Patent application number | Description | Published |
20080244114 | Runtime integrity chain verification - A runtime integrity check may be implemented for a chain or execution path. When the chain or execution path calls other functions, the correctness of an entity called from the execution path is verified. As a result, attacks by malicious software that attempt to circumvent interrupt handlers can be combated. | 10-02-2008 |
20090006714 | METHOD FOR OPTIMIZING VIRTUALIZATION TECHNOLOGY AND MEMORY PROTECTIONS USING PROCESSOR-EXTENSIONS FOR PAGE TABLE AND PAGE DIRECTORY STRIPING - In a virtualized processor based system causing a transition to a virtual machine monitor executing on the processor based system in response to a modification of a page table of a guest executing in a virtual machine of the processor based system, and the virtual machine monitor responding to the transition by performing a verification action, and for each bit modified in the page table of the guest, reading a status indicator for the bit to determine if the bit is significant; and causing the transition only if the status indicator for any bit modified in the page table indicates that the bit is significant. | 01-01-2009 |
20090038017 | SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT - Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed. | 02-05-2009 |
20090070467 | Enabling access to remote entities in access controlled networks - In network access control networks, it may be difficult to provide certain remote accesses such as remote boot or remote storage access. An available network connection established through chipset firmware (e.g. active management technology (AMT)) may be utilized to establish a connection and to enable the remote access. Then as soon the completion of the activity is detected, such as remote booting, then the connection may be immediately terminated to prevent access by improper agents. | 03-12-2009 |
20090083844 | Synchronizing between host and management co-processor for network access control - In network access controlled networks, it is desirable to prevent access to the network by any non-authenticated entities. Access control may be established through a trusted agent that, in some embodiments, may be implemented with a management co-processor. In some cases, active management technology may establish a connection while a host is inactive. Then, after the host becomes active, the host can attempt to use the management co-processor connection without obtaining the necessary authentications. This may be prevented, in some embodiments, by scanning for an active host and, if such an active host is found, blocking the host from using a layer 2 authentication channel unless the host is properly authenticated and has a proper Internet Protocol address. | 03-26-2009 |
20090125885 | Method and system for whitelisting software components - A method and system for whitelisting software components is disclosed. In a first operating environment, runtime information may be collected about a first loaded and executing software component. The collected information may be communicated to a second software component operating in a second operating environment that is isolated from the first operating environment. The collect runtime information may be compared with a validated set of information about the first software component. Other embodiments are described and claimed. | 05-14-2009 |
20090172814 | DYNAMIC GENERATION OF INTEGRITY MANIFEST FOR RUN-TIME VERIFICATION OF SOFTWARE PROGRAM - A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered. | 07-02-2009 |
20090249481 | BOTNET SPAM DETECTION AND FILTRATION ON THE SOURCE MACHINE - A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value. | 10-01-2009 |
20090328164 | Method and system for a platform-based trust verifying service for multi-party verification - A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider. If the integrity manifest comparison indicates that the client platform posture is not good, then the client platform will send a failure notification to the service provider indicating that the client platform has been compromised. | 12-31-2009 |
20100162356 | Hierarchical Trust Based Posture Reporting and Policy Enforcement - A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies. | 06-24-2010 |
20110125990 | COMPUTING DEVICE AND METHOD FOR WIRELESS REMOTE BOOT IN A NETWORKED ENVIRONMENT - In some embodiments, a secure authenticated remote boot of computing device over a wireless network is performed in a pre-boot execution environment (PXE) using active management technology (AMT) for remote discovery. In these embodiments, a management engine (ME) may maintain full control of a wireless interface and a wireless connection as booting begins. The ME may relinquish control of the wireless interface after a PXE timeout, in response to a shutdown command, or once the device has booted. The ME controls the use of an operating system received from a remote location. | 05-26-2011 |
