公开(公告)号：US12105859B2

公开(公告)日：2024-10-01

申请号：US17452722

申请日：2021-10-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Theodore F. Emerson ,  Shiva R. Dasari ,  Luis E. Luciani, Jr. ,  Kevin E. Boyum ,  Naysen J. Robertson ,  Robert L. Noonan ,  Christopher M. Wesneski ,  David F. Heinrich

IPC: G06F21/78 ,  G06F21/33 ,  G06F21/53 ,  G06F21/60

CPC classification number: G06F21/78 ,  G06F21/33 ,  G06F21/53 ,  G06F21/602

Abstract: An apparatus includes a host and a baseboard management controller. The baseboard management controller includes a semiconductor package; and the semiconductor package includes a memory, a security hardware processor; and a main hardware processor. The main hardware processor causes the baseboard management controller to serve as an agent that, independently from the host, responds to communications with a remote management entity to manage the host. The security hardware processor manages the storage of a secret of the host in the memory.

公开(公告)号：US11409859B2

公开(公告)日：2022-08-09

申请号：US16546862

申请日：2019-08-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Theodore F. Emerson ,  Luis E. Luciani, Jr. ,  Kevin E. Boyum ,  Christopher M. Wesneski

IPC: G06F21/44 ,  G06F3/14 ,  G06T1/00 ,  G06F21/76 ,  H01H71/10

Abstract: A method for assembling a computing device including initiating a board management controller of the computing device, the board management controller having at least one fuse, forming data to control a video display operatively connected to the computing device to show an image of a watermark, and modifying the computing device. The method also includes blowing the at least one fuse in response to modifying the computing device and adjusting the watermark in response to blowing the at least one fuse.

公开(公告)号：US12118115B2

公开(公告)日：2024-10-15

申请号：US18468075

申请日：2023-09-15

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Luis E. Luciani, Jr.

IPC: G06F21/62 ,  G06F16/14

CPC classification number: G06F21/6218 ,  G06F16/152

Abstract: Example implementations relate a system and method for storing configuration files of a host computing device in a secure storage of a Baseboard Management Controller (BMC). The secure storage includes configuration files associated with the host computing device. The BMC is communicatively connected to the host computing device using a communication link. The secure storage is emulated as a storage device to the host computing device. The BMC monitors the secure storage to detect changes in the configuration files. When there is a change in a configuration file, the BMC performs a security action in the host computing device.

公开(公告)号：US12019752B2

公开(公告)日：2024-06-25

申请号：US17495562

申请日：2021-10-06

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Luis E. Luciani, Jr.

IPC: G06F9/44 ,  G06F8/65 ,  G06F21/34 ,  G06F21/57

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F21/34

Abstract: Examples disclosed herein relate to security dominion of a computing device. A management controller of the computing device can access a physical owner token pertaining to a physical owner of the computing device. The management controller can access a security dominion owner token pertaining to a security dominion owner of the computing device. The security dominion owner token tracks accountability for a security feature of the computing device. A security dominion owner associated with the security dominion owner token is initially set to a first entity.

公开(公告)号：US11522723B2

公开(公告)日：2022-12-06

申请号：US17188047

申请日：2021-03-01

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ludovic Emmanuel Paul Noel Jacquin ,  Nigel John Edwards ,  Luis E. Luciani, Jr.

IPC: H04L9/32

Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.

公开(公告)号：US20250077109A1

公开(公告)日：2025-03-06

申请号：US18460041

申请日：2023-09-01

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Joseph Wright ,  Chris Davenport ,  Luis E. Luciani, Jr.

IPC: G06F3/06

Abstract: In some examples, a system includes a nonvolatile memory to store information, and a controller subsystem to perform various tasks. The controller subsystem receives, from an entity, an input to trigger an erase verification operation after an erase of a memory region of the nonvolatile memory containing the information. The controller subsystem generates a pseudorandom pattern in response to the input, and writes the pseudorandom pattern to the memory region as part of the erase verification operation. After the writing, the controller subsystem provides, from the nonvolatile memory to the entity, the pseudorandom pattern retrieved from the memory region for verification that the erasing of the information of the memory region has occurred.

公开(公告)号：US12069169B2

公开(公告)日：2024-08-20

申请号：US17588620

申请日：2022-01-31

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Luis E. Luciani, Jr. ,  Douglas R. Hascall ,  Michael R. Garrett

IPC: H04L9/08 ,  G06F9/4401 ,  G06F21/57

CPC classification number: H04L9/0861 ,  G06F9/4401 ,  G06F21/57 ,  H04L9/0891 ,  H04L9/0894

Abstract: A management controller of a computer platform, determines whether an ownership history of management firmware for the management controller represents multiple owners. The management controller includes a set of one-time programmable elements that represent a first secret. The management controller manages use of the first secret based on the ownership history. The management includes, responsive to determining, by the management controller, that the ownership history represents multiple owners, generating, by the management controller, a second secret to replace the first secret. The management further includes, responsive to determining, by the management controller, that the ownership history represents multiple owners, storing, by the management controller, the second secret in a non-volatile memory and generating, by the management controller, cryptographic keys based on the second secret.

公开(公告)号：US11580225B2

公开(公告)日：2023-02-14

申请号：US16775823

申请日：2020-01-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Luis E. Luciani, Jr. ,  Darrell R. Haskell

IPC: G06F21/57 ,  G06F21/12 ,  G06F9/38 ,  G06F9/4401 ,  G06F1/3206

Abstract: Examples disclosed herein relate to a computing device that includes a central processing unit, a management controller separate from the central processing unit, and a security co-processor. The management controller is powered using an auxiliary power rail that provides power to the management controller while the computing device is in an auxiliary power state. The security co-processor includes device unique data. The management controller receives the device unique data and stores a representation at a secure location. At a later time, the management controller receives endorsement information from an expected location of the security co-processor. The management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information and the stored representation of the device unique data.

公开(公告)号：US11409858B2

公开(公告)日：2022-08-09

申请号：US16409929

申请日：2019-05-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Luis E. Luciani, Jr. ,  Sze Hau Loh

IPC: G06F21/44 ,  H04L9/32 ,  G06F3/14 ,  G06F1/26

Abstract: In some examples, a scanner that is to verify a device includes a scanner input/output (I/O) interface to physically and communicatively connect to a device I/O interface of the device. The scanner includes a processor to send an input through the scanner I/O interface to the device, receive, at the scanner I/O interface, an output responsive to the input from the device, the output comprising a cryptographic value based on a cryptographic operation applied on data of the input, and determine whether the device is an authorized device based on the received output.

公开(公告)号：US10318459B2

公开(公告)日：2019-06-11

申请号：US15327724

申请日：2015-04-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Suhas Shivanna ,  Luis E. Luciani, Jr. ,  Mohammed Saleem ,  Andrew Brown

IPC: G06F13/38 ,  G06F3/06 ,  G06F13/42 ,  G06F11/34

Abstract: Example implementations relate to a server including a platform controller hub (PCH), where the PCH includes a peripheral device manager, a management processor coupled to the peripheral device manager, and a peripheral device interface to couple with a peripheral device and provide out of band access of the peripheral device via the management processor and peripheral device manager to a memory of the server.