Uri L Blumenthal

US Patent:

7593717, Sep 22, 2009

Filed:

Sep 12, 2003

Appl. No.:

10/661715

Inventors:

Michael Marcovici - Montville NJ, US
Semyon B. Mizikovsky - Morganville NJ, US
Sarvar M. Patel - Wheaton IL, US
Uri Blumenthal - Fair Lawn NJ, US

Assignee:

Alcatel-Lucent USA Inc. - Murray Hill NJ

International Classification:

H04L 9/32
H04L 9/00

US Classification:

455411, 713171, 380 44

Abstract:

A method is provided for determining a private key for a first network based on at least one security value associated with a second network. The method further includes establishing a plurality of sessions between a mobile terminal and the first network based on the private key.

US Patent:

8132003, Mar 6, 2012

Filed:

Sep 28, 2007

Appl. No.:

11/864573

Inventors:

David Durham - Beaverton OR, US
Hormuzd M. Khosravi - Portland OR, US
Uri Blumenthal - Fair Lawn NJ, US
Men Long - Hillsboro OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

H04L 29/06

US Classification:

713164, 711 6, 711163, 718 1, 726 15, 726 27, 713176, 713170, 713169, 713150, 713190, 713193, 380255, 380282, 380285

Abstract:

Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

US Patent:

8132018, Mar 6, 2012

Filed:

Jun 30, 2005

Appl. No.:

11/174126

Inventors:

Avigdor Eldar - Jerusalem, IL
Itamar Sharoni - Tel Aviv, IL
Tsippy Mendelson - Jerusalem, IL
Uri Blumenthal - Fair Lawn NJ, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 21/00

US Classification:

713183, 713184, 713182, 713178, 713179, 713185, 713186, 705 18, 705 67, 705 72, 726 2, 726 4, 726 17, 726 18, 726 21, 726 27, 726 28, 726 29, 380229, 380232

Abstract:

Apparatus, system, and method having a first counter to record a number of invalid authentication requests, a first timer to set a first time period based on a value of the first counter, and an authentication module associated with the first counter and the first timer to receive an initial authentication request that includes a username and when said username is invalid, the module is to invalidate any subsequent authentication requests under the username during the first time period regardless of whether the subsequent requests includes a valid username. The system further includes a communication medium. The method includes receiving an authentication request with new information in a first session, validating the new information, and caching the validated new information in the first session.

US Patent:

8205238, Jun 19, 2012

Filed:

Mar 30, 2006

Appl. No.:

11/393486

Inventors:

Uri Blumenthal - Fair Lawn NJ, US
Hormuzd Khosravi - Portland OR, US
Karanvir Grewal - Hillsboro OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

H04L 29/06

US Classification:

726 1, 713164

Abstract:

Transport agnostic, secure communication protocol for transmitting host platform posture information to the Network Access Control Server or PDP (Policy Decision Point) and for receiving policy information to be enforced on the trusted host platform and respective applications for data processing and communication are described herein.

US Patent:

8281402, Oct 2, 2012

Filed:

May 16, 2006

Appl. No.:

11/435038

Inventors:

Ravi Sahita - Beaverton OR, US
Uday Savagaonkar - Beaverton OR, US
Hormuzd Khosravi - Portland OR, US
Uri Blumenthal - Fair Lawn NJ, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

H04L 29/06

US Classification:

726 25

Abstract:

According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.

US Patent:

8438618, May 7, 2013

Filed:

Dec 21, 2007

Appl. No.:

11/963062

Inventors:

Avigdor Eldar - Jerusalem, IL
Howard C. Herbert - Phoenix AZ, US
Purushottam Goel - Beaverton OR, US
Uri Blumenthal - Fair Lawn NJ, US
David Hines - Phoenix AZ, US
Carey Smith - Hillsboro OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

H04L 29/06

US Classification:

726 5, 713155, 713156, 713157, 713182, 713184

Abstract:

Active management technology (AMT) may be provisioned in a client device automatically, which may provide a secure connection between the provisioning server and the client device. The client device comprising the active management technology may support zero-touch provisioning and one-touch provisioning.

US Patent:

8499151, Jul 30, 2013

Filed:

Mar 5, 2012

Appl. No.:

13/412382

Inventors:

David Durham - Beaverton OR, US
Hormuzd M. Khosravi - Portland OR, US
Uri Blumenthal - Fair Lawn NJ, US
Men Long - Hillsboro OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

H04L 29/06

US Classification:

713164, 711 6, 711163, 718 1, 726 15, 726 27, 713176, 713170, 713169, 713150, 713190, 713193, 380255, 380282, 380285

Abstract:

Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.

US Patent:

20040049509, Mar 11, 2004

Filed:

Sep 11, 2002

Appl. No.:

10/241162

Inventors:

Alexander Keller - New York NY, US
Uri Blumenthal - Fair Lawn NJ, US
Rory Jackson - Eastchester NY, US
Lorraine Jackson - Eastchester NY, US
Gautam Kar - Yorktown Heights NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F007/00

US Classification:

707/100000

Abstract:

Techniques for managing information in a computing environment. Information associated with components of the computing environment is obtained. Then, from at least a portion of the obtained information, a determination is made as to the existence of one or more relationships associated with at least a portion of the components of the computing environment. The determination of the existence of one or more relationships is capable of accounting for a full lifecycle (e.g., including deployment, installation and runtime) associated with at least one component of the computing environment. Thus, techniques for managing runtime dependencies between the various components of computing systems are disclosed which provide a level of abstraction from individual systems and allow the computation of service/component (wherein the component may, for example, be an application, middleware, hardware, a device driver, an operating system and a system associated with the computing environment) dependencies that are related to end-to-end services, as perceived by a customer. By way of example, the inventive techniques may be applied to a distributed computing environment. The computing environment may also be an autonomic computing environment.