  G06F21/85

CPC classification number: G06F13/404 ,  G06F12/1441 ,  G06F12/145 ,  G06F21/78 ,  G06F21/85

Abstract: Approaches for bridging communication between first and second buses are disclosed. Address translation information and associated security indicators are stored in a memory. Each access request from the first bus includes a first requester security indicator and a requested address. Each access request from the first bus and directed to the second bus is either rejected, or translated and communicated to the second bus, based on the requester security indicator and the security indicator associated with the address translation information for the requested address. Each access request from the second bus to the first bus includes the requested address, and the access request is translated and communicated to the first bus along with the security indicator that is associated with the address translation information for the requested address.

公开(公告)号：US09710418B2

公开(公告)日：2017-07-18

申请号：US12355398

申请日：2009-01-16

Applicant: Mukund P. Khatri ,  Kevin T. Marks

Inventor： Mukund P. Khatri ,  Kevin T. Marks

IPC: G06F7/04 ,  G06F13/42 ,  G06F21/85

CPC classification number: G06F13/4282 ,  G06F21/85 ,  G06F2213/0026

Abstract: A system and method for accessing and identifying the security parameters of a device in an information handling system is disclosed. A device in a computer system may operate according to a defined security protocol, and multiple security protocols may exist across the devices of the system. In operation, a configuration capability is defined within the PCI Express communications protocol. This capability includes a capabilities data structure through which parameters concerning the security parameters of the device may be identified and passed to a processor.

公开(公告)号：US09699216B2

公开(公告)日：2017-07-04

申请号：US14967201

申请日：2015-12-11

Applicant: JANUS TECHNOLOGIES, INC.

Inventor： Mikhail Borisov ,  Sofin Raskin ,  Michael Wang ,  Joshua Porten

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/55 ,  G06F21/85

CPC classification number: H04L63/20 ,  G06F21/552 ,  G06F21/85 ,  H04L63/10 ,  H04L67/12 ,  H04L67/125

Abstract: The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.

公开(公告)号：US20170180131A1

公开(公告)日：2017-06-22

申请号：US14971370

申请日：2015-12-16

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R. Sastry ,  Solmaz Ghaznavi ,  Julien Carreno ,  Padraig J. Kearney

IPC: H04L9/32 ,  H04L9/06 ,  H04L29/06

CPC classification number: H04L9/3239 ,  G06F21/75 ,  G06F21/85 ,  G09C1/00 ,  H04L9/0643 ,  H04L63/061 ,  H04L63/123 ,  H04L2209/26

Abstract: System and techniques for secure unlock to access debug hardware are described herein. A cryptographic key may be received at a hardware debug access port of a device. A digest may be computed from the cryptographic key at an unlock unit of the device. A fuse value may be received from a non-volatile read-only storage on the device. The digest and the fuse value may be compared to determine whether they are the same. A pass-fail pulse may be provided that indicates the result of the comparing.

公开(公告)号：US20170177909A1

公开(公告)日：2017-06-22

申请号：US14973271

申请日：2015-12-17

Applicant: Nitin Sarangdhar ,  Jonathan Edwards ,  Scott Robinson ,  Karanvir Grewal

Inventor： Nitin Sarangdhar ,  Jonathan Edwards ,  Scott Robinson ,  Karanvir Grewal

IPC: G06F21/85 ,  G06F9/44 ,  G06F13/28 ,  G06F12/10 ,  G06F21/53 ,  G06F13/42 ,  G06F13/40 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F21/85 ,  G06F9/4401 ,  G06F9/45558 ,  G06F12/1081 ,  G06F12/1483 ,  G06F13/28 ,  G06F13/404 ,  G06F13/4282 ,  G06F21/53 ,  G06F21/575 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2212/152 ,  G06F2212/656 ,  G06F2213/0024 ,  G06F2213/2806 ,  G06F2221/2149

Abstract: A technique allows for protecting a PCI device controller from a PCI BDF masquerade attack from Ring-0 and Ring-3 malware. The technique may use Virtualization technologies to create guest virtual machines that can use a hypervisor to allocate ACPI information from ACPI tables to a secure VM and using extended page tables (EPT) and VT-d policies to protect the MMIO memory range during illegal runtime events.

公开(公告)号：US09684805B2

公开(公告)日：2017-06-20

申请号：US13971582

申请日：2013-08-20

Applicant: JANUS TECHNOLOGIES, INC.

