公开(公告)号：JP2010073193A

公开(公告)日：2010-04-02

申请号：JP2009152986

申请日：2009-06-26

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： ZIMMER VINCENT J ,  ROTHMAN MICHAEL A

IPC: G06F21/22

CPC classification number: G06F21/575

Abstract: PROBLEM TO BE SOLVED: To execute firmware only in the way permitted by an owner in a mobile computing platform. SOLUTION: A system includes: a host processor 910 for performing a host operating system and a host application; firmware for booting the host processor 910 using one or more signing keys between boots, each signing key associated with a software image 921 loaded in the platform between the boots; and a security processor 931 of the platform bound with a secure memory store 920 that the firmware and other host processor 910 applications are unable to access, which manages the one or more signing keys and controls loading of images between the boots. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：仅以移动计算平台中的所有者允许的方式执行固件。 解决方案：系统包括：用于执行主机操作系统和主机应用的主机处理器910; 用于使用引导之间的一个或多个签名密钥来引导主处理器910的固件，每个签名密钥与加载在该引导器之间的平台中的软件映像921相关联; 以及平台的安全处理器931与安全存储器存储器920绑定，固件和其他主机处理器910应用程序无法访问，管理一个或多个签名密钥并控制引导之间的图像加载。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：JP2009129460A

公开(公告)日：2009-06-11

申请号：JP2008296543

申请日：2008-11-20

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： ZIMMER VINCENT J ,  ROTHMAN MICHAEL A

IPC: G06F21/20 ,  G06F13/00

CPC classification number: G06F21/575

Abstract: PROBLEM TO BE SOLVED: To securely perform remote provisioning. SOLUTION: Embodiments of the present invention provide for remote provisioning using a device identifier. In some embodiments, a client device may transmit the device identifier to a provisioning server. After an association of the device identifier and the client device is authenticated, the client device may receive a boot image of an operating system from the function provision server. Other embodiments may be described and claimed. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：安全地执行远程配置。 解决方案：本发明的实施例提供使用设备标识符进行远程配置。 在一些实施例中，客户端设备可以将设备标识符发送到配置服务器。 在设备标识符和客户端设备的关联被认证之后，客户端设备可以从功能提供服务器接收操作系统的引导映像。 可以描述和要求保护其他实施例。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：WO2011162914A3

公开(公告)日：2012-04-05

申请号：PCT/US2011038504

申请日：2011-05-31

Applicant: INTEL CORP ,  ZHOU HUA ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  QIAN YI ,  CHEN JUNWEI STANLEY ,  HUANG FUJIN

Inventor： ZHOU HUA ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  QIAN YI ,  CHEN JUNWEI STANLEY ,  HUANG FUJIN

IPC: G06F9/445

CPC classification number: G06F9/45558 ,  G06F2009/45579

Abstract: In a computing system having a processor package, an operating system, and a physical I/O device, a partial virtual machine is provided to instantiate a virtual I/O device corresponding to the physical I/O device, the virtual I/O device having a virtual I/O controller. The partial virtual machine includes an I/O port trap to capture an I/O request to the virtual I/O device by the operating system; an I/O controller emulator coupled to the I/O port trap to handle an I/O control request to the virtual I/O controller, when the I/O request comprises an I/O control request; an I/O device emulator coupled to the I/O port trap component to handle an I/O access request to communicate with the virtual I/O device, when the I/O request comprises an I/O access request; and a device driver coupled to the I/O controller emulator and the I/O device emulator to communicate with the physical I/O device based at least in part on the I/O control request and the I/O access request. The partial virtual machine executes within a secure enclave session within the processor package, improving security of I/O transactions by preventing access to the partial virtual machine by the operating system.

