US Patent No: 6,061,794

System and method for performing secure device communications in a peer-to-peer bus architecture

Stats

May 9, 2000
Issued date
Sep 30, 1997
filing date
08/940,551
serial no
In Force
status

ALSO PUBLISHED AS: 5396654

Importance

Loading Importance Indicators... loading....

Abstract

A system and method for performing secure peer-to-peer device communications on an I/O bus, such as a PCI bus, a Fiber Channel bus, an IEEE, 1394 bus or a Universal Serial Bus. The system includes a plurality of intelligent I/O devices, such as intelligent storage devices and/or controllers, communications devices, video devices and audio devices. The I/O devices perform peer-to-peer message and data transfers, thereby bypassing the operating system running on the computer's CPU. The intelligent I/O devices encrypt messages and data before transmitting them on the I/O bus and conversely decrypt the messages and data upon reception. The encryption provides secrecy and/or authentication of the sender. The devices use keys or passwords to encrypt/decrypt the data. The keys are stored in non-volatile memory in the devices and are distributed to the devices by the system BIOS at initialization time. The devices perform access authorization validation using rule sets also distributed by the BIOS at initialization time. The rule sets specify which I/O operations are valid for a peer I/O device to request of a respective I/O device based, preferably, upon the device class/subclasses of the requesting device. In another embodiment, one of the intelligent I/O devices may be a communications device which serves as a firewall for the I/O bus. In this embodiment, the rule set further includes identification information of the remote machines/devices.

Loading the Abstract Image... loading....

First Claim

loading....

Related Publications

Loading Related Publications... loading....

Patent Owner(s)

Patent Owner	Address	Total Patents
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.	HOUSTON, TX	25733

International Classification(s)

G06F:ELECTRIC DIGITAL DATA PROCESSING

[Classification Symbol]

[Patents Count]

Inventor(s)

Inventor Name	Address	# of filed Patents	Total Citations
Angelo, Michael F	Houston, TX	64	2162
Driscoll, Dan J	Spring, TX	1	220
Olarig, Sompong P	Cypress, TX	70	2239
Wooten, David R	Spring, TX	47	879

Cited Art

Patent Info	# Cites	Year
INTEL CORPORATION (3)
5,568,552 Method for providing a roving software license from one node to another node	383	1995
5,724,027 Method and apparatus for providing system security to personal computer systems using transparent system interrupt	29	1995
5,841,976 Method and apparatus for supporting multipoint communications in a protocol-independent manner	34	1996
DELL USA, L.P. (2)
5,657,445 Apparatus and method for limiting access to mass storage devices in a computer system	152	1996
5,805,880 Operating system independent method for avoiding operating system security for operations performed by essential utilities	37	1996
INTERNATIONAL BUSINESS MACHINES CORPORATION (2)
5,745,678 Method and system for the secured distribution of multimedia titles	175	1997
5,931,947 Secure array of remotely encrypted storage devices	161	1997
RADIO LOCAL AREA NETWORKS, INC. (2)
5,530,701 Network link controller	34	1994
5,551,066 Network link controller for dynamic designation of master nodes	64	1995
ASCEND COMMUNICATIONS, INC. (1)
5,889,958 Network access control system and process	150	1996
AT&T CORP. (1)
5,706,431 System and method for distributively propagating revisions through a communications network	30	1995
CHA! TECHNOLOGIES SERVICES, INC. (1)
5,903,721 Method and system for secure online transaction processing	293	1997
FUJITSU LIMITED (1)
5,784,464 System for and method of authenticating a client	114	1996
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (1)
5,859,911 Method for the secure remote flashing of the BIOS of a computer	57	1997
IPASS INC. (1)
5,898,780 Method and apparatus for authorizing remote internet access	310	1996
MATSUSHITA ELECTRIC INDUSTRIAL CO., LTD. (1)
5,600,803 Data transfer system and method using data bus having bi-directional serial data line, clock line and bi-directional control line	10	1994
MICRON TECHNOLOGY, INC. (1)
5,692,124 Support of limited write downs through trustworthy predictions in multilevel security of computer network communications	98	1996
NOVELL, INC. (1)
5,787,175 Method and apparatus for collaborative document control	210	1995
PITNEY BOWES INC. (1)
5,390,351 System for communicating with plural nodes in predetermined intervals depended on integers assigned and changed based upon configuration thereof	23	1992
ROUND ROCK RESEARCH, LLC (1)
5,832,228 System and method for providing multi-level security in computer devices utilized with non-secure networks	105	1996
SCIENTIFIC RESEARCH MANAGEMENT CORPORATION (1)
5,826,014 Firewall system for protecting network elements connected to a public network	276	1996
TREND MICRO INCORPORATED (1)
5,787,427 Information handling system, method, and article of manufacture for efficient object security processing by grouping objects sharing common control access policies	125	1996
UNISYS CORPORATION (1)
5,559,933 Distributed enterprise print controller	198	1994
VERIZON PATENT AND LICENSING INC. (1)
4,919,545 Distributed security procedure for intelligent networks	144	1988

