公开(公告)号：US20210382979A1

公开(公告)日：2021-12-09

申请号：US17054197

申请日：2019-02-28

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Richard Alden Bramley, Jr. ,  Dallas M. Barlow ,  Patrick Lee Gibbons ,  Adrian John Baldwin ,  Tevin Jaupaul Richards ,  Robert Stephen Craig ,  Valiuddin Ali ,  Jeffrey Kevin Jeansonne

IPC: G06F21/44 ,  H04L9/14 ,  G06F9/445

Abstract: An example computing device includes a memory accessible at startup of the computing device, a buffer, and a set of instructions. The memory stores a configuration setting that is configurable by the application of a change request. The memory also stores a first public key and a second public key. The buffer stores change requests submitted by a remote entity, including a first change request to make a first setting change and a second change request to make a second setting change. The first change request is signed by a first private key corresponding to the first public key, and the second change request is signed by a second private key corresponding to the second public key. The set of instructions retrieves a change request from the buffer, determines whether the change request is authenticated by a public key, and if authenticated, applies the change request.

公开(公告)号：US12210662B2

公开(公告)日：2025-01-28

申请号：US17286584

申请日：2019-11-26

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Joshua Serratelli Schiffman ,  Boris Balacheff ,  Richard Alden Bramley, Jr. ,  Valiuddin Ali

IPC: H04L9/00 ,  G06F21/44 ,  G06F21/53 ,  G06F21/55 ,  G06F21/78 ,  G06F21/85

Abstract: According to aspect of the disclosure, there are provided methods and apparatus for connecting a peripheral device to a computer system, including an apparatus for interfacing with a peripheral device, the apparatus comprising a port configured to couple to the peripheral device, a processor, a memory coupled to the processor and comprising a software module comprising instructions that when executed on the processor protect the device from a peripheral device coupled to the port, and a hardware security controller coupled to the port, the hardware security controller configured to monitor execution of the software module by the processor and to disable the port in response to determining that the software module is not executing.

公开(公告)号：US20210390216A1

公开(公告)日：2021-12-16

申请号：US17286584

申请日：2019-11-26

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Joshua Serratelli Schiffman ,  Boris Balacheff ,  Richard Alden Bramley, Jr. ,  Valiuddin Ali

IPC: G06F21/85 ,  G06F21/78 ,  G06F21/44 ,  G06F21/55 ,  G06F21/53

Abstract: According to aspect of the disclosure, there are provided methods and apparatus for connecting a peripheral device to a computer system, including an apparatus for interfacing with a peripheral device, the apparatus comprising a port configured to couple to the peripheral device, a processor, a memory coupled to the processor and comprising a software module comprising instructions that when executed on the processor protect the device from a peripheral device coupled to the port, and a hardware security controller coupled to the port, the hardware security controller configured to monitor execution of the software module by the processor and to disable the port in response to determining that the software module is not executing.

公开(公告)号：US11989576B2

公开(公告)日：2024-05-21

申请号：US17411045

申请日：2021-08-24

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Richard Alden Bramley, Jr. ,  Dallas M. Barlow ,  Jeffrey Kevin Jeansonne

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/455 ,  G06F9/45533 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587

Abstract: In some examples, a computing device includes memory including system memory, and a processor in electronic communication with the memory. In some examples, the processor receives a system management interrupt. In some examples, the processor identifies trigger code that triggered the system management interrupt. In some examples, the processor executes code from the system memory when the trigger code is a virtualization program.

公开(公告)号：US11941159B2

公开(公告)日：2024-03-26

申请号：US17341448

申请日：2021-06-08

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Christopher Howard Stewart ,  Jeffrey Kevin Jeansonne ,  Richard Alden Bramley, Jr. ,  Maugan Cedric Villatel

IPC: G06F3/06 ,  G06F21/31 ,  G06F21/57 ,  G06F21/60 ,  G06F21/78 ,  G06F21/86

CPC classification number: G06F21/78 ,  G06F3/0622 ,  G06F3/0629 ,  G06F3/0683 ,  G06F21/31 ,  G06F21/602

Abstract: An example storage medium includes instructions that, when executed, cause a processor of a computing device to read, during start-up of the computing device, first configuration data from a first storage device of the computing device; read second configuration data from a second storage device of the computing device; determine that there is an inconsistency between the first configuration data and the second configuration data; check a tamper status of the computing device; based on the tamper status and the determination that there is an inconsistency between the first configuration data and the second configuration data: (i) clear a secure storage location of the computing device, the secure storage location storing data to access protected data; or (ii) replace the first configuration data on the first storage device of the computing device based on second data and continue the start-up of the computing device.

公开(公告)号：US20240248729A1

公开(公告)日：2024-07-25

申请号：US18560888

申请日：2021-07-16

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Chee Keat Fong ,  Alexander Joseph Pienkawa Rosenbach ,  Valiuddin Ali ,  Jeffrey Kevin Jeansonne ,  Richard Alden Bramley, Jr.

