| Patent application number | Description | Published |
|---|
| 20080244725 | METHOD AND APPARATUS FOR MANAGING PACKET BUFFERS - According to one example embodiment of the inventive subject matter, there is described herein a method and apparatus for securely and efficiently managing packet buffers between protection domains on an Intra-partitioned system using packet queues and triggers. According to one embodiment described in more detail below, there is provided a method and apparatus for optimally transferring packet data across contexts (protected and unprotected) in a commodity operating system. | 10-02-2008 |
| 20080244758 | SYSTEMS AND METHODS FOR SECURE ASSOCIATION OF HARDWARD DEVICES - An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified. | 10-02-2008 |
| 20090158409 | REMOTE CONFIGURATION, PROVISIONING AND/OR UPDATING IN A LAYER TWO AUTHENTICATION NETWORK - A device capable of remote configuration, provisioning and/or updating comprising a network detector capable of detecting a network regardless of the state of the operating system on the device, wherein the network requires layer two authentication, and an Embedded Trust Agent capable of generating an authentication credential for layer two authentication and communicating the authentication credential via a layer two authentication protocol without a functioning operating system. | 06-18-2009 |
| 20090328042 | DETECTION AND REPORTING OF VIRTUALIZATION MALWARE IN COMPUTER PROCESSOR ENVIRONMENTS - Methods and systems to detect virtualization of computer system resources, such as by malware, include methods and systems to evaluate information corresponding to a computer processor operating environment, outside of or secure from the operating environment, which may include one or more of a system management mode of operation and a management controller system. Information may include processor register values. Information may be obtained from within the operating environment, such as with a host application running within the operating environment. Information may be obtained outside of the operating environment, such as from a system state map. Information obtained from within the operating environment may be compared to corresponding information obtained outside of the operating environment. Direct memory address (DMA) translation information may be used to determine whether an operating environment is remapping DMA accesses. Page tables, interrupt tables, and segmentation tables may be used to reconstruct a view of linear memory corresponding to the operating environment, which may be scanned for malware or authorized code and data. | 12-31-2009 |
| 20100083381 | Hardware-based anti-virus scan service - A device, system, and method are disclosed. In an embodiment, the device includes a storage medium to store files. The device also includes a manageability engine. The manageability engine accesses a virus signature file. The manageability engine then performs an anti-virus scan using patterns in the signature file to compare to one or more of the files. The manageability engine then reports the results of the scan to an external agent. | 04-01-2010 |
| 20100161926 | Data protection by segmented storage - A device, method, and system are disclosed. In one embodiment the device includes logic to handle and protect data. Specifically, the device includes logic to segment data that can receive a data object that needs to be stored. The logic within the device can segment the data object into a plurality of data segments. A segmented portion of the data object is an incomprehensible portion the data object when viewed in the segmented format. The device can then send each of the data segments to a several different storage locations. | 06-24-2010 |
| 20100169967 | Apparatus and method for runtime integrity verification - In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a code block, and code which is executable by the processor-based system to cause the processor-based system to generate integrity information for the code block upon a restart of the processor-based system, securely store the integrity information, and validate the integrity of the code block during a runtime of the processor-based system using the securely stored integrity information. Other embodiments are disclosed and claimed. | 07-01-2010 |
| 20100250797 | PLATFORM BASED VERIFICATION OF CONTENTS OF INPUT-OUTPUT DEVICES - A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions. | 09-30-2010 |
| 20100262739 | IDENTIFIER ASSOCIATED WITH MEMORY LOCATIONS FOR MANAGING MEMORY ACCESSES - Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed. | 10-14-2010 |
| 20100306177 | HOST OPERATING SYSTEM INDEPENDENT STORAGE-RELATED REMOTE ACCESS AND OPERATIONS - An embodiment may include circuitry that may be comprised in a host that may execute an operating system and/or in a server. The circuitry may generate, at least in part, and/or receive, at least in part, at least one request to initiate, at least in part, at least one operation at the host. The least one operation may facilitate, at least in part, examination remotely from the host of information stored at the host. The at least one operation may be performed independently from the operating system and also may be performed at least in part by the circuitry. The examination may facilitate, at least in part, remotely from the host, backup, recovery, and/or determination of corruption of mass storage data stored at the host. Of course, many variations, modifications, and alternatives are possible without departing from this embodiment. | 12-02-2010 |
| 20100306399 | Method and apparatus for operating system streaming - A method and apparatus for traversing a firewall between an Intranet and the Internet without the use of a proxy server is provided. Internet Small Computer Systems Interface (iSCSI) streaming over a firewall is provided by tunneling iSCSI over Hypertext Transport Protocol (Security) (HTTP(S)). | 12-02-2010 |