Patent Citation Ranking

Forward Cites

Patent Info	# Cites	Year
INTEL CORPORATION (94)
6,510,521 Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage	35	1998
6,401,208 Method for BIOS authentication prior to BIOS execution	80	1998
6,965,911 Efficiently exporting local device access onto a system area network using a direct-call interface	8	1998
6,560,706 Interface for ensuring system boot image integrity and authenticity	91	1999
7,356,817 Real-time scheduling of virtual machines	9	2000
7,111,176 Generating isolated bus cycles for isolated execution	4	2000
7,089,418 Managing accesses in a processor for isolated execution	3	2000
7,073,071 Platform and method for generating and utilizing a protected audit log	3	2000
7,013,481 Attestation key memory device and bus	13	2000
7,013,484 Managing a secure environment using a chipset in isolated execution mode	13	2000
6,996,710 Platform and method for issuing and certifying a hardware-protected attestation key	9	2000
6,990,579 Platform and method for remote attestation of a platform	11	2000
6,957,332 Managing a secure platform using a hierarchical executive architecture in isolated execution mode	6	2000
6,760,441 Generating a key hieararchy for use in an isolated execution environment	27	2000
6,754,815 Method and system for scrubbing an isolated area of memory after reset of a processor operating in isolated execution mode if a cleanup flag is set	16	2000
7,085,935 Managing a secure environment using a chipset in isolated execution mode	2	2000
7,082,615 Protecting software environment in isolated execution	19	2000
6,941,458 Managing a secure platform using a hierarchical executive architecture in isolated execution mode	5	2000
7,793,111 Mechanism to handle events in a machine with isolated execution	0	2000
7,389,427 Mechanism to secure computer output from software attack using isolated execution	3	2000
7,215,781 Creation and distribution of a secret value between two devices	1	2000
7,818,808 Processor mode for limiting the operation of guest software running on a virtual machine supported by a virtual machine monitor	8	2000
7,225,441 Mechanism for providing power management through virtualization	35	2000
7,117,376 Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations	17	2000
7,035,963 Method for resolving address space conflicts between a virtual machine monitor and a guest operating system	19	2000
6,907,600 Virtual translation lookaside buffer	31	2000
6,769,058 Resetting a processor in an isolated execution environment	4	2000
7,194,634 Attestation key memory device and bus	7	2001
7,272,831 Method and apparatus for constructing host processor soft devices independent of the host processor operating system	18	2001
7,096,497 File checking using remote signing authority via a network	9	2001
7,191,440 Tracking operating system process and thread execution and virtual machine execution in hardware or in a virtual machine monitor	32	2001
7,024,555 Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment	18	2001
7,103,771 Connecting a virtual token to a physical token	26	2001
7,308,576 Authenticated code module	2	2001
7,480,806 Multi-token seal and unseal	5	2002
7,631,196 Method and apparatus for loading a trustable operating system	1	2002
7,130,999 Using authentication certificates for authorization	14	2002
7,069,442 System and method for execution of a secured environment initialization instruction	16	2002
7,028,149 System and method for resetting a platform configuration register	33	2002
7,076,669 Method and apparatus for communicating securely with a token	2	2002
7,058,807 Validation of inclusion of a platform within a data center	11	2002
7,127,548 Control register access virtualization performance improvement in the virtual-machine architecture	7	2002
7,139,890 Methods and arrangements to interface memory	15	2002
6,820,177 Protected configuration space in a protected environment	6	2002
7,142,674 Method of confirming a secure key exchange	6	2002
7,392,415 Sleep protection	0	2002
7,124,327 Control over faults occurring during the operation of guest software in the virtual-machine architecture	14	2002
6,996,748 Handling faults associated with operation of guest software in the virtual-machine architecture	10	2002
7,296,267 System and method for binding virtual machines to hardware contexts	40	2002
