Patents by Inventor Nigel John Edwards
Nigel John Edwards has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240126883Abstract: A process includes, in a computer system, acquiring a first measurement that corresponds to a software container. Acquiring the measurement includes a hardware processor of the computer system measuring a given layer of a plurality of layers of layered file system structure corresponding to the software container. The given layer includes a plurality of files, and the first measurement includes a measurement of the plurality of files. The process includes storing the first measurement in a secure memory of the computer system. A content of the secure memory is used to verify an integrity of the software container.Type: ApplicationFiled: December 14, 2023Publication date: April 18, 2024Inventors: Francisco Plinio Oliveira Silveira, Nigel John Edwards, Ludovic Emmanuel Paul Noel Jacquin, Guilherme de Campos Magalhaes, Leandro Augusto Penna dos Santos, Rodrigo Jose da Rosa Antunes
-
Patent number: 11874926Abstract: A process includes, in a computer system, acquiring a first measurement that corresponds to a software container. Acquiring the measurement includes a hardware processor of the computer system measuring a given layer of a plurality of layers of layered file system structure corresponding to the software container. The given layer includes a plurality of files, and the first measurement includes a measurement of the plurality of files. The process includes storing the first measurement in a secure memory of the computer system. A content of the secure memory is used to verify an integrity of the software container.Type: GrantFiled: December 7, 2020Date of Patent: January 16, 2024Assignee: Hewlett Packard Enterprise Development LPInventors: Francisco Plinio Oliveira Silveira, Nigel John Edwards, Ludovic Emmanuel Paul Noel Jacquin, Guilherme de Campos Magalhaes, Leandro Augusto Penna dos Santos, Rodrigo Jose da Rosa Antunes
-
Patent number: 11861372Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station.Type: GrantFiled: May 16, 2022Date of Patent: January 2, 2024Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Nigel John Edwards, Thomas M. Laffey
-
Publication number: 20230222226Abstract: A technique includes an operating system agent of a computer system monitoring a process to detect whether an integrity of the process has been compromised. The monitoring includes the operating system agent scanning a data structure. The process executes in a user space, and the data structure is part of an operating system kernel space. The technique includes a hardware controller of the computer system listening for a heartbeat that is generated by the operating system agent. The hardware controller takes a corrective action in response to at least one of the hardware controller detecting an interruption of the heartbeat, or the operating system agent communicating to the hardware controller a security alert for the process.Type: ApplicationFiled: March 21, 2023Publication date: July 13, 2023Inventors: Geoffrey Ndu, Nigel John Edwards
-
Patent number: 11636214Abstract: A technique includes an operating system agent of a computer system monitoring a process to detect whether an integrity of the process has been compromised. The monitoring includes the operating system agent scanning a data structure. The process executes in a user space, and the data structure is part of an operating system kernel space. The technique includes a hardware controller of the computer system listening for a heartbeat that is generated by the operating system agent. The hardware controller takes a corrective action in response to at least one of the hardware controller detecting an interruption of the heartbeat, or the operating system agent communicating to the hardware controller a security alert for the process.Type: GrantFiled: December 11, 2020Date of Patent: April 25, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Geoffrey Ndu, Nigel John Edwards
-
Publication number: 20230049131Abstract: In some examples, a system receives first measurements of data items used by a build server in building an executable program, the data items copied from a data repository to a storage partition that is separate from the data repository, and the storage partition to store the data items relating to building the executable program by the build server. The system determines, based on the first measurements and according to a policy specified for the storage partition, whether a corruption of the data items used by the build server in building the executable program has occurred.Type: ApplicationFiled: August 10, 2021Publication date: February 16, 2023Inventors: Nigel John Edwards, Guilherme de Campos Magalhaes
-
Patent number: 11522723Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.Type: GrantFiled: March 1, 2021Date of Patent: December 6, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Nigel John Edwards, Luis E. Luciani, Jr.
-
Publication number: 20220276875Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station.Type: ApplicationFiled: May 16, 2022Publication date: September 1, 2022Inventors: Ludovic Emmanuel Paul Noel JACQUIN, Nigel John EDWARDS, Thomas M. LAFFEY
-
Publication number: 20220278855Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.Type: ApplicationFiled: March 1, 2021Publication date: September 1, 2022Inventors: Ludovic Emmanuel Paul Noel JACQUIN, Nigel John EDWARDS, Luis E. LUCIANI, JR.
