专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08971538B1 Firmware validation from an external channel 有权
标题翻译：来自外部通道的固件验证
公开(公告)号：US08971538B1
公开(公告)日：2015-03-03
申请号：US12555436
申请日：2009-09-08
申请人： Michael David Marr , Pradeep Vincent , Matthew T. Corddry , James R. Hamilton
发明人： Michael David Marr , Pradeep Vincent , Matthew T. Corddry , James R. Hamilton
IPC分类号： H04L29/06 , G06F9/445 , H04L29/08
CPC分类号： H04L9/3236 , G06F8/65 , G06F21/00 , H04L9/30 , H04L63/145 , H04L67/34
摘要： The state of firmware for devices on a provisioned host machine can be validated independent of the host CPU(s) or other components exposed to the user. A port that is not fully exposed or accessible to the user can be used to perform a validation process on firmware without accessing a CPU of the host device. The firmware can be scanned and a hashing or similar algorithm can be used to determine validation information, such as hash values, for the firmware, which can be compared to validation information stored in a secure location. If the current and stored validation information do not match, one or more remedial actions can be taken to address the firmware being in an unknown or unintended state.
摘要翻译：配置的主机上的设备的固件状态可以独立于主机CPU或暴露给用户的其他组件进行验证。用户未完全暴露或可访问的端口可用于在不访问主机设备的CPU的情况下对固件执行验证过程。可以扫描固件，并且可以使用散列或类似的算法来确定固件的验证信息，例如哈希值，这可以与存储在安全位置的验证信息进行比较。如果当前和存储的验证信息不匹配，则可以采取一种或多种补救措施来解决处于未知或非预期状态的固件。

2. 发明授权

US08601170B1 Managing firmware update attempts 有权
公开(公告)号：US08601170B1
公开(公告)日：2013-12-03
申请号：US12555455
申请日：2009-09-08
申请人： Michael David Marr , Pradeep Vincent , Matthew T. Corddry , James R. Hamilton
发明人： Michael David Marr , Pradeep Vincent , Matthew T. Corddry , James R. Hamilton
IPC分类号： G06F3/00 , G06F13/28 , G06F11/30 , G06F9/44
CPC分类号： G06F21/572 , G06F8/65 , G06F11/3003 , G06F11/3051 , G06F21/57 , G06F21/575 , G06F21/577 , G06F2201/865 , G06F2201/88 , G06F2221/033 , H04L67/10
摘要： Attempts to update confirmation information or firmware for a hardware device can be monitored using a secure counter that is configured to monotonically adjust a current value of the secure counter for each update or update attempt. The value of the counter can be determined every time the validity of the firmware is confirmed, and this value can be stored to a secure location. At subsequent times, such as during a boot process, the actual value of the counter can be determined and compared with the expected value. If the values do not match, such that the firmware may be in an unexpected state, an action can be taken, such as to prevent access to, or isolate, the hardware until such time as the firmware can be validated or updated to an expected state.

3. 发明授权

US10177934B1 Firmware updates inaccessible to guests 有权
公开(公告)号：US10177934B1
公开(公告)日：2019-01-08
申请号：US12554777
申请日：2009-09-04
申请人： Michael David Marr , Pradeep Vincent , James R. Hamilton
发明人： Michael David Marr , Pradeep Vincent , James R. Hamilton
IPC分类号： H04L12/66 , H04L12/40 , H04L29/06 , H04L29/08 , G06F8/65 , G06F9/4401
摘要： When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.

4. 发明授权

US08959611B1 Secure packet management for bare metal access 有权
标题翻译：安全的数据包管理用于裸机访问
公开(公告)号：US08959611B1
公开(公告)日：2015-02-17
申请号：US12556432
申请日：2009-09-09
申请人： Pradeep Vincent , Michael David Marr
发明人： Pradeep Vincent , Michael David Marr
IPC分类号： H04L29/06
CPC分类号： H04L63/107 , H04L12/4633 , H04L45/74 , H04L61/103 , H04L61/25 , H04L67/10
摘要： Secure networking processes, such as packet encapsulation and decapsulation, can be executed upstream of a user or guest operating system provisioned on a host machine, where the user has substantially full access to that machine. The processing can be performed on a device such as a network interface card (NIC), which can have a separate network port for communicating with mapping systems or other devices across a cloud or secure network. A virtual image of the NIC can be provided to the user such that the user can still utilize at least some of the NIC functionality. In some embodiments, the NIC can work with a standalone processor or control host in order to offload much of the processing to the control host. The NIC can further handle headers and payload separately where possible, in order to improve the efficiency of processing the various packets.
摘要翻译：可以在主机上提供的用户或客户机操作系统的上游执行诸如分组封装和解封装之类的安全联网过程，其中用户具有对该机器的基本完全访问。该处理可以在诸如网络接口卡（NIC）的设备上执行，该网络接口卡（NIC）可以具有用于通过云或安全网络与映射系统或其他设备通信的单独的网络端口。可以向用户提供NIC的虚拟映像，使得用户仍然可以利用NIC功能中的至少一些。在一些实施例中，NIC可以与独立处理器或控制主机一起工作，以将大部分处理卸载到控制主机。 NIC可以在可能的情况下进一步处理头部和净荷，以提高处理各种数据包的效率。

