专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20170187752A1 Remote attestation and enforcement of hardware security policy 审中-公开
公开(公告)号：US20170187752A1
公开(公告)日：2017-06-29
申请号：US14998084
申请日：2015-12-24
申请人： Steffen Schulz , Manoj R. Sastry , Li Zhao , Patrick Koeberl
发明人： Steffen Schulz , Manoj R. Sastry , Li Zhao , Patrick Koeberl
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , H04L63/0263
摘要： Systems, apparatuses and methods may provide for changing the execution mode of a device based on policy enforcement request that is received when the device is located proximately to a specific area. The policy enforcement request is verified with respect to a System on Chip (SoC) platform. An enforcement manager of the SoC platform may enforce the received policy enforcement request if verification is successful, and an attestation controller may report the enforced policy request and a status of the platform to an external device from which the policy request originates.

2. 发明申请

US20180183603A1 REMOTE ATTESTATION WITH HASH-BASED SIGNATURES 审中-公开
公开(公告)号：US20180183603A1
公开(公告)日：2018-06-28
申请号：US15392266
申请日：2016-12-28
申请人： Xiruo Liu , Rafael Misoczki , Manoj R. Sastry , Santosh Ghosh , Li Zhao
发明人： Xiruo Liu , Rafael Misoczki , Manoj R. Sastry , Santosh Ghosh , Li Zhao
IPC分类号： H04L9/32 , H04L9/06 , H04L9/14 , H04L9/30
CPC分类号： H04L9/3247 , H04L9/0643 , H04L9/14 , H04L9/30 , H04L9/3236 , H04L2209/80
摘要： An attestation protocol between a prover device (P), a verifier device (V), and a trusted third-party device (TTP). P and TTP have a first trust relationship represented by a first cryptographic representation based on a one-or-few-times, hash-based, signature key. V sends an attestation request to P, with the attestation request including a second cryptographic representation of a second trust relationship between V and TTP. In response to the attestation request, P sends a validation request to TTP, with the validation request being based on a cryptographic association of the first trust relationship and the second trust relationship. TTP provides a validation response including a cryptographic representation of verification of validity of the first trust relationship and the second trust relationship. P sends an attestation response to V based on the validation response.

3. 发明申请

US20200280842A1 SECURITY CERTIFICATE MANAGEMENT AND MISBEHAVIOR VEHICLE REPORTING IN VEHICLE- TO-EVERYTHING (V2X) COMMUNICATION 审中-公开
公开(公告)号：US20200280842A1
公开(公告)日：2020-09-03
申请号：US16729077
申请日：2019-12-27
申请人： Xiruo Liu , Liuyang Yang , Leonardo Gomes Baltar , Moreno Ambrosin , Manoj R. Sastry
发明人： Xiruo Liu , Liuyang Yang , Leonardo Gomes Baltar , Moreno Ambrosin , Manoj R. Sastry
IPC分类号： H04W12/00 , H04W72/04 , H04W4/80 , H04W4/40 , H04L9/32 , H04W12/06 , H04W12/10
摘要： Embodiments of the present disclosure describe methods, apparatuses, storage media, and systems for a device disposed at an edge of a vehicular communication network or vehicles within a coverage area of the device. The device is to generate a list of vehicle security data to be distributed to vehicles currently within a coverage area of the device, based at least in part on a context related to the vehicles. The device is further to announce, on a control channel communicatively coupling the device and the vehicles, that the list of vehicle security data are available and a service channel to receive the list of vehicle security data. The list of vehicle security data are to be provided to the vehicles via the service channel. Other embodiments may be described and claimed.

4. 发明授权

US09805221B2 Incorporating access control functionality into a system on a chip (SoC) 有权
公开(公告)号：US09805221B2
公开(公告)日：2017-10-31
申请号：US13995659
申请日：2011-12-21
申请人： Manoj R. Sastry , Ioannis T. Schoinas , Robert J. Toepfer , Alpa T. Narendra Trivedi , Men Long
发明人： Manoj R. Sastry , Ioannis T. Schoinas , Robert J. Toepfer , Alpa T. Narendra Trivedi , Men Long
IPC分类号： G06F21/76 , G06F13/38
CPC分类号： G06F21/76 , G06F13/385
摘要： In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.

