Patents by Inventor Manoj R. Sastry
Manoj R. Sastry has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150331043Abstract: A system on chip (SOC) includes a policy generator to identify lifecycle data that identifies a lifecycle of the SOC and identify authentication data that identifies a particular user that is to debug the SoC. A particular policy is determined based on the lifecycle and identification of the particular user, and policy data is sent to at least one block of the SoC, the policy data identifying the particular policy. Debug access at the block is based on the particular policy.Type: ApplicationFiled: May 15, 2014Publication date: November 19, 2015Inventors: Manoj R. Sastry, Enrico D. Carrieri, Michael Neve de Mevergnies, Ioannis T. Schoinas, Michael J. Wiznerowicz
-
Patent number: 9112867Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.Type: GrantFiled: June 13, 2014Date of Patent: August 18, 2015Assignee: Intel CorporationInventors: Manoj R. Sastry, Ioannis T. Schoinas, Daniel M. Cermak
-
Patent number: 8959576Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.Type: GrantFiled: March 14, 2013Date of Patent: February 17, 2015Assignee: Intel CorporationInventors: Manoj R. Sastry, Ioannis T. Schoinas, Daniel M. Cermak
-
Publication number: 20140298408Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.Type: ApplicationFiled: June 13, 2014Publication date: October 2, 2014Inventors: Manoj R. Sastry, Ioannis T. Schoinas, Daniel M. Cermak
-
Publication number: 20140282819Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.Type: ApplicationFiled: March 14, 2013Publication date: September 18, 2014Inventors: Manoj R. Sastry, Ioannis T. Schoinas, Daniel M. Cermak
-
Patent number: 8804701Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.Type: GrantFiled: May 23, 2011Date of Patent: August 12, 2014Assignee: Intel CorporationInventors: Michael J. Covington, Manoj R. Sastry, Farid Adrangi, Deepak J. Manohar, Shao-Cheng Wang
-
Patent number: 8789170Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.Type: GrantFiled: September 24, 2010Date of Patent: July 22, 2014Assignee: Intel CorporationInventors: Manoj R. Sastry, Ioannis T. Schoinas, Daniel M. Cermak
-
Publication number: 20140137231Abstract: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.Type: ApplicationFiled: December 21, 2011Publication date: May 15, 2014Inventors: Manoj R. Sastry, Ioannis T. Schoinas, Robert J. Toepfer, Alpa T. Narendra Trivedi, Men Long
-
Patent number: 8656147Abstract: Methods and apparatus to measure the integrity of a virtual machine monitor and an operating system via secure launch are disclosed. In one example, a method measures a first characteristic of a virtual machine monitor, stores the first measured characteristic in a first hardware protected location, measures a second characteristic of an operating system with the virtual machine monitor, wherein the measuring of the second characteristic is initiated by the operating system, and stores the second measured characteristic in a second hardware protected location.Type: GrantFiled: June 19, 2009Date of Patent: February 18, 2014Assignee: Intel CorporationInventors: Manoj R Sastry, Burzin A Daruwala
-
Publication number: 20120079590Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.Type: ApplicationFiled: September 24, 2010Publication date: March 29, 2012Inventors: Manoj R. Sastry, Ioannis T. Schoinas, Daniel M. Cermak
-
Publication number: 20110225626Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.Type: ApplicationFiled: May 23, 2011Publication date: September 15, 2011Inventors: Michael J. Covington, Manoj R. Sastry, Farid Adrangi, Deepak J. Manohar, Shao-Cheng Wang
-
Patent number: 7965702Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.Type: GrantFiled: March 3, 2006Date of Patent: June 21, 2011Assignee: Intel CorporationInventors: Michael J. Covington, Manoj R. Sastry, Farid Adrangi, Deepak J. Manohar, Shao-Cheng Wang
-
Patent number: 7783696Abstract: Service processors within a system are self-clustered. The system can also include an operating system or other software code, a management console, or both. The operating system communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, such as through a memory shared by at least all the service processors. The operating system therefore need not be aware which of the service processors performs a given function. The console communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, through any service processor of the cluster. The console therefore also need not be aware that the service processors have been clustered to perform functionality for the console.Type: GrantFiled: June 29, 2008Date of Patent: August 24, 2010Assignee: International Business Machines CorporationInventors: Brad A. Davis, Henry J. DiVincenzo, Richard A. Lary, Thomas E. Malone, Patrick D. Mason, Lee G. Rosenbaum, Manoj R. Sastry, Pat White
-
Publication number: 20100024045Abstract: In one embodiment a method is disclosed for accepting and enforcing user selectable privacy settings for context awareness including location awareness data on a computing platform. The method may identify a requestor, assign a privacy setting to the requester then detect a request for location information from the requestor. The method may transmit location information to the requester based on the user selected privacy setting. The user selected privacy setting may have a granularity assigned to each requestor based on a privacy preference and the method may entirely block the location information from being disclosed or the method may modify the granularity/accuracy of the location information based on the privacy setting to report context of an appropriate level of granularity according to the privacy setting configured by the user. Other embodiments are also disclosed.Type: ApplicationFiled: June 30, 2007Publication date: January 28, 2010Inventors: Manoj R. Sastry, Michael J. Covington, Ram Krishnan
