公开(公告)号：US20240104213A1

公开(公告)日：2024-03-28

申请号：US18528893

申请日：2023-12-05

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Michael R. Krause ,  Melvin Benedict ,  Ludovic Emmanuel Paul Noel Jacquin ,  Luis Luciani ,  Thomas Laffey ,  Theofrastos Koulouris ,  Shiva Dasari

IPC: G06F21/57 ,  G06F21/32 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/57 ,  G06F21/32 ,  H04L9/0816 ,  H04L9/3226

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

公开(公告)号：US11868474B2

公开(公告)日：2024-01-09

申请号：US17280507

申请日：2019-01-08

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Nigel Edwards ,  Michael R. Krause ,  Melvin Benedict ,  Ludovic Emmanuel Paul Noel Jacquin ,  Luis Luciani ,  Thomas Laffey ,  Theofrastos Koulouris ,  Shiva Dasari

IPC: G06F21/00 ,  G06F21/57 ,  G06F21/32 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/57 ,  G06F21/32 ,  H04L9/0816 ,  H04L9/3226

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

公开(公告)号：US10771264B2

公开(公告)日：2020-09-08

申请号：US16155983

申请日：2018-10-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Nigel Edwards ,  Ludovic Emmanuel Paul Noel Jacquin ,  Thomas Laffey ,  Theofrastos Koulouris

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/57 ,  H04L9/06

Abstract: A method for secure data protection includes generating a firmware digital certificate for a layer of firmware. The firmware operates a hardware component of a compute node. The firmware digital certificate is an attribute certificate. The firmware digital certificate includes a cumulative hash of the layer of firmware and a nonce. The cumulative hash includes a concatenation of a hash of the layer of firmware and a hash of each one or more lower layers of the firmware. The method includes authenticating the layer of firmware using a trusted data store. The trusted data store includes a binary image of an expected layer of firmware and a certificate chain comprising the hardware digital certificate and the firmware digital certificate.