Patents by Inventor Nigel Edwards
Nigel Edwards has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11290471Abstract: A method includes providing, by a first electronic device, a first request to a second electronic device for the second electronic device to provide data to the first electronic device representing content that is stored in a security component of the second electronic device. The first electronic device receives the response from the second electronic device to the first request and, in response thereto, the first electronic device stores data in the first electronic device representing content that is stored in a security component of the second electronic device. The method includes performing cross-attestation. Performing the cross-attestation includes, in response to an attestation request that is provided by a verifier to the first electronic device, the first electronic device providing to the verifier data representing content that is stored in the security component of the first electronic device and data representing the content stored in the security component of the second electronic device.Type: GrantFiled: August 27, 2019Date of Patent: March 29, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Yongqi Wang, Ludovic Emmanuel Paul Noel Jacquin, Nigel Edwards
-
Publication number: 20220059269Abstract: The present invention is in the field of a National Individual Floating Transportation Infrastructure (NIfTI) wherein floating vehicles can travel by magnetic levitation and propagation. The vehicles can travel at a controllable height above the existing, albeit modified, road infrastructure and at relatively high speeds.Type: ApplicationFiled: November 25, 2019Publication date: February 24, 2022Applicant: STICHTING KATHOLIEKE UNIVERSITEITInventor: Nigel Edward HUSSEY
-
Publication number: 20220043914Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.Type: ApplicationFiled: January 8, 2019Publication date: February 10, 2022Inventors: Nigel EDWARDS, Michael R. KRAUSE, Melvin BENEDICT, Ludovic Emmanuel Paul Noel JACQUIN, Luis LUCIANI, Thomas LAFFEY, Theofrastos KOULOURIS, Shiva DASARI
-
Publication number: 20210397709Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.Type: ApplicationFiled: September 2, 2021Publication date: December 23, 2021Inventors: Geoffrey NDU, Ludovic Emmanuel Paul Noel JACQUIN, Nigel EDWARDS
-
Publication number: 20210397713Abstract: Examples disclosed herein relate to performing a verification check in response to receiving notification. A computing system includes a host processor, memory coupled to the host processor, and a device separate from the host processor capable of accessing the memory. The host processor has a page table base register. The host processor is configured to send a notification to the device when the page table base register changes. The device performs a verification check in response to receiving the notification.Type: ApplicationFiled: June 17, 2020Publication date: December 23, 2021Inventors: Geoffrey Ndu, Nigel Edwards
-
Publication number: 20210349836Abstract: Systems and methods are provided for binding one or more components to an identification component of a hardware module. Each of the serial numbers for the one or more components are included within a module-specific authentication certificate that is stored within the identification component of the hardware module. When connected to a computing platform, an authentication system of the computing platform is capable of retrieving the module-specific authentication certificate. The authentication system can compare the list of serial numbers included in the module-specific authentication certificate with one or more serial numbers read over a first interface. If the two lists of serial numbers match, the authentication system can flag the hardware module as authenticate through authentication of all components of the hardware module.Type: ApplicationFiled: July 10, 2020Publication date: November 11, 2021Inventors: MELVIN K. BENEDICT, NIGEL EDWARDS, ERIC L. POPE
-
Publication number: 20210342162Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.Type: ApplicationFiled: July 12, 2021Publication date: November 4, 2021Inventors: Geoffrey NDU, Nigel EDWARDS
-
Patent number: 11138315Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.Type: GrantFiled: January 17, 2018Date of Patent: October 5, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Ludovic Emmanuel Paul Noel Jacquin, Nigel Edwards
-
Patent number: 11119789Abstract: A method comprising: generating, with a device, a nonce; writing, with the device, the nonce to a memory location accessible to a kernel; initializing the kernel; in response to an end of initialization, measuring a specified kernel space to produce a first result; writing the first result to a register of a second device; writing a location and size of the specified kernel space to a buffer; measuring the buffer; writing a result of buffer measurement to a second register of the second device; requesting a quote from the second device, the quote to include the nonce, the contents of the register, and the contents of the second register; and passing the quote to the device.Type: GrantFiled: April 25, 2018Date of Patent: September 14, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Nigel Edwards
-
Publication number: 20210256118Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.Type: ApplicationFiled: April 16, 2021Publication date: August 19, 2021Inventors: Geoffrey NDU, Theofrastos KOULOURIS, Nigel EDWARDS