-
Publication number: 20100023743Abstract: Methods and apparatus to measure the integrity of a virtual machine monitor and an operating system via secure launch are disclosed. In one example, a method measures a first characteristic of a virtual machine monitor, stores the first measured characteristic in a first hardware protected location, measures a second characteristic of an operating system with the virtual machine monitor, wherein the measuring of the second characteristic is initiated by the operating system, and stores the second measured characteristic in a second hardware protected location.Type: ApplicationFiled: June 19, 2009Publication date: January 28, 2010Inventors: Manoj R. Sastry, Burzin A. Daruwala
-
Patent number: 7565522Abstract: Methods and apparatus to measure the integrity of a virtual machine monitor and an operating system via secure launch are disclosed. In one example, a method measures a first characteristic of a virtual machine monitor, stores the first measured characteristic in a first hardware protected location, measures a second characteristic of an operating system with the virtual machine monitor, wherein the measuring of the second characteristic is initiated by the operating system, and stores the second measured characteristic in a second hardware protected location.Type: GrantFiled: May 10, 2004Date of Patent: July 21, 2009Assignee: Intel CorporationInventors: Manoj R. Sastry, Burzin A. Daruwala
-
Publication number: 20080263129Abstract: Service processors within a system are self-clustered. The system can also include an operating system or other software code, a management console, or both. The operating system communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, such as through a memory shared by at least all the service processors. The operating system therefore need not be aware which of the service processors performs a given function. The console communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, through any service processor of the cluster. The console therefore also need not be aware that the service processors have been clustered to perform functionality for the console.Type: ApplicationFiled: June 29, 2008Publication date: October 23, 2008Inventors: Brad A. Davis, Henry J. DiVincenzo, Richard A. Lary, Thomas E. Malone, Patrick D. Mason, Lee G. Rosenbaum, Manoj R. Sastry, Patrick W. White
-
Patent number: 7433914Abstract: The self-clustering of service processors within a system is disclosed. The system can also include an operating system or other software code, a management console, or both. The operating system communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, such as through a memory shared by at least all the service processors. The operating system therefore need not be aware which of the service processors performs a given function. The console communicates with the cluster of service processors, where the service processors are self-clustered or otherwise, through any service processor of the cluster. The console therefore also need not be aware that the service processors have been clustered to perform functionality for the console.Type: GrantFiled: September 13, 2001Date of Patent: October 7, 2008Assignee: International Business Machines CorporationInventors: Brad A. Davis, Henry J. DiVincenzo, Richard A. Lary, Thomas E. Malone, Patrick D. Mason, Lee G. Rosenbaum, Manoj R. Sastry, Patrick W. White
-
Publication number: 20070153715Abstract: A machine, such as a mobile device having telephony features, such as a voice over Internet Protocol (VoIP) telephony application, is configured with a secure environment in which a location provider within (more reliable) or external to (less reliable) the machine may determine location data for the machine and securely provide it to a telephony application program for incorporation into a call setup for calling a callee. The secure environment may be created through use of one or more of Intel's LaGrande Technology™ (LT), Vanderpool Technology (VT), or a Trusted Platform Module (TPM). The LT and VT allow defining secure independent components within the machine, such as by instantiating them as Virtual Machines, and the TPM allows components to cryptographically sign data, such as to facilitate ensuring the location data is not tampered with. A recipient of a telephone call setup including cryptographically secured location data may validate the location data and accept the call.Type: ApplicationFiled: March 3, 2006Publication date: July 5, 2007Inventors: Michael J. Covington, Manoj R. Sastry, Farid Adrangi, Deepak J. Manohar, Shao-Cheng Wang
-
Patent number: 6993566Abstract: The self-clustering of entities within a system is disclosed. The system can also include a host. Each entity self-discovers all the other entities, such that the entities are aggregated as a cluster. The host communicates with the cluster of entities, where the entities are self-clustered or otherwise, such as through a memory shared by all the entities. The host therefore need not be aware which of the entities performs a given function.Type: GrantFiled: September 13, 2001Date of Patent: January 31, 2006Assignee: International Business Machines CorporationInventors: Brad A. Davis, Henry J. DiVincenzo, Richard A. Lary, Thomas E. Malone, Patrick D. Mason, Lee G. Rosenbaum, Manoj R. Sastry, Patrick W. White