公开(公告)号：US20240281272A1

公开(公告)日：2024-08-22

申请号：US18170720

申请日：2023-02-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel John Edwards ,  Geoffrey Ndu ,  Jason Christopher Cohen ,  Theofrastos Koulouris

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45591

Abstract: In some examples, a bus device includes a device controller to perform input/output (I/O) virtualization to provide a virtualized instance of the bus device. The device controller establishes a channel between the virtualized instance of the bus device and a guest operating system (OS) of a virtual machine (VM). The device controller receives, from the VM, address information relating to a portion of a memory containing information associated with a kernel of the guest OS, and obtains, for integrity inspection, the information associated with the kernel from the memory based on the address information.

公开(公告)号：US20220188423A1

公开(公告)日：2022-06-16

申请号：US17118698

申请日：2020-12-11

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel John Edwards

IPC: G06F21/57 ,  G06F21/56 ,  G06F21/54

Abstract: A technique includes an operating system agent of a computer system monitoring a process to detect whether an integrity of the process has been compromised. The monitoring includes the operating system agent scanning a data structure. The process executes in a user space, and the data structure is part of an operating system kernel space. The technique includes a hardware controller of the computer system listening for a heartbeat that is generated by the operating system agent. The hardware controller takes a corrective action in response to at least one of the hardware controller detecting an interruption of the heartbeat, or the operating system agent communicating to the hardware controller a security alert for the process.

公开(公告)号：US11119789B2

公开(公告)日：2021-09-14

申请号：US15962366

申请日：2018-04-25

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Nigel Edwards

IPC: G06F9/4401 ,  G06F9/30

Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.

公开(公告)号：US20210232510A1

公开(公告)日：2021-07-29

申请号：US16774638

申请日：2020-01-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Ludovic Emmanuel Paul Noel Jacquin

IPC: G06F12/14 ,  G06F21/44 ,  G06F21/78 ,  G06F9/4401

Abstract: In some examples, a control device includes a controller to receive, from a requester device that is separate from the control device, a request to access a first memory region of a memory. The controller is to determine, based on occurrence of a systems initialization event and according to permissions information that identifies access permissions for respective memory regions of the memory, whether access of content in the first memory region is allowed.

公开(公告)号：US10896267B2

公开(公告)日：2021-01-19

申请号：US15420736

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Pratyusa K Manadhata ,  Christopher L. Dalton ,  Adrian Shaw ,  Stuart Haber

IPC: G06F21/78 ,  H04L9/06 ,  G06F12/14 ,  G06F21/80 ,  G06F21/79 ,  G06F21/60 ,  G06F21/72 ,  G06F21/64

Abstract: Examples relate to Input/Output (I/O) data encryption and decryption. In an example, an encryption/decryption engine on an Integrated Circuit (IC) of a computing device obtains at least one plaintext data. Some examples determine, by the encryption/decryption engine, whether the at least one plaintext data is to be sent to a memory in the computing device or to an I/O device. Some examples apply, when the at least one plaintext data is to be sent to the I/O device and by the encryption/decryption engine, an encryption primitive of a block cipher encryption algorithm to the at least one plaintext data to create output encrypted data, wherein an initialization vector that comprises a random number is applied to the encryption primitive.

公开(公告)号：US10740125B2

公开(公告)日：2020-08-11

申请号：US15884030

申请日：2018-01-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Dejan Milojicic ,  Sai Rahul Chalamalasetti

IPC: H04L29/06 ,  G06F9/455 ,  G06F9/50 ,  G06F17/16

Abstract: An example system includes at least one memristive dot product engine (DPE) having at least one resource, the DPE further having a physical interface and a controller, the controller being communicatively coupled to the physical interface, the physical interface to communicate with the controller to access the DPE, and at least one replicated interface, each replicated interface being associated with a virtual DPE, the replicated interface with communicatively coupled to the controller. The controller is to allocate timeslots to the virtual DPE through the associated replicated interface to allow the virtual DPE access to the at least one resource.

公开(公告)号：US10310990B2

公开(公告)日：2019-06-04

申请号：US15192493

申请日：2016-06-24

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Adrian Shaw ,  Geoffrey Ndu ,  Fraser John Dickin

IPC: G06F12/14 ,  G06F13/28

Abstract: In one example in accordance with the present disclosure, a method may include retrieving, at a memory management unit (MMU), encrypted data from a memory via direct memory access and determining, at the MMU, a peripheral that is the intended recipient of the encrypted data. The method may also include accessing an application key used for transmission between an application and the peripheral, wherein the application key originates from the application and decrypting, at the MMU, the encrypted data using the application key and transmitting the decrypted data to the peripheral.

公开(公告)号：US10248814B2

公开(公告)日：2019-04-02

申请号：US15415450

申请日：2017-01-25

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Adrian Shaw ,  Brian Quentin Monahan

IPC: H04L9/06 ,  H04L9/32 ,  G06F21/60 ,  G06F21/64

Abstract: In one example in accordance with the present disclosure, a system comprises a first memory module and a first memory integrity monitoring processor, embedded to the first memory module, to receive a second hash corresponding to a second memory module. The second hash includes a second sequence number for reconstruction of a final hash value and the second hash is not sequentially a first number in a sequence for reconstruction of the final hash value. The first processor may receive a third hash corresponding to a third memory module. The third hash includes a third sequence number for reconstruction of the final hash value and the third hash is received after the second hash. The first processor may determine if the second hash can be combined with the third hash, combine the second hash and third hash into a partial hash reconstruct the final hash value using the partial hash.

公开(公告)号：US20180365451A1

公开(公告)日：2018-12-20

申请号：US15420736

申请日：2017-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Geoffrey Ndu ,  Pratyusa K. Manadhata ,  Christopher I. Dalton ,  Adrian Shaw ,  Stuart Haber

IPC: G06F21/78 ,  G06F21/60 ,  G06F21/72 ,  H04L9/06

Abstract: Examples relate to Input/Output (I/O) data encryption and decryption. In an example, an encryption/decryption engine on an Integrated Circuit (IC) of a computing device obtains at least one plaintext data. Some examples determine, by the encryption/decryption engine, whether the at least one plaintext data is to be sent to a memory in the computing device or to an I/O device. Some examples apply, when the at least one plaintext data is to be sent to the I/O device and by the encryption/decryption engine, an encryption primitive of a block cipher encryption algorithm to the at least one plaintext data to create output encrypted data, wherein an initialization vector that comprises a random number is applied to the encryption primitive.