Inventor： Sofin Raskin ,  Michael Wang ,  Joshua Porten ,  Alexander Indenbaum ,  Shaoan Chin

IPC: G06F21/85 ,  H04L29/06 ,  G06F1/16

CPC classification number: G06F21/85 ,  G06F1/1698 ,  H04L63/1433

Abstract: The present invention relates to methods and apparatuses for securing otherwise unsecured internal and external computer communications. According to one aspect, the invention relates to methods and apparatuses for implementing device gatekeeping. According to another aspect the invention relates to methods and apparatuses for encrypting and decrypting data sent over an external or internal interface. According to another aspect, the invention relates to methods and apparatuses for implementing device snooping, in which some or all traffic passing between a host and a connected device is captured into memory and analyzed in real time by system software. In embodiments, the software can also act upon analyzed information. According to certain additional aspects, the security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and/or to the downstream device.

公开(公告)号：US20170168962A1

公开(公告)日：2017-06-15

申请号：US15416430

申请日：2017-01-26

Applicant: Ashish A. PANDYA

Inventor： Ashish A. PANDYA

IPC: G06F12/14 ,  G06F21/85 ,  G06F21/79

CPC classification number: G06F12/1408 ,  G06F3/0622 ,  G06F3/0638 ,  G06F3/0679 ,  G06F17/30985 ,  G06F21/79 ,  G06F21/85 ,  G06F2212/1052 ,  H04L9/0825 ,  H04L63/145

Abstract: Systems comprising a processor and a dynamic random access memory (DRAM). The DRAM comprises a programmable intelligent search memory (PRISM).

公开(公告)号：US20170161523A1

公开(公告)日：2017-06-08

申请号：US15361677

申请日：2016-11-28

Applicant: CANON KABUSHIKI KAISHA

Inventor： Akihiro Matsumoto

IPC: G06F21/70 ,  G06F21/60

CPC classification number: G06F21/70 ,  G06F21/44 ,  G06F21/60 ,  G06F21/78 ,  G06F21/85 ,  G06F2221/2103

Abstract: A functional device which surely prevents tampering performed through an external interface in the functional device comprising an external interface which is accessible to an internal functional component is provided. In the functional device, a coupling controller is provided between an external Flash terminal which is an external interface and an internal Flash memory. The coupling controller physically blocks between the external Flash terminal and the internal Flash memory after a Fuse is disconnected except for a case where a certification result in a REG maintains validity. The certification result is validated only while current is carried.

公开(公告)号：US20170147464A1

公开(公告)日：2017-05-25

申请号：US14946901

申请日：2015-11-20

Applicant: Atmel Corporation

Inventor： Pierre Samat ,  Alain Vergnes ,  Michel Douguet

IPC: G06F11/30 ,  G06F13/40 ,  H04Q11/00

CPC classification number: G06F21/554 ,  G06F11/3051 ,  G06F11/3089 ,  G06F13/4022 ,  G06F21/55 ,  G06F21/606 ,  G06F21/85 ,  H04Q2213/05 ,  H04Q2213/1332

Abstract: A device comprises a detector configured to detect an event, and a selector coupled to the detector and configured to generate a signal in response to a detection of an event by the detector. The signal is operable to select a set of input/output (I/O) parameters from among first and second stored sets of parameters. The device also includes a configuration module coupled to the selector. The configuration module is configured to output the selected set of I/O parameters.

公开(公告)号：US20170132159A1

公开(公告)日：2017-05-11

申请号：US15414887

申请日：2017-01-25

Applicant: DELL PRODUCTS, L.P.

Inventor： ANAND PRAKASH JOSHI ,  RICHARD M. TONRY

IPC: G06F12/14 ,  G06F13/40 ,  G06F21/57 ,  G06F3/06 ,  G06F21/85

CPC classification number: G06F12/1408 ,  G06F3/0623 ,  G06F3/064 ,  G06F3/0659 ,  G06F3/0683 ,  G06F13/4072 ,  G06F21/10 ,  G06F21/575 ,  G06F21/71 ,  G06F21/72 ,  G06F21/78 ,  G06F21/82 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2221/034 ,  H04L9/08 ,  H04L63/0428

Abstract: An information handling system and method performs Unified Extensible Firmware Interface (UEFI) interception and pre-processing of data associated with block input/output (I/O) commands targeting encrypted storage devices. A UEFI interceptor block (IB) I/O driver intercepts each block I/O command targeting block addresses on a storage device and identifies whether any of the target block addresses is encrypted. In response to identifying an encrypted block address among the target block addresses, the UEFI IB I/O driver forwards data associated with the encrypted block address to an encryption-decryption module to perform one of an encryption and a decryption of the data. Final handling of the block I/O command is performed using a block I/O driver chained to the UEFI IB I/O driver. Data associated with I/O commands targeting encrypted block addresses is first processed by the encryption-decryption module before final handling of the I/O command is performed by the block I/O driver.