Patents by Inventor Chris I. Dalton
Chris I. Dalton has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11757717Abstract: Examples relate to verifying network elements. In one example, a computing device may: receive, from a client device, a request for attestation of a back-end network, the request including back-end configuration requirements; obtain, from a network controller that controls the back-end network, a controller configuration that specifies each network element included in the back-end network; provide each network element included in the back-end network with a request for attestation of a network element configuration of the network element; receive, from each network element, response data that specifies the network element configuration of the network element; verify that the response data received from each network element meets the back-end configuration requirements included in the request for attestation of the back-end network; and provide the client device with data verifying that the back-end network meets the back-end configuration requirements.Type: GrantFiled: November 28, 2014Date of Patent: September 12, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Adrian Shaw, Chris I. Dalton
-
Patent number: 11734430Abstract: Examples include configuration of a memory controller for copy-on-write with a resource controller. Some examples include, in response to a determination to take a snapshot of memory accessible to a first component, a resource controller configuring a memory controller to treat location IDs, mapped to initial memory locations of the accessible memory, as copy-on-write for the first component and not for a second component independent of the resource controller after the configuring.Type: GrantFiled: April 22, 2016Date of Patent: August 22, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Chris I. Dalton, Keith Mathew McAuliffe
-
Patent number: 11256589Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) code. The examples detect whether a change has occurred to the SMM code based on the monitoring of the expected functionality. The change indicates that the SMM code is compromised.Type: GrantFiled: July 5, 2019Date of Patent: February 22, 2022Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jeffrey Kevin Jeansonne, Boris Balacheff, Valiuddin Ali, Chris I. Dalton, David Plaquin
-
Patent number: 11200345Abstract: Techniques for a firewall to determine access to a portion of memory are provided. In one aspect, an access request to access a portion of memory within a pool of shared memory may be received at a firewall. The firewall may determine whether the access request to access the portion of memory is allowed. The access request may be allowed to proceed based on the determination. The operation of the firewall may not utilize address translation.Type: GrantFiled: July 29, 2015Date of Patent: December 14, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Mark Lillibridge, Paolo Faraboschi, Chris I. Dalton
-
Patent number: 10929148Abstract: Example embodiments relate to executing services in containers. The examples disclosed herein include a computing device comprising instructions to load an inner portion of an operating system kernel in an inner region of a kernel space and an outer portion of the operating system kernel in an outer region of the kernel space. The example computing device may execute a service in a container in a user space. The container may be communicatively coupled with the outer region of the operating system kernel but divided from the inner portion of the operating system kernel.Type: GrantFiled: June 8, 2016Date of Patent: February 23, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Chris I Dalton
-
Patent number: 10884953Abstract: Example implementations relate to a capability enforcement processor. In an example, a capability enforcement processor may be interposed between a memory that stores data accessible via capabilities and a system processor that executes processes. The capability enforcement processor intercepts a memory request from the system processor and enforces the memory request based on capability enforcement processor capabilities maintained in per-process capability spaces of the capability enforcement processor.Type: GrantFiled: August 31, 2017Date of Patent: January 5, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Dejan S Milojicic, Chris I Dalton, Paolo Faraboschi, Kirk M Bresniker
-
Patent number: 10715332Abstract: In an example, memory address encryption is facilitated for transactions between electronic circuits in a memory fabric. An electronic circuit may obtain a transaction integrity key and a transaction encryption key. The electronic circuit may encrypt an address using the transaction encryption key and a compute a truncated message authentication code (MAC) using the transaction integrity key.Type: GrantFiled: October 30, 2014Date of Patent: July 14, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Liqun Chen, Chris I. Dalton
-
Patent number: 10699031Abstract: In an example, transactions are secured between electronic circuits in a memory fabric. An electronic circuit may receive a transaction integrity key. The electronic circuit may compute a truncated message authentication code (MAC) using the received transaction integrity key and attach the truncated MAC to a security message header (SMH) of the transaction.Type: GrantFiled: October 30, 2014Date of Patent: June 30, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Liqun Chen, Chris I. Dalton, Fraser John Dickin, Nigel Edwards, Simon Kai-Ying Shiu
-
Patent number: 10686612Abstract: Examples set out herein provide a method comprising using first cryptographic key data specific to a computing device to verify a package of machine readable instructions to run on the computing device. The verified package may be executed to generate a random number using a true random number generator of the computing device, and to store the generated random number. Second cryptographic key data may be generated by a pseudorandom number generator of the computing device based on a seed comprising a combination of the random number as a first seed portion and a second seed portion. A portion of the second cryptographic key data may be sent to a certifying authority. The method may further comprising receiving a certification value based on the sent portion of the second cryptographic key data from the certifying authority and storing the certification value.Type: GrantFiled: July 30, 2015Date of Patent: June 16, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Liqun Chen, Fraser Dickin, Chris I. Dalton
-
Patent number: 10650169Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.Type: GrantFiled: September 14, 2015Date of Patent: May 12, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Liqun Chen, Chris I. Dalton, Fraser Dickin, Mark Lillibridge, Simon Kai Ying Shiu
-