IPC: G06F9/4401

CPC classification number: G06F9/4416

Abstract: According to aspects of the present disclosure, there is provided a non-transitory computer-readable storage medium comprising instructions that when executed cause a processor of a computing device to: send, to a remote device and via a first message queue on a cloud messaging service, a current Basic Input/Output System (BIOS) setting value; receive, from the remote device and via a second message queue on a cloud messaging service, an updated BIOS setting value and a cryptographic value; decrypt an encrypted private key of a public-private key pair stored in a memory of the computing device using the cryptographic value, wherein the public key of the public-private key pair is associated with a BIOS of the computing device; sign the updated BIOS setting value using the decrypted private key; provide the signed BIOS setting value to the BIOS of the computing device.

公开(公告)号：US20240078129A1

公开(公告)日：2024-03-07

申请号：US18262168

申请日：2021-01-29

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Christopher Howard Stewart ,  Richard Alden Bramley, Jr. ,  James Misra McKenzie ,  Krzysztof Tadeusz Uchronski ,  Gianluca Guida ,  Christopher Ian Dalton ,  Jeffrey Kevin Jeansonne

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45583

Abstract: An example non-transitory machine-readable medium includes instructions that cause a processor of a computing device to create a first virtual machine using a hypervisor, execute a trusted basic input/output system (BIOS) in the first virtual machine, create a second virtual machine using the hypervisor, and execute an untrusted BIOS component in the second virtual machine. The first virtual machine is executed with a greater privilege to access a resource of the computing device than the second virtual machine.

公开(公告)号：US11914713B2

公开(公告)日：2024-02-27

申请号：US17052991

申请日：2019-02-28

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Jeffrey Kevin Jeansonne ,  Valiuddin Ali ,  Richard Alden Bramley, Jr. ,  Adrian John Baldwin ,  Joshua Serratelli Schiffman

IPC: G06F21/57 ,  G06F21/36 ,  H04L9/32 ,  H04L9/40

CPC classification number: G06F21/572 ,  G06F21/36 ,  H04L9/3228 ,  H04L9/3247 ,  H04L63/0838 ,  G06F2221/033

Abstract: An example computing device includes a user interface, a network interface, a non-volatile memory, a processor coupled to the user interface, the network interface, and the non-volatile memory, and a set of instructions stored in the non-volatile memory. The set of instructions, when executed by the processor, is to perform a hardware initialization of the computing device according to a setting, establish a local trust domain and a remote trust domain, use a local-access public key to issue a challenge via the user interface to grant local access to the setting, and use a remote-access public key to grant remote access via the network interface to remote access to the setting.

公开(公告)号：US11657138B2

公开(公告)日：2023-05-23

申请号：US17054197

申请日：2019-02-28

Applicant: Hewlett-Packard Development Company, L.P.

Inventor： Richard Alden Bramley, Jr. ,  Dallas M. Barlow ,  Patrick Lee Gibbons ,  Adrian John Baldwin ,  Tevin Jaupaul Richards ,  Robert Stephen Craig ,  Valiuddin Ali ,  Jeffrey Kevin Jeansonne

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/44 ,  G06F9/445 ,  H04L9/14

CPC classification number: G06F21/44 ,  G06F9/44505 ,  H04L9/14

Abstract: An example computing device includes a memory accessible at startup of the computing device, a buffer, and a set of instructions. The memory stores a configuration setting that is configurable by the application of a change request. The memory also stores a first public key and a second public key. The buffer stores change requests submitted by a remote entity, including a first change request to make a first setting change and a second change request to make a second setting change. The first change request is signed by a first private key corresponding to the first public key, and the second change request is signed by a second private key corresponding to the second public key. The set of instructions retrieves a change request from the buffer, determines whether the change request is authenticated by a public key, and if authenticated, applies the change request.

公开(公告)号：US11258607B2

公开(公告)日：2022-02-22

申请号：US16775871

申请日：2020-01-29

Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.

Inventor： Valiuddin Ali ,  Jeffrey Kevin Jeansonne ,  Giridhar Busam ,  Karthick Periyakulam Tharakraj ,  Richard Alden Bramley, Jr.

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: An example computing device includes a memory to store a cryptographic key, a processor coupled to the memory, and a set of instructions stored in the memory. The set of instructions, when executed by the processor, is to capture an encrypted passcode originating from a basic input/output system (BIOS) of a managed device as a challenge to grant local access to the BIOS and authenticate with a server using a user credential. When authentication with the server is successful, the set of instructions is to decrypt the encrypted passcode with the cryptographic key to obtain a decrypted passcode and output the decrypted passcode. When authentication with the server is unsuccessful, the set of instructions is to delete the cryptographic key.