Patents by Inventor Anahit Tarkhanyan
Anahit Tarkhanyan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11977962Abstract: Embodiments are directed to immutable watermarking for authenticating and verifying artificial intelligence (AI)-generated output. An embodiment of a system includes a processor of a monitoring system, wherein the processor is to: receive first content from an edge device and second content from an adversary system, wherein the first content comprises output of a machine learning (ML) model as applied to captured content at the edge device; receive a digital signature corresponding to the first content; process the digital signature to extract a global unique identifier (GUID) of the ML model that generated the first content; verify the extracted GUID against data obtained from a shared registry; in response to successfully verifying the extracted GUID, provide the first content for consumption at a monitoring consumption application; and in response to determining that the second content is not associated with a verifiable GUID, refuse the second content at the monitoring consumption application.Type: GrantFiled: November 16, 2022Date of Patent: May 7, 2024Assignee: INTEL CORPORATIONInventors: Ria Cheruvu, Anahit Tarkhanyan
-
Publication number: 20240022609Abstract: Various systems and methods are described for implementing cloud-to-edge (C2E) security are disclosed, including systems and methods for the execution of various workloads that are distributed among multiple edge computing nodes. An example technique for managing distributed workloads includes: identifying characteristics of a distributed workload from an execution of the distributed workload, for a distributed workload that is partitioned among multiple computing nodes; evaluating a trust status of the distributed workload in response to a change in the execution of the distributed workload, including verifying resources to execute the distributed workload and verifying security policies associated with the resources; and controlling the execution of the distributed workload among the multiple computing nodes, based on the characteristics and the evaluated trust status.Type: ApplicationFiled: September 26, 2023Publication date: January 18, 2024Inventors: Ned M. Smith, Kshitij Arun Doshi, Sunil Cheruvu, Malini Bhandaru, Anahit Tarkhanyan, Mats Gustav Agerstam, Bruno Vavala, Vidya Ranganathan
-
Publication number: 20230342478Abstract: Various systems and methods are described for implementing attestation operations. A computing device includes a processor; and memory to store instructions, which when executed by the processor, cause the computing device to: receive a workload from a source computing device over a network shared with the computing device; determine whether the workload has valid attestation; establish attestation for the workload when the workload does not have valid attestation; determine whether the attestation is compliant with a policy; and execute the workload when the attestation is compliant with the policy.Type: ApplicationFiled: June 30, 2023Publication date: October 26, 2023Inventors: Vidya Ranganathan, Sunil Cheruvu, Anahit Tarkhanyan
-
Publication number: 20230079112Abstract: Embodiments are directed to immutable watermarking for authenticating and verifying artificial intelligence (AI)-generated output. An embodiment of a system includes a processor of a monitoring system, wherein the processor is to: receive first content from an edge device and second content from an adversary system, wherein the first content comprises output of a machine learning (ML) model as applied to captured content at the edge device; receive a digital signature corresponding to the first content; process the digital signature to extract a global unique identifier (GUID) of the ML model that generated the first content; verify the extracted GUID against data obtained from a shared registry; in response to successfully verifying the extracted GUID, provide the first content for consumption at a monitoring consumption application; and in response to determining that the second content is not associated with a verifiable GUID, refuse the second content at the monitoring consumption application.Type: ApplicationFiled: November 16, 2022Publication date: March 16, 2023Applicant: Intel CorporationInventors: Ria Cheruvu, Anahit Tarkhanyan
-
Patent number: 11514365Abstract: Embodiments are directed to immutable watermarking for authenticating and verifying artificial intelligence (AI)-generated output. An embodiment of a system includes a hardware accelerator to perform processing related to a machine learning (ML) model and one or more processors including a hash generator. In one implementation, the hash generator is to identify a global unique identifier (GUID) for the ML model, generate a digital signature for content generated by an inference stage of the ML model, the digital signature based on at least the GUID of the ML model and the content generated by the ML model, and transmit the content and the digital signature to a content consumer platform.Type: GrantFiled: June 15, 2020Date of Patent: November 29, 2022Assignee: INTEL CORPORATIONInventors: Ria Cheruvu, Anahit Tarkhanyan
