Patent application number | Description | Published |
20100082960 | PROTECTED NETWORK BOOT OF OPERATING SYSTEM - Methods and apparatus are disclosed to protect an operating system booted by a client computing device and provided by a server computing device. One such method includes requesting a trusted platform module of the client computing device to unseal a sealed encryption key, and receiving an encrypted operating system via a network in response to initiating a boot process of the client computing device. The illustrative method also includes decrypting the encrypted operating system received via the network using an unsealed encryption key obtained in response to requesting the trusted platform module to unseal the sealed encryption key, and executing the decrypted operating system. | 04-01-2010 |
20100161956 | Method and Apparatus for Protected Code Execution on Clients - In one embodiment of the invention, a server may send encrypted material to a client. The client processor may decrypt and process the material, encrypt the results, and send the results back to the server. This sequence of events may occur while the execution or processing of the material is restricted to the client processor. Any material outside the client processor, such as material located in system memory, will be encrypted. | 06-24-2010 |
20140208413 | SYSTEM AND METHOD FOR AN ENDPOINT HARDWARE ASSISTED NETWORK FIREWALL IN A SECURITY ENVIRONMENT - A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow. | 07-24-2014 |
Patent application number | Description | Published |
20090172660 | NEGOTIATED ASSIGNMENT OF RESOURCES TO A VIRTUAL MACHINE IN A MULTI-VIRTUAL MACHINE ENVIRONMENT - A system and method are disclosed. In one embodiment the system includes a physical resource that is capable of generating I/O data. The system also includes multiple virtual machines to utilize the physical resource. Among the virtual machines are a resource source virtual machine that is capable of owning the physical resource. The resource source virtual machine is also capable of sending a stream of one or more I/O packets generated from the I/O data that targets a resource sink virtual machine. The resource sink virtual machine is designated as a termination endpoint of the I/O data from the physical device. Also among the virtual machines are one or more resource filter virtual machines. Each of the resource filter virtual machines is capable of filtering I/O packets of a particular type from the stream prior to the stream reaching the resource sink virtual machine. | 07-02-2009 |
20110252227 | METHODS AND SYSTEMS TO BIND A DEVICE TO A COMPUTER SYSTEM - Methods and systems to bind a computer device to one or more computer systems, such that only an authorized computer system may access a protected portion of the device. A processor within the computer system may provide a proxy environment to interface between the device and a trusted environment of the computer system, such as a management environment that is secure from the proxy environment. The device may be configured to authenticate the trusted environment through the proxy environment, and to verify integrity of messages exchanged with the trusted environment through the proxy environment. Authentication may include a SSL and/or TSL handshake protocol. The device may be configured to authenticate a certificate, such as an X.509 certificate, a certificate chain, and/or a hash thereof. The device may include computer memory, a printer, display, circuit board, keyboard, mouse, pointing device, and/or other physical device. | 10-13-2011 |
Patent application number | Description | Published |
20080244080 | Prefetching Based on Streaming Hints - A processor includes non-volatile memory into which streamed application components may be pre-fetched from a slower storage medium in order to decrease stall times during execution of the application. Alternatively, the application components pre-fetched into the non-volatile memory may be from a traditionally-loaded application rather than a streamed application. The order in which components of the application are prefetched into the non-volatile memory may be based on load order hints. For at least one embodiment, the load order hints are derived from sever-side load ordering logic. For at least one other embodiment, the load order hints are provided by the application itself via a mechanism such as an application programming interface. For at least one other embodiment, the load order hints are generated by the client using profile data. Or, a combination of such approaches may be used. Other embodiments are also described and claimed. | 10-02-2008 |
20100192150 | EXCLUSIVE ACCESS FOR SECURE AUDIO PROGRAM - Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition. | 07-29-2010 |
20140282832 | METHOD, APPARATUS, SYSTEM, AND COMPUTER READABLE MEDIUM FOR PROVIDING APPARATUS SECURITY - Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred. | 09-18-2014 |
Patent application number | Description | Published |