5. 发明授权

US08483221B1 Leveraging physical network interface functionality for packet processing 有权
标题翻译：利用物理网络接口功能进行数据包处理
公开(公告)号：US08483221B1
公开(公告)日：2013-07-09
申请号：US13402062
申请日：2012-02-22
申请人： Pradeep Vincent , Michael David Marr
发明人： Pradeep Vincent , Michael David Marr
IPC分类号： H04L12/56
CPC分类号： H04L69/22 , H04L61/1505 , H04L61/1511 , H04L61/2007 , H04L67/1097
摘要： High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing segmentation offload and other such functionality of commodity hardware. Virtualization information can be added to extension portions of protocol headers, for example, such that the payload portion is unchanged and, when physical address information is added to a frame, a frame can be processed using commodity hardware. In some embodiments, the virtualization information can be hashed and added to the payload or stream at, or relative to, various segmentation boundaries, such that the virtualization or additional header information will only be added to a subset of the packets once segmented, thereby reducing the necessary overhead. Further, the hashing of the information can allow for reconstruction of the virtualization information upon desegmentation even in the event of packet loss.
摘要翻译：可以在利用商品硬件的分段卸载和其他此类功能的同时提供到虚拟化环境的数据包的高速处理。虚拟化信息可以被添加到协议报头的扩展部分，例如，使得有效载荷部分不变，并且当物理地址信息被添加到帧时，可以使用商品硬件来处理帧。在一些实施例中，虚拟化信息可以在各种分段边界处或相对于各种分段边界被散列并添加到有效载荷或流中，使得虚拟化或附加报头信息将仅被分段添加到分组的子集，从而减少必要的开销。此外，即使在分组丢失的情况下，信息的散列也可以在分段时重建虚拟化信息。

6. 发明授权

US08155146B1 Stateless packet segmentation and processing 有权
标题翻译：无状态分组和处理
公开(公告)号：US08155146B1
公开(公告)日：2012-04-10
申请号：US12556453
申请日：2009-09-09
申请人： Pradeep Vincent , Michael David Marr
发明人： Pradeep Vincent , Michael David Marr
IPC分类号： H04J3/24
CPC分类号： H04L12/4633 , H04L69/161
摘要： High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing segmentation offload and other such functionality of commodity hardware. Virtualization information can be added to extension portions of protocol headers, for example, such that the payload portion is unchanged and, when physical address information is added to a frame, a frame can be processed using commodity hardware. In some embodiments, the virtualization information can be hashed and added to the payload or stream at, or relative to, various segmentation boundaries, such that the virtualization or additional header information will only be added to a subset of the packets once segmented, thereby reducing the necessary overhead. Further, the hashing of the information can allow for reconstruction of the virtualization information upon desegmentation even in the event of packet loss.
摘要翻译：可以在利用商品硬件的分段卸载和其他此类功能的同时提供到虚拟化环境的数据包的高速处理。虚拟化信息可以被添加到协议报头的扩展部分，例如，使得有效载荷部分不变，并且当物理地址信息被添加到帧时，可以使用商品硬件来处理帧。在一些实施例中，虚拟化信息可以在各种分段边界处或相对于各种分段边界被散列并添加到有效载荷或流中，使得虚拟化或附加报头信息将仅被分段添加到分组的子集，从而减少必要的开销。此外，即使在分组丢失的情况下，信息的散列也可以在分段时重建虚拟化信息。

7. 发明授权

US10187309B1 Congestion mitigation in networks using flow-based hashing 有权
公开(公告)号：US10187309B1
公开(公告)日：2019-01-22
申请号：US13589822
申请日：2012-08-20
申请人： Pradeep Vincent , Michael David Marr , Matthew D. Klein , Samuel J. McKelvie
发明人： Pradeep Vincent , Michael David Marr , Matthew D. Klein , Samuel J. McKelvie
IPC分类号： G08C15/00 , H04L12/801
摘要： Disclosed are various embodiments for mitigating congestion in networks employing flow-based hashing to assign flows to routes. A flow of packets is sent from a source endpoint to a destination endpoint by way of a network. The flow of packets is associated with flow identification information. It is detected whether congestion is affecting the flow of packets in the network. A perturbation to the flow identification information for the flow of packets is effected in response to determining that congestion is affecting the flow of packets in the network.