-
Publication number: 20220141201Abstract: One or more machine readable storage media, an apparatus, and a method. The apparatus provides a mechanism to implement a trusted telemetry governor (TTG) inside a trusted execution environment. The TTG is to determine a security policy to be applied to telemetry data corresponding to component of a computing infrastructure, receive the telemetry data in encrypted format and, based on the security policy: process the telemetry data including at least one of generating transformed telemetry data or analyzing the telemetry data to generate a report therefrom, and generating telemetry information from the telemetry data. The telemetry information includes at least one of processed telemetry data, a report, or a recommendation based on an analysis of the telemetry data. The TTG is to send the telemetry information outside of the trusted execution environment to a consumer of the telemetry data.Type: ApplicationFiled: December 7, 2021Publication date: May 5, 2022Applicant: Intel CorporationInventors: Reshma Lal, Anahit Tarkhanyan, Jianping Xu, Christine E. Severns-Williams
-
Publication number: 20220094690Abstract: A system includes an orchestrator to receive a first request for resources for a workload of a tenant and to select a first node cluster in a first compute domain to be provisioned for the workload. The system also includes a first security manager to run in a trusted execution environment of one or more processors to receive attestation results for a second node cluster from a second security manager in a second compute domain, and to establish the first node cluster and the second node cluster as a trusted group of node clusters for the workload based, at least in part, on determining that a first compute node in the first node cluster meets one or more security requirements of a workload execution policy associated with the workload and that the attestation results indicate that a second compute node in the second node cluster meets the one or more security requirements.Type: ApplicationFiled: December 2, 2021Publication date: March 24, 2022Applicant: Intel CorporationInventors: Anahit Tarkhanyan, Reshma Lal, Jianping Xu, Christine E. Severns-Williams
-
Publication number: 20210390447Abstract: Embodiments are directed to immutable watermarking for authenticating and verifying artificial intelligence (AI)-generated output. An embodiment of a system includes a hardware accelerator to perform processing related to a machine learning (ML) model and one or more processors including a hash generator. In one implementation, the hash generator is to identify a global unique identifier (GUID) for the ML model, generate a digital signature for content generated by an inference stage of the ML model, the digital signature based on at least the GUID of the ML model and the content generated by the ML model, and transmit the content and the digital signature to a content consumer platform.Type: ApplicationFiled: June 15, 2020Publication date: December 16, 2021Applicant: Intel CorporationInventors: Ria Cheruvu, Anahit Tarkhanyan
-
Publication number: 20210117578Abstract: Methods, apparatus, systems, and articles of manufacture to protect proprietary functionality and/or other content in hardware and software are disclosed. An example computer apparatus includes; a first circuit including a first interface, the first circuit associated with a first domain; a second circuit including a second interface, the second circuit associated with a second domain; and a chip manager to generate a first authenticated interface for the first interface using a first token and to generate a second authenticated interface for the second interface using a second token to enable communication between the first authenticated interface and the second authenticated interface.Type: ApplicationFiled: December 23, 2020Publication date: April 22, 2021Inventors: Sunil Cheruvu, Ria Cheruvu, Kshitij Doshi, Francesc Guim Bernat, Ned Smith, Anahit Tarkhanyan
-
Publication number: 20210107151Abstract: A device including a processor configured to detect an environment of an automated machine, wherein the environment comprises one or more further automated machines; determine an action taken by the one or more further automated machines; determine an action expected of the one or more further automated machines; compares the taken action with the expected action; determine an accuracy score associated with the one or more further automated machines based on the comparison.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Inventors: Rita H. WOUHAYBI, Anahit TARKHANYAN, Vinayak HONKOTE, Rajesh POORNACHANDRAN, Francesc GUIM BERNAT
-