Abstract translation: 在具有处理器包，操作系统和物理I / O设备的计算系统中，提供部分虚拟机来实例化对应于物理I / O设备的虚拟I / O设备，虚拟I / O设备 具有虚拟I / O控制器。 部分虚拟机包括I / O端口陷阱，以捕获操作系统对虚拟I / O设备的I / O请求; 当I / O请求包括I / O控制请求时，耦合到I / O端口陷阱的I / O控制器仿真器来处理对虚拟I / O控制器的I / O控制请求; 当I / O请求包括I / O访问请求时，I / O设备仿真器耦合到I / O端口陷阱组件以处理与虚拟I / O设备通信的I / O访问请求; 以及耦合到I / O控制器仿真器和I / O设备仿真器以至少部分地基于I / O控制请求和I / O访问请求与物理I / O设备通信的设备驱动器。 部分虚拟机在处理器包内的安全飞地会话内执行，通过防止操作系统访问部分虚拟机来提高I / O事务的安全性。

公开(公告)号：WO2011163263A3

公开(公告)日：2012-02-23

申请号：PCT/US2011041294

申请日：2011-06-21

Applicant: INTEL CORP ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SWANSON ROBERT C ,  SAKTHIKUMAR PALSAMY

Inventor： ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SWANSON ROBERT C ,  SAKTHIKUMAR PALSAMY

IPC: G06F21/22

CPC classification number: G06F21/57 ,  G06F2221/2111 ,  G06F2221/2151

Abstract: Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.

Abstract translation: 可以通过将一个或多个附加属性（诸如地理位置，可信时间，硬件供应商串和一个或多个环境因素）包括在用于机器模式的访问控制空间中来实现计算系统的安全协处理器模块中的局部性 计算系统的测量。

公开(公告)号：WO2007061681A3

公开(公告)日：2009-04-30

申请号：PCT/US2006044125

申请日：2006-11-13

Applicant: INTEL CORP ,  ROTHMAN MICHAEL A ,  ZHAO JERRY ,  CHEN CHANGPENG ,  LI RUTH ,  WU XIAOJIAN

Inventor： ROTHMAN MICHAEL A ,  ZHAO JERRY ,  CHEN CHANGPENG ,  LI RUTH ,  WU XIAOJIAN

IPC: G06F15/177

CPC classification number: G06Q30/02 ,  G06F9/4401 ,  H04L67/20 ,  H04L67/34

Abstract: A method and apparatus for retrieving dynamic content over a communications network prior to booting an operating system is presented. The content may include a screen image for display on a console. The time period for displaying the content may be controlled by another computer coupled to the communications network. The content may be an advertisement that is displayed on a computer system in an Internet cafe for a controllable period of time prior to booting an operating system.

Abstract translation: 提出了一种在引导操作系统之前通过通信网络检索动态内容的方法和装置。 内容可以包括用于在控制台上显示的屏幕图像。 用于显示内容的时间段可以由耦合到通信网络的另一个计算机控制。 该内容可以是在引导操作系统之前在可控制的时间段内在因特网咖啡馆的计算机系统上显示的广告。

公开(公告)号：AU2013215466A1

公开(公告)日：2014-07-31

申请号：AU2013215466

申请日：2013-01-24

Applicant: INTEL CORP

Inventor： ROTHMAN MICHAEL A ,  ZIMMER VINCENT J ,  DORAN MARK S ,  KINNEY MICHAEL D

IPC: G06F9/24 ,  G06F9/30

Abstract: Methods, systems and computer program products are disclosed for enhanced system boot processing that is faster to launch an operating system, as certain devices such as user input hardware devices may not be initialized unless it is determined that a user-interruption to the boot process is likely. That is, although an interface for the devices is exposed, no initialization occurs unless a call to the interface occurs. Other embodiments are described and claimed.

公开(公告)号：AU2011271088A1

公开(公告)日：2012-12-06

申请号：AU2011271088

申请日：2011-06-21

Applicant: INTEL CORP

Inventor： ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SWANSON ROBERT C ,  SAKTHIKUMAR PALSAMY

IPC: G06F21/22

Abstract: Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.