5. 发明申请

US20150331043A1 SYSTEM-ON-CHIP SECURE DEBUG 审中-公开
标题翻译：系统级芯片安全调试
公开(公告)号：US20150331043A1
公开(公告)日：2015-11-19
申请号：US14279007
申请日：2014-05-15
申请人： Manoj R. Sastry , Enrico D. Carrieri , Michael Neve de Mevergnies , Ioannis T. Schoinas , Michael J. Wiznerowicz
发明人： Manoj R. Sastry , Enrico D. Carrieri , Michael Neve de Mevergnies , Ioannis T. Schoinas , Michael J. Wiznerowicz
IPC分类号： G01R31/3177 , G06F21/76
CPC分类号： G06F21/76 , G01R31/31705 , G01R31/3177 , G06F21/31
摘要： A system on chip (SOC) includes a policy generator to identify lifecycle data that identifies a lifecycle of the SOC and identify authentication data that identifies a particular user that is to debug the SoC. A particular policy is determined based on the lifecycle and identification of the particular user, and policy data is sent to at least one block of the SoC, the policy data identifying the particular policy. Debug access at the block is based on the particular policy.
摘要翻译：片上系统（SOC）包括一个策略生成器，用于识别识别SOC的生命周期的生命周期数据，并识别识别要调试SoC的特定用户的认证数据。特定策略基于特定用户的生命周期和标识来确定，策略数据被发送到SoC的至少一个块，该策略数据标识特定策略。该块的调试访问是基于特定策略。

6. 发明授权

US08789170B2 Method for enforcing resource access control in computer systems 有权
标题翻译：在计算机系统中执行资源访问控制的方法
公开(公告)号：US08789170B2
公开(公告)日：2014-07-22
申请号：US12890040
申请日：2010-09-24
申请人： Manoj R. Sastry , Ioannis T. Schoinas , Daniel M. Cermak
发明人： Manoj R. Sastry , Ioannis T. Schoinas , Daniel M. Cermak
IPC分类号： G06F12/14
CPC分类号： H04L63/10 , G06F12/1458 , G06F21/6218 , G06F21/78
摘要： A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.
摘要翻译：一种执行对系统资源和资产的访问控制的方法和系统。与系统中发起事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。安全属性传达分配给每个启动器的访问权限。在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器，寄存器，地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问允许请求，允许交易进行。启动器方案的安全属性提供跨系统设计的模块化，一致的安全访问实施方案。

7. 发明授权

US06993566B2 Entity self-clustering and host-entity communication such as via shared memory 失效
标题翻译：实体自聚类和主机实体通信，如通过共享内存
公开(公告)号：US06993566B2
公开(公告)日：2006-01-31
申请号：US09952592
申请日：2001-09-13
申请人： Brad A. Davis , Henry J. DiVincenzo , Richard A. Lary , Thomas E. Malone , Patrick D. Mason , Lee G. Rosenbaum , Manoj R. Sastry , Patrick W. White
发明人： Brad A. Davis , Henry J. DiVincenzo , Richard A. Lary , Thomas E. Malone , Patrick D. Mason , Lee G. Rosenbaum , Manoj R. Sastry , Patrick W. White
IPC分类号： G06F15/167
CPC分类号： G06F9/5061 , G06F9/544 , G06F2209/505 , H04L67/16 , H04L69/329
摘要： The self-clustering of entities within a system is disclosed. The system can also include a host. Each entity self-discovers all the other entities, such that the entities are aggregated as a cluster. The host communicates with the cluster of entities, where the entities are self-clustered or otherwise, such as through a memory shared by all the entities. The host therefore need not be aware which of the entities performs a given function.
摘要翻译：公开了系统内实体的自聚类。该系统还可以包括主机。每个实体自发现所有其他实体，使得实体被聚合为一个集群。主机与实体集群进行通信，其中实体是自聚类的或其他实体，例如通过所有实体共享的存储器。因此，主机不需要知道哪个实体执行给定的功能。

