公开(公告)号：US12130932B2

公开(公告)日：2024-10-29

申请号：US17381456

申请日：2021-07-21

申请人： Dell Products, L.P.

发明人： Chandrasekhar Mugunda ,  Rama Rao Bisa ,  Viswanath Ponnuru ,  Dharma Bhushan Ramaiah ,  Shinose Abdul Rahiman ,  Vineeth Radhakrishnan ,  Chitrak Gupta

IPC分类号： G06F21/60 ,  G06F9/4401 ,  G06F13/40 ,  G06F13/42 ,  G06F21/85

CPC分类号： G06F21/606 ,  G06F9/4401 ,  G06F13/4031 ,  G06F13/405 ,  G06F13/4282 ,  G06F21/85 ,  G06F2213/0016 ,  G06F2221/2125

摘要： According to one embodiment, a path obfuscation system includes first and second hardware devices, and first and second interfaces configured to provide communication between the first and second hardware devices using a security protocol and data model (SPDM) protocol. The first hardware device comprises computer-executable instructions to receive a message to be transmitted to the second hardware device, segment the message into multiple groups of packets, and randomly select either the first or second interface to transmit each group of packet to the second hardware device.

公开(公告)号：US12118132B2

公开(公告)日：2024-10-15

申请号：US17266369

申请日：2019-08-06

申请人： CRYPTOGRAPHY RESEARCH, INC.

发明人： Scott Best

IPC分类号： G06F21/85 ,  G06F7/58 ,  G06F11/10 ,  G06F21/45 ,  G06F21/72

CPC分类号： G06F21/85 ,  G06F7/588 ,  G06F11/1004 ,  G06F21/45 ,  G06F21/72

摘要： A first address bus may be located in an upper layer of an integrated circuit that is associated with a memory and a memory controller. The first address bus may receive a first portion of a memory address. A second address bus may be located in a lower layer of the integrated circuit where the second address bus is to receive a second portion of the memory address. Furthermore, a data bus may be located in an intermediate layer where the data bus is to receive data corresponding to the memory address from the memory and may transmit the data to the memory controller. The intermediate layer may be between the upper layer and the lower layer. A layout of the signals of the data bus may vertically overlap with a layout of signals of the first address bus and a layout of signals of the second address bus.

公开(公告)号：US20240320380A1

公开(公告)日：2024-09-26

申请号：US18678110

申请日：2024-05-30

申请人： BEIJING BEYONDINFO TECHNOLOGY CO., LTD.

发明人： Hao Zhang ,  Hua Du ,  Zhenhe Cai

IPC分类号： G06F21/85

CPC分类号： G06F21/85

摘要： The disclosure relates to a method for controlling access of a USB device, the method is applied to a USB access control device which is connected with a protected device through interfaces. In this way, the data of the protected device can be protected through the USB access control device which is externally connected to the protected equipment. The data security of the protected device can be ensured without installing security protection software. The USB access control device can determine whether to turn on the switch in the USB access control device according to the descriptor/descriptors of the USB device. If each one of the descriptors of the USB device is the same as that in the registration information of the USB device, the switch in the USB access control device is turn on, so that the USB device can communicate with the protected device.

公开(公告)号：US20240320379A1

公开(公告)日：2024-09-26

申请号：US18678108

申请日：2024-05-30

申请人： BEIJING BEYONDINFO TECHNOLOGY CO., LTD.

发明人： Hao Zhang ,  Hua Du ,  Zhenhe Cai

IPC分类号： G06F21/85 ,  G06F13/42

CPC分类号： G06F21/85 ,  G06F13/4282 ,  G06F2213/0042

摘要： The disclosure relates to a method for controlling the communication between USB device and protected device, which is applied to USB access control device, and the USB access control device is connected with the protected device through an interface or interfaces. In this way, the data of the protected device can be protected through the USB access control device externally connected to the protected device, so that the data leakage in the protected device can be effectively prevented, and the data of the protected device can be ensured without installing security protection software on the protected device.

公开(公告)号：US12101293B2

公开(公告)日：2024-09-24

申请号：US17392497

申请日：2021-08-03

申请人： Texas Instruments Incorporated

发明人： Amritpal Singh Mundra ,  Chunhua Hu

IPC分类号： H04L29/06 ,  G06F21/71 ,  G06F21/76 ,  G06F21/85 ,  H04L9/40

CPC分类号： H04L63/0218 ,  G06F21/71 ,  G06F21/76 ,  G06F21/85 ,  H04L63/0227

摘要： In described examples, a system on a chip (SoC) and method for sending messages in the SoC include determining locations of initiator-side firewall block and receiver-side firewall block memories using respective pointers to the firewall block memories stored in a single, contiguous memory. Addresses of the pointers within the single memory depend on respective unique firewall identifiers of the firewall blocks. An exclusive security configuration controller uses the pointers to configure the firewall blocks over a security bus which is electrically isolated from a system bus. The system bus is used to send messages from sending functional blocks to receiving functional blocks. The initiator-side firewall block adds a message identifier to messages. The message identifier depends on the initiator-side firewall block's configuration settings. The receiver-side firewall block controls permission for the receiving functional block to access the message, depending on the message identifier and the receiver-side firewall block's configuration settings.

公开(公告)号：US12099602B2

公开(公告)日：2024-09-24

申请号：US17728619

申请日：2022-04-25

申请人： Huawei Technologies Co., Ltd.