20100211999 | NETWORK PROTECTING AUTHENTICATION PROXY - It is convenient to allow access to a private network, such as a corporate intranet, or outward facing extranet application, from an external network, such as the Internet. Unfortunately, if an internal authentication system is used to control access from the external network, it may be attacked, such as by a malicious party intentionally attempting multiple invalid authentications to ultimately result in an attacked account being locked out. To circumvent this, an authentication front-end, proxy, wrapper, etc. may be employed which checks for lockout conditions prior to attempting to authenticate security credentials with the internal authentication system. | 08-19-2010 |
20110154023 | Protected device management - A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments. | 06-23-2011 |
20110161298 | SYSTEM AND METHOD FOR OPPORTUNISTIC RE-IMAGING USING CANNIBALISTIC STORAGE TECHNIQUES ON SPARSE STORAGE DEVICES - In some embodiments, the invention involves a system and method for instant re-imaging of a computing device using a sparse storage partition of dynamically variable size to hold re-imaging data. An embodiment uses a solid state storage device to hold the binary image, or re-imaging personality. An embodiment uses copy on write methodology to maintain the re-imaging personality. An embodiment allows the primary, or active, personality to cannibalize storage used for a re-imaging personality when additional storage is required. The state of a computing device may be switched to allow or prohibit re-imaging, or to prohibit cannibalization of storage. Other embodiments are described and claimed. | 06-30-2011 |
20120017271 | DOMAIN-AUTHENTICATED CONTROL OF PLATFORM RESOURCES - A method, apparatus, system, and computer program product for domain-authenticated control of platform resources. Resources under the control of the platform are managed in accordance with access control rules that are centrally managed by a directory service. Security policies are uniformly applied by requiring authorization of the user's access to platform resources including hard drives, flash memory, sensors, network controllers and power state controllers. | 01-19-2012 |
20130268777 | Securing Inputs from Malware - A series of touch panel key entries may be secured by shuffling touch entry coordinates. In one embodiment, the entries may be secured by applying a shuffling algorithm that replaces the true coordinates with other incorrect coordinates. Then the correct data may be reassembled in a secure environment. | 10-10-2013 |
20130337827 | RELIABILITY FOR LOCATION SERVICES - A system for determining reliability for location resources. A device may be configured to determine device location based on location information received from a location information source, the device including secure systems configured to provide a reliability rating of the location information source. The secure systems may be configured to compare a device location based on the location information to a secondary device location based on secondary information to determine the reliability rating. For example, location information based on location signals received by the device may be compared to sensor information in the device to determine whether the movement described by location information and sensor information agrees. In the same or a different embodiment, a refined reliability rating may be requested from a secure resource in the device or accessible via a network. The secure resource may refine the reliability rating using tertiary information available to the secure resource. | 12-19-2013 |
20140006789 | DEVICES, SYSTEMS, AND METHODS FOR MONITORING AND ASSERTING TRUST LEVEL USING PERSISTENT TRUST LOG | 01-02-2014 |
20140157002 | SYSTEMS AND METHODS FOR PROTECTING SYMMETRIC ENCRYPTION KEYS - Systems and methods for protecting symmetric encryption keys when performing encryption are described. In one embodiment, a computer-implemented method includes retrieving at least one real key from a secure area and executing, with a processor, a key transform instruction to generate at least one transformed key based on receiving the at least one real key. The at least one transformed key is an encrypted version of at least one round key that is encrypted by the processor using the at least one real key. The processor is able to decrypt the at least one transformed key and encrypt the at least one round key. | 06-05-2014 |
20140366116 | PROTECTED DEVICE MANAGEMENT - A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments. | 12-11-2014 |
20150067343 | TAMPER RESISTANCE OF AGGREGATED DATA - By processing aggregated data in a trusted environment, a system can reduce opportunities for tampering with aggregated data that is processed in a peer-to-peer chain. Each device may pass the predecessor aggregated data to a trusted environment in that device, which obtains local data for that device and aggregates it with the predecessor aggregated data, producing an output aggregated data. Optionally, the system can identify when a device has previously processed the aggregated data, reducing the possibility that the device can be used to aggregate data repeatedly. The aggregated data may be digitally signed or encrypted to enhance the tamper resistance of the data payload. | 03-05-2015 |