Patents by Inventor Alberto J. Munoz
Alberto J. Munoz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11838113Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.Type: GrantFiled: October 17, 2019Date of Patent: December 5, 2023Assignee: INTEL CORPORATIONInventors: Alberto J. Munoz, Murugasamy K. Nachimuthu, Mohan J. Kumar, Wojciech Powiertowski, Sergiu D. Ghetie, Neeraj S. Upasani, Sagar V. Dalvi, Chukwunenye S. Nnebe, Jeanne Guillory
-
Publication number: 20220317906Abstract: Technologies for generating manifest data for a sled include a sled to generate manifest data indicative of one or more characteristics of the sled (e.g., hardware resources, firmware resources, a configuration of the sled, or a health of sled components). The sled is also to associate an identifier with the manifest data. The identifier uniquely identifies the sled from other sleds. Additionally, the sled is to send the manifest data and the associated identifier to a server. The sled may also detect a change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also generate an update of the manifest data based on the detected change, where the update specifies the detected change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also send the update of the manifest data to the server.Type: ApplicationFiled: April 19, 2022Publication date: October 6, 2022Inventors: Murugasamy K. Nachimuthu, Mohan J. Kumar, Alberto J. Munoz
-
Patent number: 11307787Abstract: Technologies for generating manifest data for a sled include a sled to generate manifest data indicative of one or more characteristics of the sled (e.g., hardware resources, firmware resources, a configuration of the sled, or a health of sled components). The sled is also to associate an identifier with the manifest data. The identifier uniquely identifies the sled from other sleds. Additionally, the sled is to send the manifest data and the associated identifier to a server. The sled may also detect a change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also generate an update of the manifest data based on the detected change, where the update specifies the detected change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also send the update of the manifest data to the server.Type: GrantFiled: November 29, 2017Date of Patent: April 19, 2022Assignee: Intel CorporationInventors: Murugasamy K. Nachimuthu, Mohan J. Kumar, Alberto J. Munoz
-
Publication number: 20220116365Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.Type: ApplicationFiled: December 23, 2021Publication date: April 14, 2022Inventors: Johan Van de Groenendaal, Alberto J. Munoz
-
Patent number: 11223606Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.Type: GrantFiled: June 29, 2018Date of Patent: January 11, 2022Assignee: Intel CorporationInventors: Johan Van de Groenendaal, Alberto J. Munoz
-
Publication number: 20200053438Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.Type: ApplicationFiled: October 17, 2019Publication date: February 13, 2020Applicant: INTEL CORPORATIONInventors: ALBERTO J. MUNOZ, MURUGASAMY K. NACHIMUTHU, MOHAN J. KUMAR, WOJCIECH POWIERTOWSKI, SERGIU D. GHETIE, NEERAJ S. UPASANI, SAGAR V. DALVI, CHUKWUNENYE S. NNEBE, JEANNE GUILLORY
-
Publication number: 20200007511Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.Type: ApplicationFiled: June 29, 2018Publication date: January 2, 2020Inventors: Johan Van de Groenendaal, Alberto J. Munoz
-
Patent number: 10489156Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.Type: GrantFiled: July 21, 2017Date of Patent: November 26, 2019Assignee: INTEL CORPORATIONInventors: Alberto J. Munoz, Murugasamy K. Nachimuthu, Mohan J. Kumar, Wojciech Powiertowski, Sergiu D. Ghetie, Neeraj S. Upasani, Sagar V. Dalvi, Chukwunenye S. Nnebe, Jeanne Guillory
-
Patent number: 10432586Abstract: Technologies for fabric security include one or more managed network devices coupled to one or more computing nodes via high-speed fabric links. A managed network device enables a port and, while enabling the port, securely determines the node type of the link partner coupled to the port. If the link partner is a computing node, management access is not allowed at the port. The managed network device may allow management access at certain predefined ports, which may be connected to one of more management nodes. Management access may be allowed for additional ports in response to management messages received from the management nodes. The managed network device may check and verify data packet headers received from a compute node at each port. The managed network device may rate-limit management messages received from a compute node at each port. Other embodiments are described and claimed.Type: GrantFiled: December 27, 2014Date of Patent: October 1, 2019Assignee: Intel CorporationInventors: Todd M. Rimmer, Thomas D. Lovett, Alberto J. Munoz
-
Patent number: 10303503Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.Type: GrantFiled: February 14, 2017Date of Patent: May 28, 2019Assignee: Intel CorporationInventors: Shamanna M. Datta, Alberto J. Munoz, Mahesh S. Natu, Scott T. Durrant
-
Publication number: 20180150372Abstract: Technologies for generating manifest data for a sled include a sled to generate manifest data indicative of one or more characteristics of the sled (e.g., hardware resources, firmware resources, a configuration of the sled, or a health of sled components). The sled is also to associate an identifier with the manifest data. The identifier uniquely identifies the sled from other sleds. Additionally, the sled is to send the manifest data and the associated identifier to a server. The sled may also detect a change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also generate an update of the manifest data based on the detected change, where the update specifies the detected change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also send the update of the manifest data to the server.Type: ApplicationFiled: November 29, 2017Publication date: May 31, 2018Inventors: Murugasamy K. Nachimuthu, Mohan J. Kumar, Alberto J. Munoz