Patent number: 10650138Abstract: Examples relate to system call policies for containers. In an example, a method includes receiving, by a container platform, a container for running an application. The container has a metadata record that specifies an application type of the application. The container platform receives a data structure that specifies a set of system call policies for a set of application types and queries the data structure to determine a policy of the set of system call policies to apply to the container based on the application type in the metadata record. A kernel implements the policy for the container to allow or deny permission for a system call by the application running in the container based on a comparison of the system call to the policy.Type: GrantFiled: January 27, 2017Date of Patent: May 12, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Michela D'Errico, Leon Frank Ehrenhart, Chris I. Dalton, Michael John Wray, Siani Pearson, Dennis Heinze
-
Patent number: 10592437Abstract: Memory blocks are associated with each memory level of a hierarchy of memory levels. Each memory block has a matching key capability (MaKC). The MaKC of a memory block governs access to the memory block, in accordance with permissions specified by the MaKC. The MaKC of a memory block can uniquely identify the memory block across the hierarchy of memory levels, and can be globally unique across the memory blocks. An MaKC of a memory block includes a block protection key (BPK) stored with the memory block, and an execution protection key (EPK). If a provided EPK for a memory block matches the memory block's BPK upon comparison, access to the memory block is allowed according to the permissions specified by the MaKC.Type: GrantFiled: July 31, 2017Date of Patent: March 17, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Dejan S. Milojicic, Paolo Faraboschi, Chris I. Dalton
-
Patent number: 10534739Abstract: A bus between a requester and a target component includes a portion dedicated to carry information indicating a privilege level, from among a plurality of privilege levels, of machine-readable instructions executed on the requester.Type: GrantFiled: October 31, 2014Date of Patent: January 14, 2020Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Maugan Villatel, David Plaquin, Chris I. Dalton
-
Patent number: 10528752Abstract: Example implementations relate to non-volatile storage of management data. In example implementations, a system is disclosed, the system including a plurality of computing devices, a management device, and a non-volatile memory including a plurality of management spaces corresponding to the plurality of computing devices. In example implementations, at least one of the plurality of management spaces is to be accessible by the management device and by the corresponding computing device, be inaccessible by computing devices other than the corresponding computing device, and store management data associated with the corresponding computing device.Type: GrantFiled: August 13, 2014Date of Patent: January 7, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Dejan S. Milojicic, Chris I. Dalton, Zhikui Wang, Chandrasekar Venkatraman, Adrian Shaw
-
Patent number: 10489354Abstract: Example embodiments relate to storage systems for containers. An example storage system may include a set of servers associated with a global namespace for containers, a plurality of storage domains connected under the global namespace, and a processor to identify a storage tree for a container image of a container, where the storage tree is mapped to a storage domain storing the container image, and to clone the container to a second container, where the second container image is stored in a second storage domain.Type: GrantFiled: July 29, 2016Date of Patent: November 26, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Nigel Edwards, Chris I Dalton, Venkataraman Kamalaksha, Kishore Kumar M
-
Publication number: 20190332510Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) code. The examples detect whether a change has occurred to the SMM code based on the monitoring of the expected functionality. The change indicates that the SMM code is compromised.Type: ApplicationFiled: July 5, 2019Publication date: October 31, 2019Inventors: Jeffrey Kevin Jeansonne, Boris Balacheff, Valiuddin Ali, Chris I. Dalton, David Plaquin
-
Patent number: 10461926Abstract: Example implementations relate to cryptographic evidence of persisted capabilities. In an example implementation, in response to a request to access a persisted capability stored in a globally shared memory, a system may decide whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability. The system may load the persisted capability upon a decision to trust the persisted capability based on successful verification.Type: GrantFiled: August 31, 2016Date of Patent: October 29, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Chris I. Dalton, Dejan S. Milojicic
-
Patent number: 10425282Abstract: A computing device having instructions that when executed by a processor may: receive, from a verifier, a request for attestation of a current network configuration of the computing device; identify network configuration rules, each network configuration rule specifying an action to be taken by the computing device in response to receiving a particular type of network traffic; generate, for each network configuration rule, a rule abstraction that represents the network configuration rule; provide data representing each rule abstraction to a trusted component; receive, from the trusted component, response data comprising i) data representing each rule abstraction, and ii) a digital signature; and provide the response data to the verifier as attestation proof of the current network configuration of the computing device.Type: GrantFiled: November 28, 2014Date of Patent: September 24, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Adrian Shaw, Chris I. Dalton
-
Patent number: 10387651Abstract: Examples herein disclose monitoring an expected functionality upon execution of a system management mode (SMM) BIOS code. The examples detect whether a change has occurred to the SMM BIOS code based on the monitoring of the expected functionality. The change indicates that the SMM BIOS code is compromised.Type: GrantFiled: September 23, 2014Date of Patent: August 20, 2019Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jeffrey Kevin Jeansonne, Boris Balacheff, Valiuddin Ali, Chris I Dalton, David Plaquin
-
Patent number: 10372897Abstract: Example implementations relate to encrypted capabilities stored in global memory. For example, in an implementation, a capability protection system may store an encrypted capability into global memory, where the encrypted capability is encrypted based on a condition. The capability protection system may receive, from a node in communication with the global memory, a request to access the encrypted capability stored in the global memory. The capability protection system may provide to the node a decrypted form of the encrypted capability upon satisfaction of the condition by the node.Type: GrantFiled: October 20, 2016Date of Patent: August 6, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Chris I. Dalton, Dejan S. Milojicic