8. 发明申请

US20220225227A1 NETWORK SLICE RESILIENCY 有权
公开(公告)号：US20220225227A1
公开(公告)日：2022-07-14
申请号：US17711579
申请日：2022-04-01
申请人： Satish Chandra Jha , S M Iftekharul Alam , Vesh Raj Sharma Banjade , Ned M. Smith , Arvind Merwaday , Kshitij Arun Doshi , Francesc Guim Bernat , Liuyang Lily Yang , Kuilin Clark Chen , Christian Maciocco , Marcio Rogerio Juliato , Maruti Gupta Hyde , Manoj R. Sastry
发明人： Satish Chandra Jha , S M Iftekharul Alam , Vesh Raj Sharma Banjade , Ned M. Smith , Arvind Merwaday , Kshitij Arun Doshi , Francesc Guim Bernat , Liuyang Lily Yang , Kuilin Clark Chen , Christian Maciocco , Marcio Rogerio Juliato , Maruti Gupta Hyde , Manoj R. Sastry
IPC分类号： H04W48/18 , H04W28/24 , H04W24/02 , H04W72/08
摘要： System and techniques for network slice resiliency are described herein. An indication of a fault-attack-failure-outage (FAFO) event for a network slice may be received. Here, the network slice is one of multiple network slices. A capacity in a slice segment may be estimated to determine whether there is enough capacity to meet a service level agreement (SLA) of the multiple network slices based on the FAFO event. In this case, the slice segment is a set of physical resources shared by the multiple network slices. Operation of the slice segment may then be modified based on results from estimating the capacity in the slice segment to address impacts from the FAFO event.

9. 发明申请

US20120079590A1 METHOD FOR ENFORCING RESOURCE ACCESS CONTROL IN COMPUTER SYSTEMS 有权
标题翻译：在计算机系统中执行资源访问控制的方法
公开(公告)号：US20120079590A1
公开(公告)日：2012-03-29
申请号：US12890040
申请日：2010-09-24
申请人： Manoj R. Sastry , Ioannis T. Schoinas , Daniel M. Cermak
发明人： Manoj R. Sastry , Ioannis T. Schoinas , Daniel M. Cermak
IPC分类号： G06F12/14
CPC分类号： H04L63/10 , G06F12/1458 , G06F21/6218 , G06F21/78
摘要： A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.
摘要翻译：一种执行对系统资源和资产的访问控制的方法和系统。与系统中发起事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。安全属性传达分配给每个启动器的访问权限。在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器，寄存器，地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问允许请求，允许交易进行。启动器方案的安全属性提供跨系统设计的模块化，一致的安全访问实施方案。

10. 发明授权

US07965702B2 Reliable reporting of location data 有权
标题翻译：可靠的位置数据报告
公开(公告)号：US07965702B2
公开(公告)日：2011-06-21
申请号：US11368374
申请日：2006-03-03
申请人： Michael J. Covington , Manoj R. Sastry , Farid Adrangi , Deepak J. Manohar , Shao-Cheng Wang
发明人： Michael J. Covington , Manoj R. Sastry , Farid Adrangi , Deepak J. Manohar , Shao-Cheng Wang
IPC分类号： H04L12/66 , G06F7/04 , G06F9/455
CPC分类号： H04L12/2856 , G06F21/57 , G06F21/64 , G06F2221/2111 , H04L12/2898 , H04L29/06027 , H04L65/1053 , H04L65/1069 , H04L67/18 , H04M2242/04 , H04W88/18
摘要： A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call. Other embodiments may be described.
摘要翻译：诸如具有电话功能的移动设备（诸如因特网协议语音（VoIP）电话应用）的机器被配置有安全环境，其中位置提供商在（更可靠）或外部（较不可靠）的机器中可以确定机器的位置数据，并将其安全地提供给电话应用程序，以将其并入用于呼叫被呼叫者的呼叫建立。可以通过使用一个或多个英特尔的LaGrande技术（LT），Vanderpool Technology（VT）或可信平台模块（TPM）来创建安全环境。 LT和VT允许在机器内定义安全的独立组件，例如通过将其实例化为虚拟机，TPM允许组件对数据进行加密签名，以便于确保位置数据未被篡改。包括加密安全的位置数据的电话呼叫建立的接收者可以验证位置数据并接受呼叫。可以描述其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式