Patents by Inventor Hormuzd Khosravi

Hormuzd Khosravi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190147192
    Abstract: A method of creating a trusted execution domain includes initializing, by a processing device executing a trust domain resource manager (TDRM), a trust domain control structure (TDCS) and a trust domain protected memory (TDPM) associated with a trust domain (TD). The method further includes generating a one-time cryptographic key, assigning the one-time cryptographic key to an available host key id (HKID) in a multi-key total memory encryption (MK-TME) engine, and storing the HKID in the TDCS. The method further includes associating a logical processor to the TD, adding a memory page from an address space of the logical processor to the TDPM, and transferring execution control to the logical processor to execute the TD.
    Type: Application
    Filed: December 20, 2018
    Publication date: May 16, 2019
    Inventors: Hormuzd Khosravi, Dror Caspi, Arie Aharon
  • Patent number: 9497171
    Abstract: A method, device, and system for sharing media content with a sink device includes performing a cryptographic key exchange with the sink device and generating an authorization key in a security engine of a system-on-a-chip (SOC) of a source device. The method may also include generating an exchange key as a function of the authorization key and a packet key as a function of the exchange key. Such key generation occurs in the security engine of the SOC, and the keys are stored in a secure memory of the security engine.
    Type: Grant
    Filed: December 15, 2011
    Date of Patent: November 15, 2016
    Assignee: Intel Corporation
    Inventors: Hormuzd Khosravi, Sachin Agrawal, Anirudh Venkataramanan
  • Patent number: 9436819
    Abstract: In an embodiment, an apparatus comprises a secure storage to store an entry having an identifier of a device to be paired with the apparatus and a master key shared between the apparatus and the device, and a connection logic to enable the apparatus to be securely connected to the device according to a connection protocol in which the device is authenticated based on the identifier received from the device and the master key. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 23, 2014
    Date of Patent: September 6, 2016
    Assignee: Intel Corporation
    Inventors: Avi Priev, Avishay Sharaga, Hormuzd Khosravi
  • Publication number: 20160085960
    Abstract: In an embodiment, an apparatus comprises a secure storage to store an entry having an identifier of a device to be paired with the apparatus and a master key shared between the apparatus and the device, and a connection logic to enable the apparatus to be securely connected to the device according to a connection protocol in which the device is authenticated based on the identifier received from the device and the master key. Other embodiments are described and claimed.
    Type: Application
    Filed: September 23, 2014
    Publication date: March 24, 2016
    Inventors: Avi Priev, Avishay Sharaga, Hormuzd Khosravi
  • Patent number: 9239915
    Abstract: In network access controlled networks, it is desirable to prevent access to the network by any non-authenticated entities. Access control may be established through a trusted agent that, in some embodiments, may be implemented with a management co-processor. In some cases, active management technology may establish a connection while a host is inactive. Then, after the host becomes active, the host can attempt to use the management co-processor connection without obtaining the necessary authentications. This may be prevented, in some embodiments, by scanning for an active host and, if such an active host is found, blocking the host from using a layer 2 authentication channel unless the host is properly authenticated and has a proper Internet Protocol address.
    Type: Grant
    Filed: September 26, 2007
    Date of Patent: January 19, 2016
    Assignee: Intel Corporation
    Inventors: Avigdor Eldar, Tal Roth, Hormuzd Khosravi, Tal Shustak, Yael Yanai
  • Patent number: 9178884
    Abstract: In network access control networks, it may be difficult to provide certain remote accesses such as remote boot or remote storage access. An available network connection established through chipset firmware (e.g. active management technology (AMT)) may be utilized to establish a connection and to enable the remote access. Then as soon the completion of the activity is detected, such as remote booting, then the connection may be immediately terminated to prevent access by improper agents.
    Type: Grant
    Filed: September 7, 2007
    Date of Patent: November 3, 2015
    Assignee: Intel Corporation
    Inventors: Hormuzd Khosravi, Venkat R. Gokulrangan, Tal Shustak, Avigdor Eldar
  • Patent number: 8839450
    Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
    Type: Grant
    Filed: August 2, 2007
    Date of Patent: September 16, 2014
    Assignee: Intel Corporation
    Inventors: David Durham, Hormuzd Khosravi, Uri Blumenthal, Men Long
  • Patent number: 8752169
    Abstract: A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value.
    Type: Grant
    Filed: March 31, 2008
    Date of Patent: June 10, 2014
    Assignee: Intel Corporation
    Inventors: Men Long, David Durham, Hormuzd Khosravi
  • Patent number: 8713260
    Abstract: A method and system may include fetching a first pre-fetched data block having a first length greater than the length of a first requested data block, storing the first pre-fetched data block in a cache, and then fetching a second pre-fetched data block having a second length, greater than the length of a second requested data block, if data in the second requested data block is not entirely stored in a valid part of the cache. The first and second pre-fetched data blocks may be associated with a storage device over a channel. Other embodiments are described and claimed.
    Type: Grant
    Filed: April 2, 2010
    Date of Patent: April 29, 2014
    Assignee: Intel Corporation
    Inventors: Nadim Taha, Hormuzd Khosravi
  • Patent number: 8701187
    Abstract: A runtime integrity check may be implemented for a chain or execution path. When the chain or execution path calls other functions, the correctness of an entity called from the execution path is verified. As a result, attacks by malicious software that attempt to circumvent interrupt handlers can be combated.
