Patents by Inventor David Plaquin
David Plaquin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11288405Abstract: An IC comprising functional circuit to perform primary functions of the IC is provided. The functional circuit is to enable electrical signals to propagate through it within a timing constraint of the functional circuit. The IC comprises at least one canary circuit used for detecting glitch attacks on the circuit. Electrical signals are to propagate through the canary circuit(s) within a defined timing constraint of the canary circuit(s). The canary circuit is to provide a signal path designed such that in the event of a timing constraint of the functional circuit(s) is violated due to a glitch attack, also the timing constraint of the canary circuit(s) is violated.Type: GrantFiled: October 25, 2018Date of Patent: March 29, 2022Assignee: Hewlett-Packard Development Company, L.P.Inventors: Pierre Belgarric, David Plaquin, Eugene Cohen, Chris R. Gunning
-
Patent number: 11256589Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) code. The examples detect whether a change has occurred to the SMM code based on the monitoring of the expected functionality. The change indicates that the SMM code is compromised.Type: GrantFiled: July 5, 2019Date of Patent: February 22, 2022Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jeffrey Kevin Jeansonne, Boris Balacheff, Valiuddin Ali, Chris I. Dalton, David Plaquin
-
Publication number: 20210406378Abstract: An example system with a pre-OS (Operating System) environment, the pre-OS environment includes a private memory that is isolated from a processor of the system. The pre-OS environment also includes an embedded controller (EC) coupled to the private memory, where the EC includes an embedded key. The EC is to execute instructions to generate an encryption key based on the embedded key; generate a signature key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, where the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in the private memory; and store the integrity-verification tag in the private memory in association with the stored encrypted data.Type: ApplicationFiled: January 29, 2018Publication date: December 30, 2021Inventors: Jeffrey Kevin Jeansonne, Rosilet Retnamoni Braduke, Joshua Serratelli Schiffman, David Plaquin
-
Publication number: 20210382991Abstract: The disclosure relates to a data processing apparatus. The data processing apparatus may comprise a memory storing a candidate service level response to an intrusion to an operating system having a plurality of operating system services. The data processing apparatus may comprise processing circuitry coupled to the memory. The data processing apparatus may comprise an output coupled to the processing circuitry. It may be that the processing circuitry is to, depending on an alert indicative of the intrusion: select from the memory, for an operating system service of the said plurality of operating systems, the said operating system service being related to the alert, the candidate service level response to the intrusion; and provide a signal to the output depending on the candidate service level response selected in respect of the said operating system service.Type: ApplicationFiled: September 27, 2019Publication date: December 9, 2021Applicant: Hewlett-Packard Development Company, L.P.Inventors: Ronny Chevalier, David Plaquin, Christopher Ian Dalton, Guillaume Hiet
-
Publication number: 20210357220Abstract: Examples include an example computing system comprising a first storage to store executable code, wherein the executable code comprises a plurality of instructions, a second storage to store a first parameter of the executable code, a processing unit to execute each of the instructions of the code, and a monitoring component to, upon execution of each of the instructions of the code by the processing unit, update a second parameter of the code based on that instruction, wherein the monitoring component is to compare the first parameter and the second parameter, and to control execution of further executable code by the processing unit based on the comparison.Type: ApplicationFiled: July 31, 2018Publication date: November 18, 2021Inventors: Pierre Belgarric, Christopher l. Dalton, David Plaquin, Maugan Villatel, Joshua Serratelli Schiffman
-
Publication number: 20210334410Abstract: An example computing system is disclosed comprising storage to store a plurality of security policies for respective applications and storing, for each security policy, a respective security policy digest representing the security policy, a secure hardware component to store a digest of the security policy digests, and a processor to execute a software component to update the respective security policy digest of a first security policy of the plurality of security policies in response to an update to the first security policy, and to cause the secure hardware component to store an updated digest of the security policy digests.Type: ApplicationFiled: May 2, 2018Publication date: October 28, 2021Inventors: Ijlal Loutfi, David Plaquin
-