| 20100325729 | DETERMINATION BY CIRCUITRY OF PRESENCE OF AUTHORIZED AND/OR MALICIOUS DATA - An embodiment may include circuitry that may be comprised in a host. The host may include memory and a host processor to execute an operating system. The circuitry may be to determine, independently of the operating system and the host processor, the authenticity of signature list information, based at least in part upon authentication information received by the circuitry from a remote server. The circuitry also may be to determine, independently of the operating system and the host processor, based at least in part upon comparison of at least one portion of the signature list information with at least one portion of contents of the memory, whether authorized and/or malicious data are present in the at least one portion of the contents of the memory. Of course, many variations, modifications, and alternatives are possible without departing from this embodiment. | 12-23-2010 |
| 20100332744 | DATA RECOVERY AND OVERWRITE INDEPENDENT OF OPERATING SYSTEM - Methods and systems to access data in a computer system independent of an operating environment of the computer system, including to recover data to a remote system, to overwrite data, and to copy data to a hidden partition. A management system may directly access a storage device of the computer system and communicate with the remote system over a data channel that is secure from an operating environment of the computer system. The management system may access the storage device on a block basis, using a device driver associated with a storage device controller, and may include a virtualization engine to access the storage device. The remote system may include logic to request meta-data, to identify disk blocks corresponding to files of interest from the meta-data, and to construct the files of interest from the disk blocks. | 12-30-2010 |
| 20110078791 | Using chipset-based protected firmware for host software tamper detection and protection - A method, system, and computer program product for a host software tamper detection and protection service. A secure partition that is isolated from a host operating system of the host system, which may be implemented by firmware of a chipset of the host system, obtains file metadata from the host system and uses the file metadata to identify a first file for examination for tampering. The secure partition obtains data blocks for the first file, communicates with a service via an out-of-band communication channel, and uses information obtained from the service and the data blocks to determine whether the first file has been corrupted. The secure partition obtains the file metadata and the data blocks for the first file without invoking an operating system or file system of the host system. | 03-31-2011 |
| 20110078799 | Computer system and method with anti-malware - In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service. | 03-31-2011 |
| 20110107355 | SYSTEMS AND METHODS FOR SECURE HOST RESOURCE MANAGEMENT - Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules. | 05-05-2011 |
| 20110107423 | PROVIDING AUTHENTICATED ANTI-VIRUS AGENTS A DIRECT ACCESS TO SCAN MEMORY - A computer platform may support anti-virus agents that may be provided access to directly scan the memory. The computer platform may comprise a platform control hub, which may comprise a manageability engine and a virtualizer engine, wherein the manageability engine may allow the anti-virus agents to be downloaded to a platform hardware space that is isolated from an operating system. The manageability engine may authenticate the anti-virus agents and provide an access for the anti-virus agents to directly scan a memory or a storage device coupled to the platform hardware. | 05-05-2011 |
| 20110131447 | Automated modular and secure boot firmware update - A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted. | 06-02-2011 |
| 20110145558 | Virtual Bus Device Using Management Engine - A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional. | 06-16-2011 |
| 20110153725 | SECURE OUT-OF-BAND STORAGE CONTROL - Embodiments of the present disclosure provide methods and computing devices configured to establish secure out-of-band storage control. In various embodiments, a management module in a client device may be used to communicate with a server device independent of an operating system of the client device, to facilitate remote storage services. Other embodiments may be disclosed and claimed. | 06-23-2011 |
| 20110154316 | Providing Software Distribution and Update Services Regardless of the State or Physical Location of an End Point Machine - In accordance with some embodiments, software may be downloaded to an end point, even when that said end point is not fully functional. An indication that software is available for distribution may be stored in a dedicated location within a non-volatile memory. That location may be checked for software to download, for example, on each boot up. The software may then be downloaded and verified. Thereafter, the location is marked to indicate that the software has already been downloaded. | 06-23-2011 |
| 20110161551 | VIRTUAL AND HIDDEN SERVICE PARTITION AND DYNAMIC ENHANCED THIRD PARTY DATA STORE - A system reserves and manages a hidden service partition through components of the hardware platform of a computing device. The hidden partition is not accessible by way of a host operating system on the computing device. A hardware platform controller provisions a portion of nonvolatile storage through configuration settings of the hardware platform controller. When the host system requests settings related to storage in the system, the request is routed through the interfaces of the hardware platform, and the hardware platform controller reports in accordance with the configuration settings, hiding the service partition. The hidden partition is dynamically modifiable through secure remote access to the hardware platform controller, not through the host system such as operating system or BIOS. | 06-30-2011 |
