公开(公告)号：US11636209B2

公开(公告)日：2023-04-25

申请号：US17464832

申请日：2021-09-02

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/56 ,  G06F21/44 ,  G06F21/57 ,  G06F21/53

Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.

公开(公告)号：US11138315B2

公开(公告)日：2021-10-05

申请号：US15873419

申请日：2018-01-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/56 ,  G06F21/44 ,  G06F21/57 ,  G06F21/53

Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.

公开(公告)号：US10853090B2

公开(公告)日：2020-12-01

申请号：US15876370

申请日：2018-01-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards ,  Guilherme de Campos Magalhaes

IPC: G06F9/445 ,  G06F9/30 ,  G06F21/57 ,  H04L29/08 ,  G06F21/44

Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.

公开(公告)号：US10776493B2

公开(公告)日：2020-09-15

申请号：US16159365

申请日：2018-10-12

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Thomas M. Laffey ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/32 ,  G06F1/24

Abstract: Secure management of computing code is provided herein. The computing code corresponds to computing programs including firmware and software that are stored in the memory of a computing device. When a processor attempts to read or execute computing code, a security controller measures that code and/or corresponding program, thereby generating a security measurement value. The security controller uses the security measurement value to manage access to the memory. The security measurement value can be analyzed together with integrity values of the computing programs, which are calculated while holding the reset of the processor. The integrity values indicate the validity or identity of the stored computing programs, and provide a reference point with which computing programs being read or executed can be compared. The security controller can manage access to memory based on the security measurement value by hiding or exposing portions of the memory to the processor.

公开(公告)号：US11886593B2

公开(公告)日：2024-01-30

申请号：US18168430

申请日：2023-02-13

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/06

CPC classification number: G06F21/572 ,  H04L9/0643 ,  G06F2221/033

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

公开(公告)号：US11604881B2

公开(公告)日：2023-03-14

申请号：US17242904

申请日：2021-04-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/06

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

公开(公告)号：US20220179959A1

公开(公告)日：2022-06-09

申请号：US17113161

申请日：2020-12-07

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Francisco Plinio Oliveira Silveira ,  Nigel John Edwards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Guilherme de Campos Magalhaes ,  Leandro Augusto Penna dos Santos ,  Rodrigo Jose da Rosa Antunes

IPC: G06F21/57

Abstract: A process includes, in a computer system, acquiring a first measurement that corresponds to a software container. Acquiring the measurement includes a hardware processor of the computer system measuring a given layer of a plurality of layers of layered file system structure corresponding to the software container. The given layer includes a plurality of files, and the first measurement includes a measurement of the plurality of files. The process includes storing the first measurement in a secure memory of the computer system. A content of the secure memory is used to verify an integrity of the software container.

公开(公告)号：US11334670B2

公开(公告)日：2022-05-17

申请号：US16774467

申请日：2020-01-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Sidnei Roberto Selzler Franco ,  Ludovic Emmanuel Paul Noel Jacquin ,  Jonathan Meller ,  Guilherme De Campos Magalhaes

IPC: G06F21/56 ,  G06F11/34 ,  G06F9/455

Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.

公开(公告)号：US20210067520A1

公开(公告)日：2021-03-04

申请号：US16552357

申请日：2019-08-27

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Yongqi Wang ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/56

Abstract: A method includes providing, by a first electronic device, a first request to a second electronic device for the second electronic device to provide data to the first electronic device representing content that is stored in a security component of the second electronic device. The first electronic device receives the response from the second electronic device to the first request and, in response thereto, the first electronic device stores data in the first electronic device representing content that is stored in a security component of the second electronic device. The method includes performing cross-attestation. Performing the cross-attestation includes, in response to an attestation request that is provided by a verifier to the first electronic device, the first electronic device providing to the verifier data representing content that is stored in the security component of the first electronic device and data representing the content stored in the security component of the second electronic device.

公开(公告)号：US20200293652A1

公开(公告)日：2020-09-17

申请号：US16299258

申请日：2019-03-12

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Yongqi Wang ,  Ludovic Emmanuel Paul Noel Jacquin ,  Nigel Edwards

IPC: G06F21/55

Abstract: Systems and methods for multi-dimensional attestation are provided. One method for multi-dimensional attestation includes upon occurrence of a triggering event, taking triggered measurements of a platform, the platform including a security co-processor and a volatile memory; extending a platform configuration register of the volatile memory to include the triggered measurements; taking snapshots of the platform configuration register over time; storing the snapshots in a snapshot memory; and upon request, sending the triggered measurements and the snapshots to a verifier for detection of potential attacks.