Patents by Inventor Purushottam Goel
Purushottam Goel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20160323268Abstract: A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.Type: ApplicationFiled: July 12, 2016Publication date: November 3, 2016Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
-
Publication number: 20160283721Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.Type: ApplicationFiled: June 10, 2016Publication date: September 29, 2016Inventors: Daniel Nemiroff, Paul J. Thadikaran, Andrew H. Gafken, Purushottam Goel, Nicholas D. Triantafillou, Paritosh Saxena, Debra Cablao
-
Patent number: 9442865Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.Type: GrantFiled: January 19, 2016Date of Patent: September 13, 2016Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Arvind Kumar, Purushottam Goel
-
Publication number: 20160246998Abstract: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.Type: ApplicationFiled: May 2, 2016Publication date: August 25, 2016Inventors: Ned Smith, Purushottam Goel, Victoria Moore
-
Patent number: 9419953Abstract: A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.Type: GrantFiled: December 23, 2012Date of Patent: August 16, 2016Assignee: McAfee, Inc.Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
-
Publication number: 20160171206Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.Type: ApplicationFiled: February 19, 2016Publication date: June 16, 2016Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
-
Patent number: 9367328Abstract: Embodiments of techniques and systems for out-of-band verification of host OS components are described. In embodiments, a out-of-band host OS boot sequence verification system (“BSVS”) may access system memory without detection by a host OS process, or “out of band.” The BSVS may access host OS components in the system memory and may generate signatures from memory footprints of the host OS components. These signatures may then be compared to trusted signatures to verify integrity of the host OS components. In embodiments, this verification may be performed during a boot of a host OS or on demand. In embodiments, the trusted signatures may be pre-stored by the BSVS before a boot; in some embodiments, the trusted signatures may be previously-computed and then stored by the BSVS. Other embodiments may be described and claimed.Type: GrantFiled: June 28, 2012Date of Patent: June 14, 2016Assignee: Intel CorporationInventors: Daniel Nemiroff, Paul J. Thadikaran, Andrew H. Gafken, Purushottam Goel, Nicholas D. Triantafillou, Paritosh Saxena, Debra Cablao
-
Publication number: 20160132437Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.Type: ApplicationFiled: January 19, 2016Publication date: May 12, 2016Inventors: Vedvyas Shanbhogue, Arvind Kumar, Purushottam Goel
-
Patent number: 9336357Abstract: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.Type: GrantFiled: September 28, 2012Date of Patent: May 10, 2016Assignee: Intel CorporationInventors: Ned Smith, Purushottam Goel, Victoria Moore
-
Patent number: 9294478Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.Type: GrantFiled: September 29, 2014Date of Patent: March 22, 2016Assignee: McAfee, Inc.Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
-
Patent number: 9268594Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.Type: GrantFiled: June 3, 2015Date of Patent: February 23, 2016Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Arvind Kumar, Purushottam Goel
-
Publication number: 20150381368Abstract: Technologies for secure offline activation of hardware features include a target computing device having a platform controller hub (PCH) including a converged security and manageability engine (CSME) and a number of in-field programmable fuses (IFPs). During assembly of the target computing device by an original equipment manufacturer (OEM), the CSME is provided a list of hardware features to be activated. The CSME configures the IFPs to enable the requested features, generates a digital receipt including the activated features and a unique device ID, and signs the receipt using a unique device key. Signed receipts may be periodically submitted to a vendor computing device, which verifies the signed receipts, extracts the active feature list, and bills the OEM for activated features of the PCHs. The vendor computing device may bill the OEM a maximum price for PCHs for which there is no associated signed receipt. Other embodiments are described and claimed.Type: ApplicationFiled: June 27, 2014Publication date: December 31, 2015Inventors: William A. Stevens, JR., Alberto J. Martinez, Mukesh Kataria, Purushottam Goel, Tim Abels, Mahesh S. Natu
-
Patent number: 9195824Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.Type: GrantFiled: September 25, 2014Date of Patent: November 24, 2015Assignee: Intel CorporationInventors: Ned M. Smith, Vedvyas Shanbhogue, Arvind Kumar, Purushottam Goel
-
Publication number: 20150293777Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.Type: ApplicationFiled: June 3, 2015Publication date: October 15, 2015Inventors: Vedvyas Shanbhogue, Arvind Kumar, Purushottam Goel
-
Publication number: 20150222629Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier.Type: ApplicationFiled: February 9, 2015Publication date: August 6, 2015Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
-
Patent number: 9086913Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.Type: GrantFiled: December 31, 2008Date of Patent: July 21, 2015Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Arvind Kumar, Purushottam Goel
-
Publication number: 20150200937Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.Type: ApplicationFiled: September 29, 2014Publication date: July 16, 2015Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
-
Patent number: 9015793Abstract: A management controller of a computing device is identified on a network and queried for attributes of the computing device. The management controller is securely implemented in hardware of the computing device and is independent of a central processing unit (CPU) of the computing device. Data is received from the management controller that identifies one or more attributes of the computing device. A security policy of the network is implemented for the computing device based on the one or more attributes.Type: GrantFiled: December 21, 2012Date of Patent: April 21, 2015Assignee: McAfee, Inc.Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker
-
Publication number: 20150095638Abstract: A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.Type: ApplicationFiled: October 7, 2014Publication date: April 2, 2015Inventors: Ned M. Smith, Purushottam Goel
-
Patent number: 8966657Abstract: In some embodiments a secure permit request to change a hardware configuration is created. The secure permit request is sent to a remote location, and a permit sent from the remote location in response to the permit request is received. The hardware configuration is changed in response to the received permit. Other embodiments are described and claimed.Type: GrantFiled: December 31, 2009Date of Patent: February 24, 2015Assignee: Intel CorporationInventors: Alberto J. Martinez, William A. Stevens, Jr., Purushottam Goel, Ernie Brickell