Publication number: 20210326443Abstract: An example method is disclosed, for example a method of executing a software module in a computing system, the method comprising executing, in a first processing device of the computing system, a first software module to verify a second software module and to cause a second processing device of the computing system to execute the second software module, executing, in the second processing device, the second software module to execute, in the second processing device, a third software module and to provide a first key of a key pair to the third software module, and protecting, by the second processing device, a memory space associated with the third software module, wherein the memory space contains the first key of the key pair, wherein the first processing device contains a second key of the key pair.Type: ApplicationFiled: May 2, 2018Publication date: October 21, 2021Inventors: David Plaquin, Ijlal Loutfi
-
Publication number: 20210312092Abstract: An IC comprising functional circuit to perform primary functions of the IC is provided. The functional circuit is to enable electrical signals to propagate through it within a timing constraint of the functional circuit. The IC comprises at least one canary circuit used for detecting glitch attacks on the circuit. Electrical signals are to propagate through the canary circuit(s) within a defined timing constraint of the canary circuit(s). The canary circuit is to provide a signal path designed such that in the event of a timing constraint of the functional circuit(s) is violated due to a glitch attack, also the timing constraint of the canary circuit(s) is violated.Type: ApplicationFiled: October 25, 2018Publication date: October 7, 2021Applicant: Hewlett-Packard Development Company, L.P.Inventors: Pierre Belgarric, David Plaquin, Eugene Cohen, Chris R. Gunning
-
Patent number: 11086797Abstract: A method for restricting write access to a non-volatile memory. The method includes receiving a request to write to a protected location in the non-volatile memory and determining whether the protected location is in a write-protected state. If the protected location is not in a write-protected state, the method includes writing data indicated by the request to the protected location. If the protected location is in a write-protected state, the method includes rejecting the request. The protected location stores a validation key to validate the contents of another portion of the non-volatile memory.Type: GrantFiled: October 31, 2014Date of Patent: August 10, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Gregg B. Lesartre, Joseph E. Foster, David Plaquin, James M. Mann
-
Publication number: 20210209205Abstract: A method for regulating access to a system BIOS comprises generating an access token for a user providing selected BIOS access privileges according to a system policy for the user.Type: ApplicationFiled: October 30, 2017Publication date: July 8, 2021Applicant: Hewlett-Packard Development Company, L.P.Inventors: Adrian Baldwin, Stuart Lees, David Plaquin
-
Publication number: 20210192055Abstract: A method is provided, comprising actively testing the access control policy of a software target using a probing logic. The method further comprises determining whether an intrusion in the software target has occurred based on monitored side effects. According to the method, the probing logic is to execute at least one operation that is forbidden by the access control policy. The probing logic is further to create at least one predetermined observable side effect based on the successful execution of the operation.Type: ApplicationFiled: August 6, 2019Publication date: June 24, 2021Applicant: Hewlett-Packard Development Company, L.P.Inventors: David PLAQUIN, Christopher Ian DALTON, Ronny CHEVALIER
-
Publication number: 20210182393Abstract: A method for monitoring control-flow integrity in a low-level execution environment, the method comprising receiving, at a monitor, a message from the execution environment indicating that the execution environment has entered a controlled mode of operation, receiving, at the monitor, a data packet representing execution of a selected portion of a control-flow process at the execution environment, identifying, using the data packet, a pathway corresponding to the selected portion of the control-flow process from a set of permissible control-flow pathways and determining whether the identified pathway corresponds to an expected control-flow behaviour.Type: ApplicationFiled: June 6, 2018Publication date: June 17, 2021Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Ronny Chevalier, Guillaume HIET, Maugan VILLATEL, David Plaquin
-
Publication number: 20210182434Abstract: In an example, there is provided a method for attesting to a management state of a device platform configuration, based on a signed data structure that represents a device management status and a time-based value from a secure cryptoprocessor of the device. The signed data structure is sent to a management system for validation based on a comparison to the state of the cryptoprocessor at the time of signing the data structure.Type: ApplicationFiled: March 12, 2018Publication date: June 17, 2021Inventors: ADRIAN BALDWIN, JAMES ROBERT WALDRON, DAVID PLAQUIN
-
Publication number: 20210157918Abstract: In an example there is provided a method for receiving notification of an intrusion event in relation to an application from an intrusion detection system, accessing state data in relation to a state of the application prior to the intrusion event, the state data having been stored on the basis of a change of state of the application, accessing a policy to be applied to the state data in response to the intrusion event, modifying the state data on the basis of the policy, and restoring the application on the basis of the modified state data.Type: ApplicationFiled: July 30, 2019Publication date: May 27, 2021Applicant: Hewlett-Packard Development Company, L.P.Inventors: Ronny Chevalier, David Plaquin
