Patents by Inventor Luis E. Luciani
Luis E. Luciani has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240005021Abstract: Example implementations relate a system and method for storing configuration files of a host computing device in a secure storage of a Baseboard Management Controller (BMC). The secure storage includes configuration files associated with the host computing device. The BMC is communicatively connected to the host computing device using a communication link. The secure storage is emulated as a storage device to the host computing device. The BMC monitors the secure storage to detect changes in the configuration files. When there is a change in a configuration file, the BMC performs a security action in the host computing device.Type: ApplicationFiled: September 15, 2023Publication date: January 4, 2024Inventor: Luis E. Luciani, JR.
-
Publication number: 20230246827Abstract: A management controller of a computer platform, determines whether an ownership history of management firmware for the management controller represents multiple owners. The management controller includes a set of one-time programmable elements that represent a first secret. The management controller manages use of the first secret based on the ownership history. The management includes, responsive to determining, by the management controller, that the ownership history represents multiple owners, generating, by the management controller, a second secret to replace the first secret. The management further includes, responsive to determining, by the management controller, that the ownership history represents multiple owners, storing, by the management controller, the second secret in a non-volatile memory and generating, by the management controller, cryptographic keys based on the second secret.Type: ApplicationFiled: January 31, 2022Publication date: August 3, 2023Inventors: Luis E. Luciani, JR., Douglas R. Hascall, Michael R. Garrett
-
Publication number: 20230134324Abstract: An apparatus includes a host and a baseboard management controller. The baseboard management controller includes a semiconductor package; and the semiconductor package includes a memory, a security hardware processor; and a main hardware processor. The main hardware processor causes the baseboard management controller to serve as an agent that, independently from the host, responds to communications with a remote management entity to manage the host. The security hardware processor manages the storage of a secret of the host in the memory.Type: ApplicationFiled: October 28, 2021Publication date: May 4, 2023Inventors: Theodore F. Emerson, Shiva R. Dasari, Luis E. Luciani, JR., Kevin E. Boyum, Naysen J. Robertson, Robert L. Noonan, Christopher M. Wesneski, David F. Heinrich
-
Publication number: 20230135502Abstract: Examples described herein relate to configuring access to management interface of a storage system. Examples may obtain network adapter information of the host devices coupled to the storage system using credentials of a management controller of the host devices. Examples may create an allow-list or deny-list containing the network adapter information of the host devices. Examples may allow or deny connections to the management interface from the host devices based on the allow-list or deny-list. Examples may allow dynamic updating of the allow-list and deny-list based on a change in a network adapter of the host device.Type: ApplicationFiled: November 1, 2021Publication date: May 4, 2023Inventors: Christopher HILLIER, Curtis C. BALLARD, Luis E. Luciani, JR.
-
Publication number: 20230106491Abstract: Examples disclosed herein relate to security dominion of a computing device. A management controller of the computing device can access a physical owner token pertaining to a physical owner of the computing device. The management controller can access a security dominion owner token pertaining to a security dominion owner of the computing device. The security dominion owner token tracks accountability for a security feature of the computing device. A security dominion owner associated with the security dominion owner token is initially set to a first entity.Type: ApplicationFiled: October 6, 2021Publication date: April 6, 2023Inventor: Luis E. LUCIANI, JR.
-
Patent number: 11580225Abstract: Examples disclosed herein relate to a computing device that includes a central processing unit, a management controller separate from the central processing unit, and a security co-processor. The management controller is powered using an auxiliary power rail that provides power to the management controller while the computing device is in an auxiliary power state. The security co-processor includes device unique data. The management controller receives the device unique data and stores a representation at a secure location. At a later time, the management controller receives endorsement information from an expected location of the security co-processor. The management controller determines whether to perform an action on the computing device based on an analysis of the endorsement information and the stored representation of the device unique data.Type: GrantFiled: January 29, 2020Date of Patent: February 14, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Luis E. Luciani, Jr., Darrell R. Haskell
-
Patent number: 11522723Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.Type: GrantFiled: March 1, 2021Date of Patent: December 6, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Nigel John Edwards, Luis E. Luciani, Jr.
-
Publication number: 20220342978Abstract: A method for assembling a computing device including initiating a board management controller of the computing device, the board management controller having at least one fuse, forming data to control a video display operatively connected to the computing device to show an image of a watermark, and modifying the computing device. The method also includes blowing the at least one fuse in response to modifying the computing device and adjusting the watermark in response to blowing the at least one fuse.Type: ApplicationFiled: July 6, 2022Publication date: October 27, 2022Inventors: Theodore F. Emerson, Luis E. Luciani, JR., Kevin E. Boyum, Christopher M. Wesneski
-
Publication number: 20220278855Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.Type: ApplicationFiled: March 1, 2021Publication date: September 1, 2022Inventors: Ludovic Emmanuel Paul Noel JACQUIN, Nigel John EDWARDS, Luis E. LUCIANI, JR.
