公开(公告)号：JP2010033563A

公开(公告)日：2010-02-12

申请号：JP2009153641

申请日：2009-06-29

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： KOLAR SUNDER DIVYA NAIDU ,  KHOSRAVI HORMUZD ,  DURHAM DAVID ,  DAHLE DAN ,  DEWAN PRASHANT

IPC: G06F21/20 ,  G06Q50/00

CPC classification number: H04L63/126 ,  G06F21/31 ,  G06F21/57 ,  G06F21/577 ,  G06F2221/2129 ,  H04L63/0823 ,  H04L63/123

Abstract: PROBLEM TO BE SOLVED: To provide a system preventing a service distributed to consumers by a service provider from being compromised though there are many malicious users on the WWW and the information provided by many devices is not fully reliable. SOLUTION: The system includes a client platform accessing a service provider over a network. The client platform receives a request from the service provider for platform assessment and verification. The client platform collects platform information and performs assessment and verification. The client platform may then receive the service of the service provider. If integrity manifest comparison indicates that the client platform state is not good, then the client platform will send a failure notification to the service provider indicating that the client platform has been compromised. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：为了提供一种防止由服务提供商分发给消费者的服务被破坏的系统，尽管在WWW上存在许多恶意用户，并且由许多设备提供的信息不是完全可靠的。 解决方案：系统包括通过网络访问服务提供商的客户端平台。 客户端平台接收来自服务提供商的平台评估和验证请求。 客户端平台收集平台信息，进行评估和验证。 然后，客户端平台可以接收服务提供商的服务。 如果完整性清单比较表明客户端平台状态不好，那么客户端平台将向服务提供商发送一个失败通知，指示客户端平台已被破坏。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：JP2011118873A

公开(公告)日：2011-06-16

申请号：JP2010214374

申请日：2010-09-24

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： PRAKASH GYAN ,  DADU SAURABH ,  AISSI SELIM ,  KHOSRAVI HORMUZD ,  GLENDINNING DUNCAN ,  RHODES CRIS

IPC: G06F11/00 ,  G06F21/22

CPC classification number: G06F8/65 ,  G06F9/24 ,  G06F21/572 ,  G06Q10/00

Abstract: PROBLEM TO BE SOLVED: To provide a method for automated modular and secure boot firmware update. SOLUTION: An updated boot firmware code module is received in a secure partition of a system, only one original boot firmware code module is automatically replaced with the updated boot firmware code module. When the system is next booted, the updated boot firmware code module is automatically executed with a plurality of boot firmware code modules for the system and without user intervention. The updated boot firmware code module is written to an update partition of a firmware volume, and the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted. COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：提供一种自动化模块化和安全引导固件更新的方法。 解决方案：在系统的安全分区中接收到更新的引导固件代码模块，只有一个原始引导固件代码模块被更新的引导固件代码模块自动替换。 当下次启动系统时，更新的引导固件代码模块将自动执行，并具有多个用于系统的引导固件代码模块，无需用户干预。 将更新的引导固件代码模块写入固件卷的更新分区，并且当系统引导时，固件卷的更新分区与包含多个引导固件代码模块的固件卷的另一个分区一起读取。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2009104555A

公开(公告)日：2009-05-14

申请号：JP2007278175

申请日：2007-10-25

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： DAVID DURHAM ,  KHOSRAVI HORMUZD ,  SAHITA RAVI ,  SAVAGAONKAR UDAY

IPC: G06F12/14 ,  G06F9/46 ,  G06F21/22

Abstract: PROBLEM TO BE SOLVED: To more efficiently and effectively protect software agents, in particular, critical software agents in a VT environment. SOLUTION: Methods and apparatuses for comparing a first security domain of a first memory page of a physical device to a second security domain of a second memory page of the physical device, with a plurality of security domains being stored in one or more registers of a processor of the physical device are included. Based on the comparison, the processor disallows an instruction from the first memory page to access the second memory page if a preferential domain of the first security domain is different from that of the second security domain. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：更有效和高效地保护软件代理，特别是VT环境中的关键软件代理。 解决方案：用于将物理设备的第一存储器页面的第一安全域与物理设备的第二存储器页面的第二安全域进行比较的方法和装置，其中多个安全域存储在一个或多个 包括物理设备的处理器的寄存器。 基于比较，如果第一安全域的优先域与第二安全域的优先域不同，则处理器不允许来自第一存储器页的指令来访问第二存储器页。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：JP2012198926A

公开(公告)日：2012-10-18

申请号：JP2012134622

申请日：2012-06-14

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： KOLAR SUNDAR DIVYA NAIDU ,  KHOSRAVI HORMUZD ,  MOFFAT SAMUEL O ,  FULGINITI DOMINIC

IPC: G06F21/00

CPC classification number: G06F21/567 ,  G06F21/564

Abstract: PROBLEM TO BE SOLVED: To securely perform antivirus scan.SOLUTION: The invention includes a manageability engine 116 having a second processor which operates independently of a central processor. The manageability engine 116 can receive out-of-band communications regardless of a power state of the central processor. The manageability engine 116 receives a virus signature file signed with a private key of a remote computing device via an out-of-band communication channel 126, stores the signed virus signature file in a system memory, confirms the signed virus signature file using a public key stored in the manageability engine 116 corresponding to the private key of the remote computing device, and performs antivirus scan of one or more files stored in the computing device using one or more patterns in the signed virus signature file.