-
Patent number: 10896085Abstract: In an example there is provided a method of applying a mitigation action to a computing system. The method comprises receiving notification of an intrusion event on a computing system. The notification identifies one or more of data, and a process affected by the intrusion event. The method comprises accessing state data corresponding to a state of the computing system prior to the intrusion event, accessing a policy specifying one or more mitigation actions to be applied to the one or more of data, and a process in response to an intrusion event, restoring the one or more of data, and the process on the basis of the state data, and applying a mitigation action according to the policy.Type: GrantFiled: May 8, 2018Date of Patent: January 19, 2021Assignee: Hewlett-Packard Development Company, L.P.Inventors: Ronny Chevalier, David Plaquin, Guillaume Hiet, Adrian Baldwin
-
Patent number: 10867045Abstract: Examples herein disclose a processor-based computing system. The system comprises at least one processor, a non-volatile memory comprising a basic input output system (BIOS), wherein the BIOS creates a data structure and sets up at least one verification software component executed by the processor, a controller communicatively linked to the at least one verification software component, and a memory comprising a system management memory coupled to the at least one processor and code which is executable by the processor-based system to cause the processor to validate the BIOS during a runtime of the processor-based system using the at least one verification software component and the controller.Type: GrantFiled: September 30, 2015Date of Patent: December 15, 2020Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jeffrey Kevin Jeansonne, Vali Ali, David Plaquin, Maugan Villatel
-
Publication number: 20200371909Abstract: An apparatus includes a solid-state a solid-state non-volatile computer memory; and a controller coupled to the memory. The controller to: generate a data set including a tag that indicates that the data set is valid; write the data set into a block of the memory, wherein the block includes multiple addressable locations set to a common first binary value before the write; generate a subsequent data set including a tag that indicates that the subsequent data set is valid; update the tag of the written data set to indicate that the written data set is invalid, wherein the update includes setting an addressable location corresponding to the tag to second binary value different from the first binary value; write the subsequent data set to addressable locations in the block of memory other than the addressable locations of the invalid data set.Type: ApplicationFiled: January 29, 2018Publication date: November 26, 2020Inventors: JEFFREY KEVIN JEANSONNE, ROSILET RETNAMONI BRADUKE, DAVID PLAQUIN, JOSHUA SERRATELLI SCHIFFMAN
-
Publication number: 20200334343Abstract: A method for monitoring access to a user account comprises receiving a user account login status from a target service in response to a user login request, comparing the user account login status with an expected status value at a user apparatus, and on the basis of the comparison, performing at least one of: synchronising the status value at the user apparatus with the user account login status from the target service, and executing a user login update process at the user apparatus.Type: ApplicationFiled: October 30, 2017Publication date: October 22, 2020Applicant: Hewlett-Packard Development Company, L.P.Inventors: Gurchetan GREWAL, David PLAQUIN
-
Patent number: 10803176Abstract: Examples associated with basic input/output system (BiOS) security are described. One example includes detecting a mismatch between an active BiOS setting and a saved BIOS setting. An update previously applied to the active BiOS setting is validated. The update Is applied to the saved BIOS setting creating an updated BIOS setting. The saved BIOS setting is updated when the updated BIOS setting and the active BIOS setting match. The saved BIOS setting is updated to the active BIOS setting. A security action is taken when the updated BiOS setting and the active BiOS setting differ.Type: GrantFiled: October 21, 2016Date of Patent: October 13, 2020Assignee: Hewlett-Packard Development Company, L.P.Inventors: Maugan Villatel, Boris Balacheff, David Plaquin, Vali Ali, Jeffrey Kevin Jeansonne
-
Patent number: 10747873Abstract: In one example, a system for a system management mode (SMM) privilege architecture includes a computing device comprising: a first portion of SMM instructions to set up a number of resources and implement a privilege architecture for the SMM of a computing device and a second portion of SMM instructions to execute a number of functions during the SMM of the computing device, wherein the privilege architecture assigns the first portion of SMM instructions to a first privilege level and assigns the second portion of SMM instructions to a second privilege level.Type: GrantFiled: January 26, 2016Date of Patent: August 18, 2020Assignee: Hewlett-Packard Development Company, L.P.Inventors: Richard A. Bramley, Jr., David Plaquin, Maugan Villatel, Jeffrey K. Jeansonne