-
Publication number: 20210248239Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.Type: ApplicationFiled: April 28, 2021Publication date: August 12, 2021Inventors: Ludovic Emmanuel Paul Noel JACQUIN, Hamza ATTAK, Nigel EDWARDS
-
Patent number: 11017090Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.Type: GrantFiled: December 17, 2018Date of Patent: May 25, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Hamza Attak, Nigel Edwards
-
Patent number: 11017080Abstract: Examples disclosed herein relate to integrity monitoring of a computing system using a kernel that can update its own code. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring. The device is to compare a current measurement with an initial measurement to determine if a potential violation occurred. The device is to use a representation of a jump table to determine whether the potential violation is a violation.Type: GrantFiled: June 13, 2018Date of Patent: May 25, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Theofrastos Koulouris, Nigel Edwards
-
Publication number: 20210073003Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station.Type: ApplicationFiled: September 10, 2019Publication date: March 11, 2021Inventors: Ludovic Emmanuel Paul Noel Jacquin, Nigel Edwards, Thomas M. Laffey
-
Publication number: 20210067520Abstract: A method includes providing, by a first electronic device, a first request to a second electronic device for the second electronic device to provide data to the first electronic device representing content that is stored in a security component of the second electronic device. The first electronic device receives the response from the second electronic device to the first request and, in response thereto, the first electronic device stores data in the first electronic device representing content that is stored in a security component of the second electronic device. The method includes performing cross-attestation. Performing the cross-attestation includes, in response to an attestation request that is provided by a verifier to the first electronic device, the first electronic device providing to the verifier data representing content that is stored in the security component of the first electronic device and data representing the content stored in the security component of the second electronic device.Type: ApplicationFiled: August 27, 2019Publication date: March 4, 2021Inventors: Yongqi Wang, Ludovic Emmanuel Paul Noel Jacquin, Nigel Edwards
-
Patent number: 10938553Abstract: The present disclosure relates to generating an identifier, an encrypted value that is an original value encrypted, and a Message Authentication Code (MAC) at a server device, and to generating a message including a message header and a message body, said message header including the identifier and the MAC, and said message body including the encrypted value, and said that the MAC key used to compute the message authentication code is included in the original value to be encrypted, and further relates to transmitting the message to a client device.Type: GrantFiled: November 27, 2015Date of Patent: March 2, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Liqun Chen, Nigel Edwards
-
Patent number: 10929148Abstract: Example embodiments relate to executing services in containers. The examples disclosed herein include a computing device comprising instructions to load an inner portion of an operating system kernel in an inner region of a kernel space and an outer portion of the operating system kernel in an outer region of the kernel space. The example computing device may execute a service in a container in a user space. The container may be communicatively coupled with the outer region of the operating system kernel but divided from the inner portion of the operating system kernel.Type: GrantFiled: June 8, 2016Date of Patent: February 23, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Chris I Dalton
-
Publication number: 20210026948Abstract: In some examples, a system executes a monitor separate from an operating system (OS) that uses mapping information in accessing data in a physical memory. The monitor identifies, using the mapping information, invariant information, that comprises program code, of the OS without suspending execution of the OS, the identifying comprising the monitor accessing the physical memory independently of the OS. The monitor determines, based on monitoring the invariant information of the OS, whether a security issue is present.Type: ApplicationFiled: July 26, 2019Publication date: January 28, 2021Inventors: Geoffrey Ndu, Nigel Edwards
-
Patent number: 10853090Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.Type: GrantFiled: January 22, 2018Date of Patent: December 1, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Hamza Attak, Nigel Edwards, Guilherme de Campos Magalhaes
-
Patent number: 10783246Abstract: Examples relate to snapshots of system memory. In an example implementation, structural information of a process in a snapshot of system memory is compared with hashes or fuzzy hashes of executable regions of the same process in a previous snapshot of system memory to determine whether there is a structural anomaly.Type: GrantFiled: January 31, 2017Date of Patent: September 22, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Nigel Edwards, Michael John Wray