    Type: Grant
    Filed: March 29, 2007
    Date of Patent: April 15, 2014
    Assignee: Intel Corporation
    Inventors: Travis T. Schluessler, David Durham, Hormuzd Khosravi
  • Patent number: 8688104
    Abstract: Illustrative embodiments of systems and methods providing remote management over a wireless wide-area network (WWAN) using short messages are disclosed. In one embodiment, a computing device may include an in-band processor, a wireless transceiver configured for communications over a WWAN, and an out-of-band (OOB) processor capable of communicating over the WWAN using the wireless transceiver irrespective of an operational state of the in-band processor. The OOB processor may be configured to receive a short message via the wireless transceiver, determine whether the short message originated from a trusted remote computing device, and execute at least one operation indicated by the short message in response to determining that the short message originated from a trusted remote computing device.
    Type: Grant
    Filed: March 22, 2012
    Date of Patent: April 1, 2014
    Assignee: Intel Corporation
    Inventors: Gyan Prakash, Farid Adrangi, Selim Aissi, Hormuzd Khosravi, Saurabh Dadu
  • Publication number: 20130297936
    Abstract: A method, device, and system for sharing media content with a sink device includes performing a cryptographic key exchange with the sink device and generating an authorization key in a security engine of a system-on-a-chip (SOC) of a source device. The method may also include generating an exchange key as a function of the authorization key and a packet key as a function of the exchange key. Such key generation occurs in the security engine of the SOC, and the keys are stored in a secure memory of the security engine.
    Type: Application
    Filed: December 15, 2011
    Publication date: November 7, 2013
    Inventors: Hormuzd Khosravi, Sachin Agrawal, Anirudh Venkataramanan
  • Patent number: 8572692
    Abstract: A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider.
    Type: Grant
    Filed: June 30, 2008
    Date of Patent: October 29, 2013
    Assignee: Intel Corporation
    Inventors: Divya Naidu Kolar Sunder, Hormuzd Khosravi, David Durham, Dan Dahle, Prashant Dewan
  • Patent number: 8555348
    Abstract: A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point.
    Type: Grant
    Filed: March 1, 2010
    Date of Patent: October 8, 2013
    Assignee: Intel Corporation
    Inventors: Hormuzd Khosravi, David Durham, Karanvir Grewal
  • Patent number: 8489686
    Abstract: A method and device allowing a scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an out-of-band (OOB) configured to compute a first hash value for data stored in one or more sectors of a data storage device at a first time; receive, using communication circuitry, a request to transmit a portion of the data stored in the one or more sectors of the data storage device at a second time, the second time being subsequent to the first time; compute a second hash value for the data stored in the one or more sectors of the data storage device at the second time; and transmit, using the communication circuitry, the requested portion of the data, only if the second hash value does not match the first hash value.
    Type: Grant
    Filed: May 21, 2010
    Date of Patent: July 16, 2013
    Assignee: Intel Corporation
    Inventors: Hormuzd Khosravi, David Durham, David A. Edwards, Venkat R. Gokulrangan, Men Long, Yasser Rasheed
  • Patent number: 8434067
    Abstract: A method and system for whitelisting software components is disclosed. In a first operating environment, runtime information may be collected about a first loaded and executing software component. The collected information may be communicated to a second software component operating in a second operating environment that is isolated from the first operating environment. The collect runtime information may be compared with a validated set of information about the first software component. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 2, 2011
    Date of Patent: April 30, 2013
    Assignee: Intel Corporation
    Inventors: Gayathri Nagabhushan, Ravi Sahita, Hormuzd Khosravi, Satyajit Grover
  • Patent number: 8364973
    Abstract: A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered.
    Type: Grant
    Filed: December 31, 2007
    Date of Patent: January 29, 2013
    Assignee: Intel Corporation
    Inventors: Hormuzd Khosravi, David Durham, Prashant Dewan, Ravi Sahita, Uday R. Savagaonkar, Men Long
  • Patent number: 8341369
    Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: December 25, 2012
    Assignee: Intel Corporation
    Inventors: Uday Savagaonkar, Travis T. Schluessler, Hormuzd Khosravi, Ravi Sahita, Gayathri Nagabhushan, David Durham
  • Patent number: 8332510
    Abstract: Embodiments provide methods, apparatus, and systems that enable an embedded processor to detect and configure one or more network access settings. The network access settings may enable the embedded processor to communicate over a network, via out-of-band messages, with a management server or service. Other embodiments may be disclosed or claimed.
    Type: Grant
    Filed: April 2, 2010
    Date of Patent: December 11, 2012
    Assignee: Intel Corporation
    Inventors: Hormuzd Khosravi, Dominic Fulginiti, Avigdor Eldar, Michael Navon
  • Patent number: 8281402
    Abstract: According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.
    Type: Grant
    Filed: May 16, 2006
    Date of Patent: October 2, 2012
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Uday Savagaonkar, Hormuzd Khosravi, Uri Blumenthal