Publication number: 20210107153Abstract: According to various aspects, controller for an automated machine may include: a processor configured to: compare information about a function of the automated machine with information of a set of tasks available to a plurality of automated machines; negotiate, with the other automated machines of the plurality of automated machines and based on a result of the comparison, which task of the set of tasks is allocated to the automated machine.Type: ApplicationFiled: December 22, 2020Publication date: April 15, 2021Inventors: Rajesh Poornachandran, Omesh Tickoo, Anahit Tarkhanyan, Vinayak Honkote, Stanley Mo
-
Patent number: 8745383Abstract: Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.Type: GrantFiled: August 7, 2009Date of Patent: June 3, 2014Assignee: Absolute Software CorporationInventors: Anahit Tarkhanyan, Ravi Gupta, Gaurav Banga
-
Patent number: 8556991Abstract: Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client.Type: GrantFiled: November 5, 2009Date of Patent: October 15, 2013Assignee: Absolute Software CorporationInventors: Anahit Tarkhanyan, Ravi Gupta
-
Patent number: 8510825Abstract: Techniques for securing a client. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules that execute in the BIOS of the client. The policy data describes one or more policies which the client should follow. When an operating system agent detects that a condition, specified by a particular policy of the one or more policies, has been met, the operating system agent performs one or more actions specified by the particular policy, such as disabling the client, retrieving a file from the client, erasing a file from the client, or encrypting a file on the client. The operating system agent is one or more software modules that execute in the operating system of the client.Type: GrantFiled: August 7, 2009Date of Patent: August 13, 2013Assignee: Absolute Software CorporationInventors: Anahit Tarkhanyan, Ravi Gupta, Gaurav Banga
-
Patent number: 8346234Abstract: An electronic device, for example, a laptop computer includes a processor, a transceiver module, for example, a Bluetooth module and a memory. The memory includes a platform proximity agent, which may be implemented as a series of instructions, which when executed by the processor, causes the processor to receive a Bluetooth signal from a corresponding provisioned Bluetooth device, for example, a cellular telephone. Next, determine whether the received signal exceeds both a strength threshold level and a predetermined time threshold level, where the signal strength and time threshold levels are established when the laptop and a corresponding cell phone are paired during a provisioning process. When the received signal strength and duration both exceed the corresponding policy based thresholds, the laptop enters (or remains in) a full power state with full access to the monitor and the platform.Type: GrantFiled: January 21, 2009Date of Patent: January 1, 2013Assignee: Absolute Software CorporationInventors: Gaurav Banga, Ravi Gupta, Anahit Tarkhanyan
-
Patent number: 8332953Abstract: Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.Type: GrantFiled: August 7, 2009Date of Patent: December 11, 2012Assignee: Absolute Software CorporationInventors: Jacques Lemieux, Anahit Tarkhanyan, Ravi Gupta, Gaurav Banga
-
Publication number: 20100120406Abstract: An electronic device, for example, a laptop computer includes a processor, a transceiver module, for example, a Bluetooth module and a memory. The memory includes a platform proximity agent, which may be implemented as a series of instructions, which when executed by the processor, causes the processor to receive a Bluetooth signal from a corresponding provisioned Bluetooth device, for example, a cellular telephone. Next, determine whether the received signal exceeds both a strength threshold level and a predetermined time threshold level, where the signal strength and time threshold levels are established when the laptop and a corresponding cell phone are paired during a provisioning process. When the received signal strength and duration both exceed the corresponding policy based thresholds, the laptop enters (or remains in) a full power state with full access to the monitor and the platform.Type: ApplicationFiled: January 21, 2009Publication date: May 13, 2010Inventors: Gaurav Banga, Ravi Gupta, Anahit Tarkhanyan
-
Publication number: 20100050244Abstract: Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client.Type: ApplicationFiled: November 5, 2009Publication date: February 25, 2010Inventors: Anahit Tarkhanyan, Ravi Gupta
-
Publication number: 20100037323Abstract: Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.Type: ApplicationFiled: August 7, 2009Publication date: February 11, 2010Inventors: Jacques Lemieux, Anahit Tarkhanyan, Ravi Gupta, Gaurav Banga
-
Publication number: 20100037291Abstract: Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.Type: ApplicationFiled: August 7, 2009Publication date: February 11, 2010Inventors: Anahit Tarkhanyan, Ravi Gupta, Gaurav Banga