发明人： Igor Stoppa ,  Jan-Erik Ekberg ,  Santeri Salko

IPC分类号： G06F21/55 ,  G06F13/24 ,  G06F13/40 ,  G06F21/85

CPC分类号： G06F21/556 ,  G06F13/24 ,  G06F13/4068 ,  G06F21/554 ,  G06F21/85

摘要： A device includes a non-maskable interrupt (NMI) signal path, a processor, and a peripheral component. The peripheral component may comprise secret data, such as a secret key. The processor may perform a preconfigured NMI interrupt service routine (ISR), in response to detecting a preconfigured signal in the NMI signal path. Access to at least a part of the peripheral component may be enabled in response to detecting the preconfigured signal in the NMI signal path. Thus, the processor may be able to access the secret data, for example, when the processor is running the NMI ISR.

公开(公告)号：US20240303381A1

公开(公告)日：2024-09-12

申请号：US18181721

申请日：2023-03-10

申请人： Dell Products, L.P.

发明人： Viswanath Ponnuru ,  Chandrashekar Nelogal ,  Dharma Bhushan Ramaiah ,  Vineeth Radhakrishnan ,  Mini Thottunkal Thankappan ,  Rama Rao Bisa ,  Shinose Abdul Rahiman

IPC分类号： G06F21/85 ,  G06F13/40 ,  G06F13/42

CPC分类号： G06F21/85 ,  G06F13/4027 ,  G06F13/4282

摘要： According to embodiments of the present disclosure, systems and methods to manage Security Protocol and Data Model (SPDM) secure communication sessions are provided. According to one embodiment, an Information Handling System (IHS) includes a Security Protocol and Data Model (SPDM)-enabled device conforming to a SPDM specification in which the SPDM-enabled device has a specified quantity of supported private communication sessions. The IHS also includes computer-executable instructions to, when an application requests use of one of the private communication sessions, determine whether one of the private communication sessions is available, and enable the application to communicate with the SPDM-enabled device through the one private communication session based on the determination.

公开(公告)号：US12079379B2

公开(公告)日：2024-09-03

申请号：US17111007

申请日：2020-12-03

申请人： HUAWEI TECHNOLOGIES CO., LTD.

发明人： Denis Remezov ,  Yin Tan ,  Jingshun Chen

IPC分类号： G06F21/85 ,  G06F12/10 ,  G06F12/14 ,  G06F13/28 ,  G06F13/40 ,  G06F13/42 ,  G06F21/44

CPC分类号： G06F21/85 ,  G06F12/10 ,  G06F12/14 ,  G06F13/28 ,  G06F13/4027 ,  G06F13/4282 ,  G06F21/44 ,  G06F2212/1052 ,  G06F2213/0026

摘要： The disclosed systems, structures, and methods are directed to a computer system including a PCIe protection controller as a part of a PCIe root complex that includes at least one root port. Each root port is configured to optionally connect to at least one endpoint device, and each endpoint device is designated as a secure endpoint device or a nonsecure endpoint device. The PCIe protection controller is configured to control outbound traffic to protect secure endpoint devices from access from any nonsecure components of the computer system. The PCIe protection controller may be further configured to control inbound traffic to prevent access to secure memory by nonsecure endpoint devices. The PCIe protection controller may be dynamically configured at runtime to designate endpoint devices as either secure or nonsecure.

公开(公告)号：US12056266B2

公开(公告)日：2024-08-06

申请号：US17654113

申请日：2022-03-09

申请人： Google LLC

发明人： Osman Koyuncu ,  William Alexander Drewry

IPC分类号： G06F21/62 ,  G06F12/14 ,  G06F21/60 ,  G06F21/72 ,  G06F21/73 ,  G06F21/78 ,  G06F21/85 ,  H04L9/14 ,  G06F21/79

CPC分类号： G06F21/85 ,  G06F12/1408 ,  G06F12/1441 ,  G06F21/602 ,  G06F21/72 ,  G06F21/73 ,  H04L9/14 ,  G06F2212/1052 ,  G06F2212/402

摘要： Methods and systems are described that secure application data being maintained in transient data buffers that are located in a memory that is freely accessible to other components, regardless as to whether those components have permission to access the application data. The system includes an application processor, a memory having a portion configured as a transient data buffer, a hardware unit, and a secure processor. The hardware unit accesses the transient data buffer during execution of an application at the application processor. The secure processor is configured to manage encryption of the transient data buffer as part of giving the hardware unit access to the transient data buffer.

公开(公告)号：US12050722B2

公开(公告)日：2024-07-30

申请号：US18461867

申请日：2023-09-06

申请人： Intel Corporation

发明人： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC分类号： G06F21/85 ,  G06F9/30 ,  G06F9/38 ,  G06F9/50 ,  G06F11/07 ,  G06F11/30 ,  G06F15/177 ,  G06F15/78 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  H04L9/40 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F111/04 ,  G06F119/12 ,  G06N3/08 ,  G06N20/00 ,  H04L9/00

CPC分类号： G06F21/85 ,  G06F9/30101 ,  G06F9/3877 ,  G06F9/505 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0754 ,  G06F11/0793 ,  G06F11/3058 ,  G06F15/177 ,  G06F15/7825 ,  G06F15/7867 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0772 ,  G06F11/3051 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F2111/04 ,  G06F2119/12 ,  G06F2221/034 ,  G06N3/08 ,  G06N20/00 ,  H04L9/008 ,  H04L9/0841

摘要： An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.