-
Publication number: 20180026800Abstract: Embodiments are generally directed apparatuses, methods, techniques and so forth to receive a sled manifest comprising identifiers for physical resources of a sled, receive results of an authentication and validation operations performed to authenticate and validate the physical resources of the sled, determine whether the results of the authentication and validation operations indicate the physical resources are authenticate or not authenticate. Further and in response to the determination that the results indicate the physical resources are authenticated, permit the physical resources to process a workload, and in response to the determination that the results indicate the physical resources are not authenticated, prevent the physical resources from processing the workload.Type: ApplicationFiled: July 21, 2017Publication date: January 25, 2018Inventors: ALBERTO J. MUNOZ, MURUGASAMY K. NACHIMUTHU, MOHAN J. KUMAR, WOJCIECH POWIERTOWSKI, SERGIU D. GHETIE, NEERAJ S. UPASANI, SAGAR V. DALVI, CHUKWUNENYE S. NNEBE, JEANNE GUILLORY
-
Publication number: 20170339106Abstract: Technologies for fabric security include one or more managed network devices coupled to one or more computing nodes via high-speed fabric links. A managed network device enables a port and, while enabling the port, securely determines the node type of the link partner coupled to the port. If the link partner is a computing node, management access is not allowed at the port. The managed network device may allow management access at certain predefined ports, which may be connected to one of more management nodes. Management access may be allowed for additional ports in response to management messages received from the management nodes. The managed network device may check and verify data packet headers received from a compute node at each port. The managed network device may rate-limit management messages received from a compute node at each port. Other embodiments are described and claimed.Type: ApplicationFiled: December 27, 2014Publication date: November 23, 2017Applicant: INTEL CORPORATIONInventors: Todd M. RIMMER, Thomas D. LOVETT, Alberto J. MUNOZ
-
Publication number: 20170252170Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.Type: ApplicationFiled: February 14, 2017Publication date: September 7, 2017Inventors: Shamanna M. Datta, Alberto J. Munoz, Mahesh S. Natu, Scott T. Durrant
-
Patent number: 9252946Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.Type: GrantFiled: November 21, 2014Date of Patent: February 2, 2016Assignee: Intel CorporationInventors: Yeluri Ranghuram, Steve Orrin, Alberto J. Munoz
-
Patent number: 9122780Abstract: Embodiments of apparatus, computer-implemented methods, systems, devices, and computer-readable media are described herein for tracking per-virtual machine (“VM”) resource usage independent of a virtual machine monitor (“VMM”). In various embodiments, a first logic unit may associate one or more virtual central processing units (“vCPUs”) operated by one or more physical processing units of a computing device with a first VM of a plurality of VMs operated by the computing device, and collect data about resources used by the one or more physical processing units to operate the one or more vCPUs associated with the first VM. In various embodiments, a second logic unit of the computing device may determine resource-usage by the first VM based on the collected data. In various embodiments, the first and second logic units may perform these functions independent of a VMM of the computing device.Type: GrantFiled: June 20, 2012Date of Patent: September 1, 2015Assignee: Intel CorporationInventors: Mahesh S. Natu, Anil S. Keshavamurthy, Alberto J. Munoz, Tessil Thomas
-
Publication number: 20150082031Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.Type: ApplicationFiled: November 21, 2014Publication date: March 19, 2015Inventors: Yeluri Ranghuram, Steve Orrin, Alberto J. Munoz
-
Patent number: 8924720Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.Type: GrantFiled: September 27, 2012Date of Patent: December 30, 2014Assignee: Intel CorporationInventors: Yeluri Raghuram, Steve Orrin, Alberto J. Munoz
-
Publication number: 20140089658Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.Type: ApplicationFiled: September 27, 2012Publication date: March 27, 2014Inventors: Yeluri Raghuram, Steve Orrin, Alberto J. Munoz
-
Publication number: 20130346966Abstract: Embodiments of apparatus, computer-implemented methods, systems, devices, and computer-readable media are described herein for tracking per-virtual machine (“VM”) resource usage independent of a virtual machine monitor (“VMM”). In various embodiments, a first logic unit may associate one or more virtual central processing units (“vCPUs”) operated by one or more physical processing units of a computing device with a first VM of a plurality of VMs operated by the computing device, and collect data about resources used by the one or more physical processing units to operate the one or more vCPUs associated with the first VM. In various embodiments, a second logic unit of the computing device may determine resource-usage by the first VM based on the collected data. In various embodiments, the first and second logic units may perform these functions independent of a VMM of the computing device.Type: ApplicationFiled: June 20, 2012Publication date: December 26, 2013Inventors: Mahesh S. Natu, Anil S. Keshavamurthy, Alberto J. Munoz, Tessil Thomas