Patents by Inventor Nigel Edwards
Nigel Edwards has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240104213Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.Type: ApplicationFiled: December 5, 2023Publication date: March 28, 2024Inventors: Nigel Edwards, Michael R. Krause, Melvin Benedict, Ludovic Emmanuel Paul Noel Jacquin, Luis Luciani, Thomas Laffey, Theofrastos Koulouris, Shiva Dasari
-
Patent number: 11886593Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.Type: GrantFiled: February 13, 2023Date of Patent: January 30, 2024Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Hamza Attak, Nigel Edwards
-
Patent number: 11868474Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.Type: GrantFiled: January 8, 2019Date of Patent: January 9, 2024Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Michael R. Krause, Melvin Benedict, Ludovic Emmanuel Paul Noel Jacquin, Luis Luciani, Thomas Laffey, Theofrastos Koulouris, Shiva Dasari
-
Patent number: 11803639Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.Type: GrantFiled: April 16, 2021Date of Patent: October 31, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Theofrastos Koulouris, Nigel Edwards
-
Patent number: 11794472Abstract: A method of processing phase signals for continuous inkjet printing, said method comprising: providing at least one phase signal, wherein said at least one phase signal is an analogue signal; converting the at least one phase signal into at least one corresponding digitised phase signal; and processing said at least one digitised phasing signal, wherein the processing comprises extracting at least one predetermined phase parameter from the at least one digitised phasing signal when the at least one digitised phasing signal is a time-domain digitalised phase signal, and wherein the at least one predetermined phase parameter comprises one or more time-domain signal features of the at least one digitised phasing signal.Type: GrantFiled: September 24, 2020Date of Patent: October 24, 2023Inventors: Nigel Edward Sherman, Arkadiusz Cezary Zawada, David Horsnell, Paul Cox
-
Patent number: 11775649Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.Type: GrantFiled: August 23, 2022Date of Patent: October 3, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Nigel Edwards
-
Patent number: 11734430Abstract: Examples include configuration of a memory controller for copy-on-write with a resource controller. Some examples include, in response to a determination to take a snapshot of memory accessible to a first component, a resource controller configuring a memory controller to treat location IDs, mapped to initial memory locations of the accessible memory, as copy-on-write for the first component and not for a second component independent of the resource controller after the configuring.Type: GrantFiled: April 22, 2016Date of Patent: August 22, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Chris I. Dalton, Keith Mathew McAuliffe
-
Patent number: 11714910Abstract: Examples disclosed herein relate to integrity monitoring of a computing system. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring.Type: GrantFiled: June 13, 2018Date of Patent: August 1, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, David Altobelli, Nigel Edwards, Luis Luciani, Jr.
-
Publication number: 20230185920Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.Type: ApplicationFiled: February 13, 2023Publication date: June 15, 2023Inventors: Ludovic Emmanuel Paul Noel JACQUIN, Hamza ATTAK, Nigel EDWARDS
-
Patent number: 11663017Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.Type: GrantFiled: July 12, 2021Date of Patent: May 30, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Nigel Edwards
-
Patent number: 11650936Abstract: Systems and methods are provided for binding one or more components to an identification component of a hardware module. Each of the serial numbers for the one or more components are included within a module-specific authentication certificate that is stored within the identification component of the hardware module. When connected to a computing platform, an authentication system of the computing platform is capable of retrieving the module-specific authentication certificate. The authentication system can compare the list of serial numbers included in the module-specific authentication certificate with one or more serial numbers read over a first interface. If the two lists of serial numbers match, the authentication system can flag the hardware module as authenticate through authentication of all components of the hardware module.Type: GrantFiled: July 10, 2020Date of Patent: May 16, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Melvin K. Benedict, Nigel Edwards, Eric L. Pope
-
Patent number: 11636209Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.Type: GrantFiled: September 2, 2021Date of Patent: April 25, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Ludovic Emmanuel Paul Noel Jacquin, Nigel Edwards
-
Patent number: 11604881Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.Type: GrantFiled: April 28, 2021Date of Patent: March 14, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Hamza Attak, Nigel Edwards
-
Publication number: 20220405393Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.Type: ApplicationFiled: August 23, 2022Publication date: December 22, 2022Inventors: Geoffrey NDU, Nigel EDWARDS
-
Patent number: 11481520Abstract: Examples described herein relate to a printed circuit assembly (PCA). The PCA includes a printed circuit board (PCB). The PCA further includes an identification device embedded within the PCB. The identification device stores identity information that uniquely identifies identification device and the PCB. Moreover, a PCB identifier defined using the identity information is also stored in a platform attestation file hosted locally within the PCA, on a remote server, or both locally within the PCA and on the remote server. Additionally, the PCA includes an authentication device disposed on the PCB, wherein the platform attestation file is cryptographically bound to the authentication device.Type: GrantFiled: December 15, 2020Date of Patent: October 25, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: David A. Moore, Nigel Edwards, Jonathon Hughes
-
Publication number: 20220332109Abstract: A method of processing phase signals for continuous inkjet printing, said method comprising: providing at least one phase signal, wherein said at least one phase signal is an analogue signal; converting the at least one phase signal into at least one corresponding digitised phase signal; and processing said at least one digitised phasing signal, wherein the processing comprises extracting at least one predetermined phase parameter from the at least one digitised phasing signal when the at least one digitised phasing signal is a time-domain digitalised phase signal, and wherein the at least one predetermined phase parameter comprises one or more time-domain signal features of the at least one digitised phasing signal.Type: ApplicationFiled: September 24, 2020Publication date: October 20, 2022Inventors: Nigel Edward Sherman, Arkadiusz Cezary Zawada, David Horsnell, Paul Cox
-
Patent number: 11455395Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.Type: GrantFiled: June 17, 2020Date of Patent: September 27, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Nigel Edwards
-
Patent number: 11372970Abstract: Systems and methods for multi-dimensional attestation are provided. One method for multi-dimensional attestation includes upon occurrence of a triggering event, taking triggered measurements of a platform, the platform including a security co-processor and a volatile memory; extending a platform configuration register of the volatile memory to include the triggered measurements; taking snapshots of the platform configuration register over time; storing the snapshots in a snapshot memory; and upon request, sending the triggered measurements and the snapshots to a verifier for detection of potential attacks.Type: GrantFiled: March 12, 2019Date of Patent: June 28, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Yongqi Wang, Ludovic Emmanuel Paul Noel Jacquin, Nigel Edwards
-
Publication number: 20220188462Abstract: Examples described herein relate to a printed circuit assembly (PCA). The PCA includes a printed circuit board (PCB). The PCA further includes an identification device embedded within the PCB. The identification device stores identity information that uniquely identifies identification device and the PCB. Moreover, a PCB identifier defined using the identity information is also stored in a platform attestation file hosted locally within the PCA, on a remote server, or both locally within the PCA and on the remote server. Additionally, the PCA includes an authentication device disposed on the PCB, wherein the platform attestation file is cryptographically bound to the authentication device.Type: ApplicationFiled: December 15, 2020Publication date: June 16, 2022Inventors: David A. MOORE, Nigel EDWARDS, Jonathon HUGHES
-
Patent number: 11360784Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station.Type: GrantFiled: September 10, 2019Date of Patent: June 14, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Nigel Edwards, Thomas M. Laffey