7,526,595 Data path master/slave data processing device apparatus and method	1	2002
7,512,975 Hardware-assisted credential validation	6	2002
7,546,452 Hardware-based credential management	2	2002
7,165,181 System and method for establishing trust without revealing identity	19	2002
7,073,042 Reclaiming existing fields in address translation data structures to extend control over memory accesses	15	2002
7,318,235 Attestation using both fixed token and portable token	12	2002
7,900,017 Mechanism for remapping post virtual machine memory pages	1	2002
7,076,802 Trusted system clock	7	2002
7,415,708 Virtual machine management using processor state information	14	2003
7,424,709 Use of multiple virtual machine monitors to handle privileged events	9	2003
7,287,197 Vectoring an interrupt or exception upon resuming operation of a virtual machine	2	2003
7,739,521 Method of obscuring cryptographic computations	0	2003
7,610,611 Prioritized address decoder	0	2003
7,366,305 Platform and method for establishing trust without revealing identity	2	2003
7,237,051 Mechanism to control hardware interrupt acknowledgement in a virtual machine system	7	2003
7,177,967 Chipset support for managing hardware interrupts in a virtual machine system	12	2003
7,020,738 Method for resolving address space conflicts between a virtual machine monitor and a guest operating system	8	2003
6,934,817 Controlling access to multiple memory zones in an isolated execution environment	12	2003
7,636,844 Method and system to provide a trusted channel within a computer system for a SIM device	3	2003
8,156,343 Accessing private data about the state of a data processing machine from storage that is publicly accessible	0	2003
8,037,314 Replacing blinded authentication authority	1	2003
7,802,085 Apparatus and method for distributing private keys to an entity with minimal secret, unique information	0	2004
7,356,735 Providing support for single stepping a virtual machine in a virtual machine environment	3	2004
7,620,949 Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment	1	2004
7,490,070 Apparatus and method for proving the denial of a direct proof signature	5	2004
7,366,849 Protected configuration space in a protected environment	4	2004
7,305,592 Support for nested fault in a virtual machine environment	13	2004
7,840,962 System and method for controlling switching between VMM and VM using enabling value of VMM timer indicator and VMM timer value having a specified time	1	2004
8,146,078 Timer offsetting mechanism in a virtual machine environment	0	2004
7,395,405 Method and apparatus for supporting address translation in a virtual machine environment	2	2005
7,313,669 Virtual translation lookaside buffer	1	2005
7,546,457 System and method for execution of a secured environment initialization instruction	3	2005
7,809,957 Trusted platform module for generating sealed data	4	2005
7,302,511 Chipset support for managing hardware interrupts in a virtual machine system	4	2005
7,516,330 Platform and method for establishing provable identities while maintaining privacy	2	2005
7,921,293 Apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment	0	2006
8,014,530 Method and apparatus for authenticated, recoverable key distribution with no database secrets	0	2006
7,454,611 System and method for establishing trust without revealing identity	1	2007
7,836,275 Method and apparatus for supporting address translation in a virtual machine environment	2	2008
8,296,762 Virtual machine management using processor state information	0	2008
7,707,347 Data path master/slave data processing device apparatus	0	2009
8,185,734 System and method for execution of a secured environment initialization instruction	0	2009
7,861,245 Method and apparatus for facilitating recognition of an open event window during operation of guest software in a virtual machine environment	0	2009
8,386,788 Method and apparatus for loading a trustable operating system	0	2009
8,195,914 Mechanism for remapping post virtual machine memory pages	0	2011
FIRST DATA CORPORATION (35)
6,820,202 Account authority digital signature (AADS) system	62	1998
7,558,965 Entity authentication in electronic communications by providing verification status of device	16	2001