20110151854 | REMOTE MANAGEMENT OVER A WIRELESS WIDE-AREA NETWORK USING SHORT MESSAGE SERVICE - A method and device for remote management over a wireless wide-area network includes receiving a short message over a wireless wide-area network (WWAN) using an out-of-band (OOB) processor of a computing device. The OOB processor is capable of communicating over the WWAN irrespective of an operational state of an in-band processor of the computing device. The computing device executes at least one operation with the OOB processor in response to receiving the short message. | 06-23-2011 |
20110161145 | METHOD AND DEVICE FOR SECURELY DISPLAYING DIGITAL CONTENT ON A COMPUTING DEVICE - A method and device for securely displaying digital content, such as an advertisement, on a computing device includes establishing an advertisement enforcement module in a secured environment on the computing device. The computing device receives advertisements from a remote advertisement server, which are validated by the advertisement enforcement module. The advertisement enforcement module ensures that the advertisement is displayed on the computing device in a secure manner and monitors for tampering of the advertisement and advertisement service by the user of the device. | 06-30-2011 |
20110246633 | PROXY DETECTION BY SERVICE PROCESSOR - Embodiments provide methods, apparatus, and systems that enable an embedded processor to detect and configure one or more network access settings. The network access settings may enable the embedded processor to communicate over a network, via out-of-band messages, with a management server or service. Other embodiments may be disclosed or claimed. | 10-06-2011 |
20110246722 | ADAPTIVE BLOCK PRE-FETCHING METHOD AND SYSTEM - A method and system may include fetching a first pre-fetched data block having a first length greater than the length of a first requested data block, storing the first pre-fetched data block in a cache, and then fetching a second pre-fetched data block having a second length, greater than the length of a second requested data block, if data in the second requested data block is not entirely stored in a valid part of the cache. The first and second pre-fetched data blocks may be associated with a storage device over a channel. Other embodiments are described and claimed. | 10-06-2011 |
20110289146 | METHOD AND APPARATUS ALLOWING SCAN OF DATA STORAGE DEVICE FROM REMOTE SERVER - A method and device allowing a scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an out-of-band (OOB) configured to compute a first hash value for data stored in one or more sectors of a data storage device at a first time; receive, using communication circuitry, a request to transmit a portion of the data stored in the one or more sectors of the data storage device at a second time, the second time being subsequent to the first time; compute a second hash value for the data stored in the one or more sectors of the data storage device at the second time; and transmit, using the communication circuitry, the requested portion of the data, only if the second hash value does not match the first hash value. | 11-24-2011 |
20120102285 | PROVIDING PROTECTED ACCESS TO CRITICAL MEMORY REGIONS - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system. | 04-26-2012 |
20120144482 | Method and System for Whitelisting Software Components - A method and system for whitelisting software components is disclosed. In a first operating environment, runtime information may be collected about a first loaded and executing software component. The collected information may be communicated to a second software component operating in a second operating environment that is isolated from the first operating environment. The collect runtime information may be compared with a validated set of information about the first software component. Other embodiments are described and claimed. | 06-07-2012 |
20120178481 | REMOTE MANAGEMENT OVER A WIRELESS WIDE-AREA NETWORK USING SHORT MESSAGE SERVICE - Illustrative embodiments of systems and methods providing remote management over a wireless wide-area network (WWAN) using short messages are disclosed. In one embodiment, a computing device may include an in-band processor, a wireless transceiver configured for communications over a WWAN, and an out-of-band (OOB) processor capable of communicating over the WWAN using the wireless transceiver irrespective of an operational state of the in-band processor. The OOB processor may be configured to receive a short message via the wireless transceiver, determine whether the short message originated from a trusted remote computing device, and execute at least one operation indicated by the short message in response to determining that the short message originated from a trusted remote computing device. | 07-12-2012 |
20130297936 | METHOD, DEVICE, AND SYSTEM FOR SECURELY SHARING MEDIA CONTENT FROM A SOURCE DEVICE - A method, device, and system for sharing media content with a sink device includes performing a cryptographic key exchange with the sink device and generating an authorization key in a security engine of a system-on-a-chip (SOC) of a source device. The method may also include generating an exchange key as a function of the authorization key and a packet key as a function of the exchange key. Such key generation occurs in the security engine of the SOC, and the keys are stored in a secure memory of the security engine. | 11-07-2013 |