公开(公告)号：US10853090B2

公开(公告)日：2020-12-01

申请号：US15876370

申请日：2018-01-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards ,  Guilherme de Campos Magalhaes

IPC: G06F9/445 ,  G06F9/30 ,  G06F21/57 ,  H04L29/08 ,  G06F21/44

Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.

公开(公告)号：US11017090B2

公开(公告)日：2021-05-25

申请号：US16222293

申请日：2018-12-17

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/06

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

公开(公告)号：US20190227810A1

公开(公告)日：2019-07-25

申请号：US15876370

申请日：2018-01-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards ,  Guilherme de Campos Magalhaes

IPC: G06F9/445 ,  H04L29/08 ,  G06F21/57 ,  G06F9/30

Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.

公开(公告)号：US20200097657A1

公开(公告)日：2020-03-26

申请号：US16138119

申请日：2018-09-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ludovic Emmanual Paul Noel Jacquin ,  Hamza Attak

IPC: G06F21/57 ,  G06F21/60 ,  G06F21/78 ,  H04L9/08 ,  G06F8/65 ,  G06F11/14

Abstract: A method for secure data protection includes storing secured data, associated with a computer application, using a security co-processor. The secured data is associated with a platform state policy that indicates an expected platform state. The secured data is associated with a version counter policy that indicates an expected version counter. A platform state of a computing platform is stored in the security co-processor. A version counter of the platform state is stored in the security co-processor. A request for the secured data is received from the requester. The platform state is determined to be in a known good state based on the platform state policy, the version counter policy, the platform state, the expected platform state, the version counter, and the expected version counter. The secured data is provided for the requester based on the determination.

公开(公告)号：US20180212824A1

公开(公告)日：2018-07-26

申请号：US15410975

申请日：2017-01-20

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Hamza Attak ,  Ludovic Emmanuel Paul Noel Jacquin

IPC: H04L12/24 ,  H04L12/725

CPC classification number: H04L45/30 ,  H04L41/0853 ,  H04L41/12 ,  H04L43/0847 ,  H04L43/10 ,  H04L45/02 ,  H04L45/64

Abstract: Examples relate to packet tagging in Software Defined Networks (SDN). In an example, at least one SDN switch of an SDN marks a packet passing through the SDN switch with a packet tag, wherein the packet tag comprises an identifier of the SDN switch and a digest of a set of network forwarding rules of the SDN switch. Some examples generate, by a verifier, a verifier tag comprising the identifier of the at least one SDN switch and the digest of the set of network forwarding rules of the at least one SDN switch obtained from a network rules table and a network topology table stored in the verifier. Some examples receive, at a particular network element and from a verifier of the SDN, a request for attestation of the packet. Some examples check, by a verification engine, the packet tag against the verifier tag.

公开(公告)号：US11886593B2

公开(公告)日：2024-01-30

申请号：US18168430

申请日：2023-02-13

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/06

CPC classification number: G06F21/572 ,  H04L9/0643 ,  G06F2221/033

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

公开(公告)号：US11604881B2

公开(公告)日：2023-03-14

申请号：US17242904

申请日：2021-04-28

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Hamza Attak ,  Nigel Edwards

IPC: G06F21/57 ,  H04L9/06

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.