7,552,333 Trusted authentication digital signature (tads) system	11	2001
7,500,272 Manufacturing unique devices that generate digital signatures	7	2001
7,200,749 Method and system for using electronic communications for an electronic contract	18	2001
7,047,416 Account-based digital signature (ABDS) system	10	2001
6,983,368 Linking public key of device to information during manufacture	8	2001
6,978,369 Person-centric account-based digital signature system	66	2001
6,820,199 Sending electronic transaction message, digital signature derived therefrom, and sender identity information in AADS system	20	2002
7,010,691 ABDS system utilizing security information in authenticating entity access	14	2003
6,950,940 ABDS method utilizing security information in authenticating entity access	22	2003
6,938,156 ABDS system and verification status for authenticating entity access	45	2003
6,851,054 Account-Based digital signature (ABDS) system for authenticating entity access to controlled resource	49	2003
7,096,354 Central key authority database in an ABDS system	14	2003
7,082,533 Gauging risk in electronic communications regarding accounts in ABDS system	9	2003
7,047,414 Managing database for reliably identifying information of device generating digital signatures	25	2003
7,028,185 Managing database for identifying to recipients security features of devices generating digital signatures	18	2003
6,959,381 Central key authority (CKA) database for user accounts in ABDS system	17	2003
6,957,336 Establishing initial PuK-linked account database	9	2003
6,952,773 Requesting execution of instructions on accounts in ABDS system	9	2003
6,915,430 Reliably identifying information of device generating digital signatures	13	2003
6,892,302 Incorporating security certificate during manufacture of device generating digital signatures	13	2003
6,789,189 Managing account database in ABDS system	33	2003
7,257,228 Account authority digital signature (AADS) system using encoded information	7	2004
7,032,112 Account authority digital signature (AADS) system using transactional account information	6	2004
7,089,421 Sending electronic transaction message, digital signature derived therefrom, and sender identity information in AADS system	7	2004
7,549,050 Sending electronic transaction message for entity information account, digital signature derived therefrom, and sender identity information in AADS system	0	2004
7,519,821 Account authority digital signature (AADS) system	1	2004
7,831,519 Methods and systems for electromagnetic initiation of secure transactions	0	2004
7,936,869 Verifying digital signature based on shared knowledge	0	2005
7,869,593 Software for providing based on shared knowledge public keys having same private key	2	2005
7,693,277 Generating digital signatures using ephemeral cryptographic key	0	2005
7,593,527 Providing digital signature and public key based on shared knowledge	1	2005
7,490,239 Facilitating digital signature based on ephemeral private key	4	2005
7,784,106 Manufacturing unique devices that generate digital signatures	0	2009
MICROSOFT CORPORATION (16)
6,751,728 System and method of transmitting encrypted packets through a network access point	40	1999
7,469,343 Dynamic substitution of USB data for on-the-fly encryption/decryption	2	2003
7,702,668 Asset composition	0	2003
8,347,078 Device certificate individualization	0	2004
8,365,301 Peer-to-peer network communication	0	2005
7,849,303 Peer-to-peer network information storage	1	2005
7,669,056 Method and apparatus for measuring presentation data exposure	6	2005
7,817,647 Flower-petal resolutions for PNRP	1	2005
8,438,645 Secure clock with grace periods	0	2005
8,353,046 System and method for delivery of a modular operating system	0	2005
8,176,564 Special PC mode entered upon detection of undesired state	1	2005
8,336,085 Tuning product policy using observed evidence of customer behavior	0	2005
7,870,096 Asset composition	0	2006
7,720,962 Peer-to-peer name resolution protocol (PNRP) security infrastructure and method	2	2006
8,255,988 Direct peripheral communication for restricted mode operation	0	2007
7,725,567 Peer-to-peer name resolution protocol (PNRP) security infrastructure and method	0	2008
INTERNATIONAL BUSINESS MACHINES CORPORATION (15)