Abstract translation: 要解决的问题：安全执行防病毒扫描。 解决方案：本发明包括具有独立于中央处理器操作的第二处理器的可管理性引擎116。 无论中央处理器的功率状态如何，可管理性引擎116都可以接收带外通信。 可管理性引擎116通过带外通信信道126接收用远程计算设备的私钥签名的病毒签名文件，将签名的病毒签名文件存储在系统存储器中，使用公共密钥确认签名的病毒签名文件 密钥存储在对应于远程计算设备的私钥的可管理性引擎116中，并使用签名的病毒签名文件中的一个或多个模式对存储在计算设备中的一个或多个文件进行防病毒扫描。 版权所有（C）2013，JPO＆INPIT

公开(公告)号：JP2011139459A

公开(公告)日：2011-07-14

申请号：JP2010285925

申请日：2010-12-22

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： PRAKASH GYAN ,  ADRANGI FARID ,  AISSI SELIM ,  KHOSRAVI HORMUZD ,  DADU SAURABH

IPC: H04M11/00 ,  G06F21/20 ,  H04W4/14

CPC classification number: H04L67/125 ,  H04W4/12 ,  H04W52/0225 ,  Y02D70/00 ,  Y02D70/1222 ,  Y02D70/166

Abstract: PROBLEM TO BE SOLVED: To perform remote management over a wireless wide-area network using short message services. SOLUTION: A method and device for remote management over the wireless wide-area network include receiving a short message over a wireless wide-area network (WWAN) using an out-of-band (OOB) processor of a computing device. The OOB processor is capable of communicating over the WWAN irrespective of an operational state of an in-band processor of the computing device. The computing device executes at least one operation with the OOB processor in response to receiving the short message. COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：通过使用短消息服务的无线广域网进行远程管理。 解决方案：用于通过无线广域网进行远程管理的方法和设备包括使用计算设备的带外（OOB）处理器在无线广域网（WWAN）上接收短消息。 OOB处理器能够通过WWAN进行通信，而与计算设备的带内处理器的操作状态无关。 计算设备响应于接收到该短消息而与OOB处理器执行至少一个操作。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2010086538A

公开(公告)日：2010-04-15

申请号：JP2009224629

申请日：2009-09-29

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： KOLAR SUNDAR DIVYA NAIDU ,  KHOSRAVI HORMUZD ,  MOFFAT SAMUEL O ,  FULGINITI DOMINIC

IPC: G06F21/22 ,  H04L9/32

CPC classification number: G06F21/567 ,  G06F21/564

Abstract: PROBLEM TO BE SOLVED: To prevent a local agent and components within an operating system for performing virus scan from being changed by virus. SOLUTION: A device 100 includes a storage medium 108 to store files and a manageability engine 116. A manageability engine 116 accesses a virus signature file. The manageability engine 116 then performs an anti-virus scan using patterns in the signature file to compare to one or more of the files. The manageability engine 116 then reports the results of the scan to an external agent. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：防止操作系统中的本地代理和组件执行病毒扫描以免被病毒更改。 解决方案：设备100包括用于存储文件的存储介质108和可管理性引擎116.可管理性引擎116访问病毒签名文件。 可管理性引擎116然后使用签名文件中的模式执行防病毒扫描，以与一个或多个文件进行比较。 可管理性引擎116然后将扫描的结果报告给外部代理。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：JP2008125116A

公开(公告)日：2008-05-29

申请号：JP2007335129

申请日：2007-12-26

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： HEGDE SHRIHARSHA ,  FENGER RUSSELL ,  KULKARNI AMOL ,  LIU HSIN-YUO ,  KHOSRAVI HORMUZD ,  DEVAL MANASI

IPC: H04L12/56 ,  H04L29/06

CPC classification number: H04L69/16 ,  H04L45/50 ,  H04L69/161

Abstract: PROBLEM TO BE SOLVED: To provide a method and apparatus for configuring data plane behavior on network forwarding elements. SOLUTION: The method includes receiving, within a network element control plane, protocol configuration information extracted from a protocol application utilizing a network protocol application programming interface. The received information is processed using a control interface corresponding to the network protocol. Once the protocol configuration information is processed, the control interface programs one or more data plane forwarding elements of the network element according to protocol configuration information. Accordingly, by providing similar control interfaces for several network protocols, inter-operability between components from several vendors is enabled. COPYRIGHT: (C)2008,JPO&INPIT