-
Patent number: 11409859Abstract: A method for assembling a computing device including initiating a board management controller of the computing device, the board management controller having at least one fuse, forming data to control a video display operatively connected to the computing device to show an image of a watermark, and modifying the computing device. The method also includes blowing the at least one fuse in response to modifying the computing device and adjusting the watermark in response to blowing the at least one fuse.Type: GrantFiled: August 21, 2019Date of Patent: August 9, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Theodore F. Emerson, Luis E. Luciani, Jr., Kevin E. Boyum, Christopher M. Wesneski
-
Patent number: 11409858Abstract: In some examples, a scanner that is to verify a device includes a scanner input/output (I/O) interface to physically and communicatively connect to a device I/O interface of the device. The scanner includes a processor to send an input through the scanner I/O interface to the device, receive, at the scanner I/O interface, an output responsive to the input from the device, the output comprising a cryptographic value based on a cryptographic operation applied on data of the input, and determine whether the device is an authorized device based on the received output.Type: GrantFiled: May 13, 2019Date of Patent: August 9, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Luis E. Luciani, Jr., Sze Hau Loh
-
Publication number: 20210342169Abstract: A technique includes a baseboard management controller receiving, from a requestor, a request for a security function to be performed, where the request is directed to a physical security device other than the baseboard management controller. The technique includes, the baseboard management controller responding to the request to emulate a response to the security device to the request.Type: ApplicationFiled: April 29, 2020Publication date: November 4, 2021Inventors: David F. Heinrich, Luis E. Luciani, JR., Theodore F. Emerson, Sze Hau Loh
-
Patent number: 10956575Abstract: Examples disclosed herein relate to determining malware using firmware of a computing device. Firmware can be used to determine that an indication is present that malware is present on the computing device. The firmware can be executed to perform a security action in response to the indication that malware is present on the computing device.Type: GrantFiled: November 20, 2017Date of Patent: March 23, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: John Scott Harsany, Suhas Shivanna, Luis E Luciani, Jr.
-
Patent number: 10866852Abstract: In some examples, a system for determining whether an operating system fault has occurred includes data storage and a processing system. The data storage may store image data indicative of a computing system display output. The processing system may access the stored image data. The processing system may determine that the computing system display output corresponds to a fault display output associated with a fault state of an operating system, which determination may include the processing system determining an extent of similarity between the accessed image data and a reference image associated with the fault display output. The processing system may generate a fault indication responsive to determining that the computing system display output corresponds to the fault display output.Type: GrantFiled: September 18, 2015Date of Patent: December 15, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Erik Levon Young, Luis E. Luciani, Jr.
-
Patent number: 10740468Abstract: An example computing system in accordance with an aspect of the present disclosure includes a first controller and a second controller. The first controller is to verify integrity of a first root of trust (ROT), and generate an integrity signal indicating the results. The second controller is to verify integrity of a second ROT, write the firmware image to the first controller, and verify integrity of the written firmware image.Type: GrantFiled: September 25, 2017Date of Patent: August 11, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Suhas Shivanna, Patrick L Gibbons, Shiva R Dasari, Luis E Luciani, Jr., Kevin G Depew
-
Patent number: 10318459Abstract: Example implementations relate to a server including a platform controller hub (PCH), where the PCH includes a peripheral device manager, a management processor coupled to the peripheral device manager, and a peripheral device interface to couple with a peripheral device and provide out of band access of the peripheral device via the management processor and peripheral device manager to a memory of the server.Type: GrantFiled: April 30, 2015Date of Patent: June 11, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Suhas Shivanna, Luis E. Luciani, Jr., Mohammed Saleem, Andrew Brown
-
Publication number: 20190156039Abstract: Examples disclosed herein relate to determining malware using firmware of a computing device. Firmware can be used to determine that an indication is present that malware is present on the computing device. The firmware can be executed to perform a security action in response to the indication that malware is present on the computing device.Type: ApplicationFiled: November 20, 2017Publication date: May 23, 2019Inventors: John Scott HARSANY, Suhas Shivanna, Luis E LUCIANI, JR.
-
Publication number: 20180210774Abstract: In some examples, a system for determining whether an operating system fault has occurred includes data storage and a processing system. The data storage may store image data indicative of a computing system display output. The processing system may access the stored image data. The processing system may determine that the computing system display output corresponds to a fault display output associated with a fault state of an operating system, which determination may include the processing system determining an extent of similarity between the accessed image data and a reference image associated with the fault display output. The processing system may generate a fault indication responsive to determining that the computing system display output corresponds to the fault display output.Type: ApplicationFiled: September 18, 2015Publication date: July 26, 2018Inventors: Erik Levon Young, Luis E. Luciani, JR.
-
Publication number: 20180096154Abstract: An example computing system in accordance with an aspect of the present disclosure includes a first controller and a second controller. The first controller is to verify integrity of a first root of trust (ROT), and generate an integrity signal indicating the results. The second controller is to verify integrity of a second ROT, write the firmware image to the first controller, and verify integrity of the written firmware image.Type: ApplicationFiled: September 25, 2017Publication date: April 5, 2018Inventors: Suhas SHIVANNA, Patrick L GIBBONS, Shiva R DASARI, Luis E LUCIANI, JR., Kevin G DEPEW
-
Publication number: 20170212856Abstract: Example implementations relate to a server including a platform controller hub (PCH), where the PCH includes a peripheral device manager, a management processor coupled to the peripheral device manager, and a peripheral device interface to couple with a peripheral device and provide out of band access of the peripheral device via the management processor and peripheral device manager to a memory of the server.Type: ApplicationFiled: April 30, 2015Publication date: July 27, 2017Inventors: Suhas Shivanna, Luis E. Luciani, JR., Mohammed Saleem, Andrew Brown