6,775,771 Method and system for presentation and manipulation of PKCS authenticated-data objects	10	1999
6,971,016 Authenticated access to storage area network	41	2000
6,895,453 System and method for improved handling of fiber channel remote devices	4	2001
7,072,994 Method, system, and program for determining a number of device addresses supported by a target device and configuring device addresses used by a source device to communicate with the target device	5	2002
7,356,697 System and method for authentication to an application	0	2003
7,886,086 Method and apparatus for restricting input/output device peer-to-peer operations in a data processing system to improve reliability, availability, and serviceability	0	2005
7,552,240 Method for user space operations for direct I/O between an application instance and an I/O adapter	0	2005
7,502,872 Method for out of user space block mode I/O directly between an application instance and an I/O adapter	0	2005
7,502,871 Method for query/modification of linear block address table entries for direct I/O	0	2005
7,464,189 System and method for creation/deletion of linear block address table entries for direct I/O	1	2005
7,657,662 Processing user space operations directly between an application instance and an I/O adapter	0	2005
7,577,761 Out of user space I/O directly between a host system and a physical adapter using file based linear block address translation	0	2005
7,500,071 Method for out of user space I/O with server authentication	2	2005
7,877,792 System and method for authentication to an application	0	2008
7,849,228 Mechanisms for creation/deletion of linear block address table entries for direct I/O	0	2008
RESEARCH IN MOTION LIMITED (8)
7,793,355 System and method of owner control of electronic devices	8	2003
8,045,958 System and method for application program operation on a wireless device	2	2005
8,332,906 Method of customizing a standardized IT policy	0	2006
8,195,763 Secure method of synchronizing cache contents of a mobile browser with a server	0	2006
8,005,891 Method for training a server for content delivery based on communication of state information from a mobile device browser	12	2006
8,429,410 System and method of installing software applications on electronic devices	0	2010
8,302,185 System and method of owner control of electronic devices	1	2010
8,254,884 System and method for application program operation on a wireless device	0	2011
HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P. (6)
6,839,771 Method and system for using a universal serial bus (USB) as a peer-to-peer network	14	2000
6,717,821 Integrated circuit device/circuit board connection apparatus	4	2002
7,240,201 Method and apparatus to provide secure communication between systems	3	2003
7,228,432 Method and apparatus for providing security for a computer system	7	2003
7,930,503 Method and apparatus for operating multiple security modules	0	2004
7,382,880 Method and apparatus for initializing multiple security modules	4	2004
EMC CORPORATION (4)
7,756,986 Method and apparatus for providing data management for a storage system coupled to a network	0	1998
6,263,445 Method and apparatus for authenticating connections to a storage system coupled to a network	87	1998
7,260,636 Method and apparatus for preventing unauthorized access by a network device	12	2000
7,624,265 Methods and apparatus for establishing communications with a data storage system	3	2001
CISCO TECHNOLOGY, INC. (3)
7,117,527 Device, system, and method for capturing email borne viruses	1	2000
7,965,843 Methods and apparatus for security over fibre channel	1	2001
7,333,612 Methods and apparatus for confidentiality protection for Fibre Channel Common Transport	1	2004
NXP B.V. (3)
6,212,633 Secure data communication over a memory-mapped serial communications interface utilizing a distributed firewall	145	1998
6,134,662 Physical layer security manager for memory-mapped serial communications interface	46	1998
7,743,257 Security processor with bus configuration	0	2002
WESTERN DIGITAL VENTURES, INC. (3)
7,215,771 Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network	43	2000
7,155,616 Computer network comprising network authentication facilities implemented in a disk drive	10	2000
7,003,674 Disk drive employing a disk with a pristine area for storing encrypted data accessible only by trusted devices or clients to facilitate secure network communications	37	2000