Abstract translation: 要解决的问题：提供一种用于在网络转发元件上配置数据平面行为的方法和装置。 解决方案：该方法包括在网元控制平面内接收使用网络协议应用编程接口从协议应用中提取的协议配置信息。 使用对应于网络协议的控制接口来处理接收到的信息。 一旦处理了协议配置信息，控制接口根据协议配置信息对网元的一个或多个数据平面转发元素进行编程。 因此，通过为几个网络协议提供类似的控制接口，启用来自多个供应商的组件之间的互操作性。 版权所有（C）2008，JPO＆INPIT

公开(公告)号：WO2004064309A3

公开(公告)日：2004-12-23

申请号：PCT/US2004000094

申请日：2004-01-02

Applicant: INTEL CORP

Inventor： HEDGE SHRIHARSHA ,  FENGER RUSSELL ,  KULKARNI AMOL ,  LIU HSIN-YUO ,  KHOSRAVI HORMUZD ,  DEVAL MANASI

IPC: H04L12/56 ,  H04L29/06 ,  G06F9/445

CPC classification number: H04L69/16 ,  H04L45/50 ,  H04L69/161

Abstract: A method and apparatus for configuring data plane behavior on network forwarding elements are described. In one embodiment, the method includes receiving, within a network element control plane, protocol configuration information extracted from a protocol application utilizing a network protocol application programming interface (API). Once the protocol configuration information is received, the protocol configuration information is processed using a control interface corresponding to the network protocol implemented by the protocol application. Once the protocol configuration information is processed, the control interface programs one or more data plane forwarding elements of the network element according to protocol configuration information. Accordingly, by providing similar control interfaces for multiple, network protocols, inter-operability between components from multiple vendors is enabled.

Abstract translation: 描述了用于配置网络转发元件上的数据平面行为的方法和设备。 在一个实施例中，该方法包括在网元控制平面内接收利用网络协议应用编程接口（API）从协议应用中提取的协议配置信息。 一旦接收到协议配置信息，就使用与由协​​议应用实现的网络协议对应的控制接口来处理协议配置信息。 一旦协议配置信息被处理，控制接口根据协议配置信息对网络元件的一个或多个数据平面转发元件进行编程。 因此，通过为多个网络协议提供类似的控制接口，实现了来自多个供应商的组件之间的互操作性。

公开(公告)号：EP2791856A4

公开(公告)日：2015-08-19

申请号：EP11877504

申请日：2011-12-15

Applicant: INTEL CORP

Inventor： KHOSRAVI HORMUZD ,  AGRAWAL SACHIN ,  VENKATARAMANAN ANIRUDH

IPC: G06F21/60 ,  H04L29/06

CPC classification number: H04L63/0428 ,  G06F21/10 ,  G06F21/72 ,  H04L9/0822 ,  H04L9/0841 ,  H04L9/0869 ,  H04L63/0435 ,  H04L63/061 ,  H04L2209/60 ,  H04L2463/101

Abstract: A method, device, and system for sharing media content with a sink device includes performing a cryptographic key exchange with the sink device and generating an authorization key in a security engine of a system-on-a-chip (SOC) of a source device. The method may also include generating an exchange key as a function of the authorization key and a packet key as a function of the exchange key. Such key generation occurs in the security engine of the SOC, and the keys are stored in a secure memory of the security engine.

公开(公告)号：GB2442348A

公开(公告)日：2008-04-02

申请号：GB0719016

申请日：2007-09-28

Applicant: INTEL CORP

Inventor： GREWAL KARANVIR ,  ZIMMER VINCENT ,  KHOSRAVI HORMUZD ,  ROSS ALAN

IPC: G06F21/00 ,  G06F9/445 ,  H04L29/06

Abstract: The invention relates to providing security for boot image exchanges by using data tunneling to protect a boot image download to a remote boot environment of a computer system. An authentication channel 503 is established between a client 501 which implements a Preboot Execution Environment (PXE) and a remote boot server 502. A remote boot image exchange then occurs between the client and the server in which the client sends a boot image request and the server responds by sending a copy of the boot image, characterised by the use of a data tunnel 504 in the authentication channel to communicate data related to the boot image exchange. The data tunnel may be a type-length-value (TLV) type or attribute-value pair (AVP) type and the tunneled data may be the entire boot exchange itself 505 and may also include credentials 506. Upon completion of the exchange the client executes the received boot image from within the resident PXE environment.