8. 发明授权

US08300641B1 Leveraging physical network interface functionality for packet processing 有权
标题翻译：利用物理网络接口功能进行数据包处理
公开(公告)号：US08300641B1
公开(公告)日：2012-10-30
申请号：US12556447
申请日：2009-09-09
申请人： Pradeep Vincent , Michael David Marr
发明人： Pradeep Vincent , Michael David Marr
IPC分类号： H04L12/56
CPC分类号： H04L69/22 , H04L61/1505 , H04L61/1511 , H04L61/2007 , H04L67/1097
摘要： High-speed processing of packets to, and from, a virtualization environment can be provided while utilizing segmentation offload and other such functionality of commodity hardware. Virtualization information can be added to extension portions of protocol headers, for example, such that the payload portion is unchanged and, when physical address information is added to a frame, a frame can be processed using commodity hardware. In some embodiments, the virtualization information can be hashed and added to the payload or stream at, or relative to, various segmentation boundaries, such that the virtualization or additional header information will only be added to a subset of the packets once segmented, thereby reducing the necessary overhead. Further, the hashing of the information can allow for reconstruction of the virtualization information upon desegmentation even in the event of packet loss.
摘要翻译：可以在利用商品硬件的分段卸载和其他此类功能的同时提供到虚拟化环境的数据包的高速处理。虚拟化信息可以被添加到协议报头的扩展部分，例如，使得有效载荷部分不变，并且当物理地址信息被添加到帧时，可以使用商品硬件来处理帧。在一些实施例中，虚拟化信息可以在各种分段边界处或相对于各种分段边界被散列并添加到有效载荷或流中，使得虚拟化或附加报头信息将仅被分段添加到分组的子集，从而减少必要的开销。此外，即使在分组丢失的情况下，信息的散列也可以在分段时重建虚拟化信息。

9. 发明授权

US09013998B1 Estimating round-trip times to improve network performance 有权
标题翻译：估计往返时间以提高网络性能
公开(公告)号：US09013998B1
公开(公告)日：2015-04-21
申请号：US13589834
申请日：2012-08-20
申请人： Pradeep Vincent , Michael David Marr , Matthew D. Klein , Samuel J. McKelvie
发明人： Pradeep Vincent , Michael David Marr , Matthew D. Klein , Samuel J. McKelvie
IPC分类号： H04L12/26 , H04L12/28 , H04J3/14 , H04L12/801
CPC分类号： H04L47/10
摘要： Disclosed are various embodiments for estimating round-trip times to improve performance of networks. Multiple connections are opened to a network device. Round-trip times associated with sending packets to the network device via the connections are measured. Another connection to the same or a different network device is opened. A round-trip-time estimate for the other connection is initialized based at least in part on the measured round-trip times for the multiple connections, and in some embodiments, network device proximity data.
摘要翻译：公开了用于估计往返时间以提高网络性能的各种实施例。网络设备打开多个连接。测量与通过连接向网络设备发送数据包相关的往返时间。另一个连接到相同或不同的网络设备被打开。至少部分地基于多个连接的测量的往返时间，以及在一些实施例中，网络设备接近度数据来初始化另一连接的往返时间估计。

10. 发明授权

US08640220B1 Co-operative secure packet management 有权
标题翻译：合作安全包管理
公开(公告)号：US08640220B1
公开(公告)日：2014-01-28
申请号：US12556421
申请日：2009-09-09
申请人： Pradeep Vincent , Michael David Marr
发明人： Pradeep Vincent , Michael David Marr
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00
CPC分类号： G06F17/00 , G06F9/5027 , G06F2209/509 , H04L63/0272 , H04L69/12 , H04L69/22 , H04L69/321
摘要： Secure networking processes, such as packet encapsulation and decapsulation, can be executed upstream of a user or guest operating system provisioned on a host machine, where the user has substantially full access to that machine. The processing can be performed on a device such as a network interface card (NIC), which can have a separate network port for communicating with mapping systems or other devices across a cloud or secure network. A virtual image of the NIC can be provided to the user such that the user can still utilize at least some of the NIC functionality. In some embodiments, the NIC can work with a standalone processor or control host in order to offload much of the processing to the control host. The NIC can further handle headers and payload separately where possible, in order to improve the efficiency of processing the various packets.
摘要翻译：可以在主机上提供的用户或客户机操作系统的上游执行诸如分组封装和解封装之类的安全联网过程，其中用户具有对该机器的基本完全访问。该处理可以在诸如网络接口卡（NIC）的设备上执行，该网络接口卡（NIC）可以具有用于通过云或安全网络与映射系统或其他设备通信的单独的网络端口。可以向用户提供NIC的虚拟映像，使得用户仍然可以利用NIC功能中的至少一些。在一些实施例中，NIC可以与独立处理器或控制主机一起工作，以将大部分处理卸载到控制主机。 NIC可以在可能的情况下进一步处理头部和净荷，以提高处理各种数据包的效率。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式