DIGI INTERNATIONAL INC. (2)
6,904,489 Methods and systems for remotely accessing universal serial bus devices	11	2001
7,185,136 Methods and systems for remotely accessing universal serial bus devices	4	2005
EBAY INC. (2)
6,914,985 Method and system for presentation and manipulation of PKCS enveloped-data objects	13	1999
6,772,341 Method and system for presentation and manipulation of PKCS signed-data objects	12	1999
IGT (2)
7,819,750 USB software architecture in a gaming machine	4	2003
7,704,147 Download procedures for peripheral devices	14	2003
SAMSUNG ELECTRONICS CO., LTD. (2)
6,639,914 Analog translator for IEEE 1394 and translating method thereof	4	1999
6,842,814 Method for managing a digital interface connection	3	2000
SUN MICROSYSTEMS, INC. (2)
6,941,456 Method, system, and program for encrypting files in a computer system	39	2001
7,574,523 Relay peers for extending peer availability in a peer-to-peer networking environment	20	2002
ARCHITECTURE TECHNOLOGY CORPORATION (1)
8,015,211 Secure peer-to-peer object storage system	1	2004
COLLIGO NETWORKS, INC. (1)
7,613,772 Method for context based discovery and filtering of portable collaborative networks	4	2002
FELSHER, DAVID P., MR. (1)
7,181,017 System and method for secure three-party communications	226	2002
GREEN PACKET, INC. (1)
7,854,011 Method of managing digital rights	1	2005
GREEN PLUG, INC. (1)
8,296,587 Powering an electrical device through a legacy adapter capable of digital communication	0	2008
HGST NETHERLANDS B.V. (1)
8,363,837 Data storage device with data transformation capability	0	2005
LENOVO (SINGAPORE) PTE LTD. (1)
6,996,705 Method and system for configuring the language of the BIOS in a computer system	1	2001
MATSUSHITA ELECTRIC INDUSTRIAL CO., LTD. (1)
7,380,118 Data transmitting apparatus, data receiving apparatus, data transmission system and data transmission method	1	2003
MELLANOX TECHNOLOGIES LTD. (1)
6,668,299 Software interface between a parallel bus and a packet network	21	2000
MICRON TECHNOLOGY, INC. (1)
6,298,409 System for data and interrupt posting for computer devices	4	1998
MIL-COM TECHNOLOGIES PTE LTD. (1)
6,278,913 Automated flight data management system	64	1999
MOTOROLA MOBILITY LLC (1)
7,899,188 Method and system to authenticate a peer in a peer-to-peer network	0	2007
NOKIA, INC. (1)
7,206,935 System and method for protecting network appliances against security breaches	2	2002
PANASONIC CORPORATION (1)
8,386,606 Group formation/management system, group management device, and member device	0	2008
PIONEER CORPORATION (1)
7,222,364 Information sending method and information sending apparatus, information receiving apparatus and information receiving method, information transmission system and information transmission method, and information recording medium	0	2001
RIVERWOOD INTERNATIONAL CORPORATION (1)
7,143,284 ABDS method and verification status for authenticating entity access	7	2003
SIEMENS AKTIENGESELLSCHAFT (1)
8,171,073 Computer system connected to a data communications network	0	2003
SKYPE LIMITED (1)
8,009,572 Peer-to-peer telephone system	0	2004
SONY CORPORATION (1)
7,103,660 Information processing apparatus, method thereof, network system, record medium, and program	2	2001
TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) (1)
8,046,514 Broadcasting data across a bus in which data transmission can be delayed if a snooping device is not ready to receive	0	2001
THE WESTERN UNION COMPANY (1)
7,933,835 Secure money transfer systems and methods using biometric keys associated therewith	1	2007
TOSHIBA GLOBAL COMMERCE SOLUTIONS HOLDINGS CORPORATION (1)
6,993,650 Authentications integrated into a boot code image	8	2001
OTHER [CHECK PATENT PROFILE FOR ASSIGNMENT INFORMATION] (1)
7,587,368 Information record infrastructure, system and method	41	2001

Maintenance Fees

Fee	Large entity fee	small entity fee	micro entity fee	due date

Fee	Large entity fee	small entity fee	micro entity fee
Surcharge after expiration - Late payment is unavoidable	$700.00	$350.00	$175.00
Surcharge after expiration - Late payment is unintentional	$1,640.00	$820.00	$410.00

US Family Size	International Coverage
Patent Longevity	Forward Citations