-
Publication number: 20220188423Abstract: A technique includes an operating system agent of a computer system monitoring a process to detect whether an integrity of the process has been compromised. The monitoring includes the operating system agent scanning a data structure. The process executes in a user space, and the data structure is part of an operating system kernel space. The technique includes a hardware controller of the computer system listening for a heartbeat that is generated by the operating system agent. The hardware controller takes a corrective action in response to at least one of the hardware controller detecting an interruption of the heartbeat, or the operating system agent communicating to the hardware controller a security alert for the process.Type: ApplicationFiled: December 11, 2020Publication date: June 16, 2022Inventors: Geoffrey Ndu, Nigel John Edwards
-
Publication number: 20220179959Abstract: A process includes, in a computer system, acquiring a first measurement that corresponds to a software container. Acquiring the measurement includes a hardware processor of the computer system measuring a given layer of a plurality of layers of layered file system structure corresponding to the software container. The given layer includes a plurality of files, and the first measurement includes a measurement of the plurality of files. The process includes storing the first measurement in a secure memory of the computer system. A content of the secure memory is used to verify an integrity of the software container.Type: ApplicationFiled: December 7, 2020Publication date: June 9, 2022Inventors: Francisco Plinio Oliveira Silveira, Nigel John Edwards, Ludovic Emmanuel Paul Noel Jacquin, Guilherme de Campos Magalhaes, Leandro Augusto Penna dos Santos, Rodrigo Jose da Rosa Antunes
-
Publication number: 20110119748Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Virtual infrastructures of different users share physical resources but are isolated and have their own management entities. An interface between infrastructures allows controlled relaxation of the isolation, using a gateway between virtual nets, or shared virtual storage devices. This can allow businesses to share data or applications, while maintaining control of security.Type: ApplicationFiled: October 28, 2005Publication date: May 19, 2011Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Nigel John Edwards, Christopher I. Dalton
-
Publication number: 20090300605Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Each virtual infrastructure can be passivated by suspending applications, stopping operating systems, and storing state, to enable later reactivation. This is simpler for a complete virtual infrastructure than for groups of virtual entities and physical entities. It enables cloned virtual infrastructure to be created for testing, upgrading or sharing without risk to the parent. On failure, reversion to a previous working clone is feasible.Type: ApplicationFiled: October 28, 2005Publication date: December 3, 2009Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Nigel John Edwards, Adrian Baldwin, Patrick Goldsack, Antonio Lain
-
Publication number: 20090241108Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Virtual infrastructures of different users share physical resources but are isolated. Each infrastructure has its own infrastructure controller to create and configure the infrastructure. It has a user accessible part (CFC) for configuration of that user's infrastructure, and a user inaccessible part (UFC) able to access the mapping and the physical resources. This increases user control to ease system administration, while maintaining security by limiting access to the mapping.Type: ApplicationFiled: October 28, 2005Publication date: September 24, 2009Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Nigel John Edwards, Patrick Goldsack, Antonio Lain, Adrian John Baldwin
-
Patent number: 7444666Abstract: A method of multi-domain authorization/authentication on a computer network comprises: a user making a request to a policy enforcement point of a computer for access to information on the computer; providing a location address for a user's authorization and/or authentication information, a policy decision point of the service on the computer network then verifying the authorization/authentication information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user's authorization/authentication and/or further information is located on a meta policy decision point (MPDP).Type: GrantFiled: July 25, 2002Date of Patent: October 28, 2008Assignee: Hewlett-Packard Development Company, L.P.Inventors: Nigel John Edwards, Jason Rouault
-
Patent number: 6981265Abstract: A network gateway (1005) is described, wherein an object invocation (1020) containing an embedded object reference (1025), which points to a further object (1002), is modified on passing through the gateway. The gateway validates the object invocation and enacts a number of security tests thereon before forwarding it on. In preferred embodiments, the embedded object reference is replaced by an object reference (1035) to a gateway proxy specifically for the further object (1002). The replacement object reference (1035) also includes enough information that the original object reference (1025) can be recovered. The gateway proxy is generated on or after receipt of the invocation (1020). In the event the further object (1002), which was the subject of the object reference, is itself invoked, the invocation is directed to the gateway proxy, which in turn recovers the original object reference and forwards the invocation on to the further object (1002).Type: GrantFiled: December 4, 1998Date of Patent: December 27, 2005Assignee: Hewlett-Packard Development Company, L.P.Inventors: Robert Thomas Owen Rees, Nigel John Edwards
-
Publication number: 20030023880Abstract: A method of multi-domain authorisation/authentication on a computer network comprises: a user making a request to a policy enforcement point of a computer for access to information on the computer; providing a location address for a user's authorisation and/or authentication information, a policy decision point of the service on the computer network then verifying the authorisation/authentication information; and the user being given access by the PEP to the information or the service requested, if the request is accepted, wherein the user's authorisation/authentication and/or further information is located on a meta policy decision point (MPDP).Type: ApplicationFiled: July 25, 2002Publication date: January 30, 2003Inventors: Nigel John Edwards, Jason Rouault