公开(公告)号：WO2012040606A3

公开(公告)日：2012-05-10

申请号：PCT/US2011053045

申请日：2011-09-23

Applicant: INTEL CORP ,  SWANSON ROBERT ,  ROTHMAN MICHAEL A ,  BULUSU MALLIK ,  ZIMMER VINCENT J ,  SAKTHIKUMAR PALSAMY

Inventor： SWANSON ROBERT ,  ROTHMAN MICHAEL A ,  BULUSU MALLIK ,  ZIMMER VINCENT J ,  SAKTHIKUMAR PALSAMY

IPC: G06F9/22 ,  G06F9/06 ,  G06F13/14

CPC classification number: G06F9/4416

Abstract: A network interface card with read-only memory having at least a micro-kernel of a cluster computing operation system, a server formed with such network interface card, and a computing cluster formed with such servers are disclosed herein. In various embodiments, on transfer, after an initial initialization phase during an initialization of a server, the network interface card loads the cluster computing operation system into system memory of the server, to enable the server, in conjunction with other similarly provisioned servers to form a computing cluster. Other embodiments are also disclosed and claimed.

Abstract translation: 本文公开了一种具有至少具有集群计算操作系统的微内核的只读存储器的网络接口卡，由该网络接口卡形成的服务器以及由这种服务器形成的计算集群。 在各种实施例中，在传送时，在服务器初始化期间的初始初始化阶段之后，网络接口卡将群集计算操作系统加载到服务器的系统存储器中，以使服务器结合其他类似配置的服务器来形成 一个计算集群。 其他实施例也被公开和要求保护。

公开(公告)号：WO2011156738A3

公开(公告)日：2012-04-05

申请号：PCT/US2011040020

申请日：2011-06-10

Applicant: INTEL CORP ,  SAKTHIKUMAR PALSAMY ,  SWANSON ROBERT C ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  BULUSU MALLIK

Inventor： SAKTHIKUMAR PALSAMY ,  SWANSON ROBERT C ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  BULUSU MALLIK

IPC: G06F9/22 ,  G06F9/06

CPC classification number: G06F21/572 ,  G06F2221/2141

Abstract: A method, apparatus, system, and computer program product for multi-owner deployment of firmware images. The method includes obtaining a signed firmware image that comprises a first code module signed by a first code owner and a second code module signed by a second code owner. The method further includes obtaining an updated first code module comprising updated code for the first code module, verifying that the updated first code module is signed by the first code owner, and updating the signed firmware image with the updated first code module in response to verifying that the updated first code module is signed by the first code owner. The signed firmware image may further comprise an access control list that authorizes updates to the first code module by the first code owner and updates to the second code module by the second code owner.

Abstract translation: 一种用于多所有者部署固件映像的方法，设备，系统和计算机程序产品。 该方法包括获得包括由第一代码所有者签名的第一代码模块和由第二代码所有者签名的第二代码模块的签名固件映像。 该方法还包括获得包括用于第一代码模块的更新代码的更新的第一代码模块，验证更新的第一代码模块是否被第一代码所有者签名，以及响应于验证更新带有更新的第一代码模块的签名固件图像 更新的第一代码模块由第一代码所有者签名。 签名的固件图像还可以包括访问控制列表，其授权第一代码所有者更新第一代码模块，并由第二代码所有者更新第二代码模块。

公开(公告)号：WO2013116073A9

公开(公告)日：2013-09-26

申请号：PCT/US2013022856

申请日：2013-01-24

Applicant: INTEL CORP

Inventor： ROTHMAN MICHAEL A ,  ZIMMER VINCENT J ,  DORAN MARK S ,  KINNEY MICHAEL D

IPC: G06F9/24 ,  G06F9/30

CPC classification number: G06F9/4406

Abstract: Methods, systems and computer program products are disclosed for enhanced system boot processing that is faster to launch an operating system, as certain devices such as user input hardware devices may not be initialized unless it is determined that a user-interruption to the boot process is likely. That is, although an interface for the devices is exposed, no initialization occurs unless a call to the interface occurs. Other embodiments are described and claimed.

Abstract translation: 公开了用于增强系统引导处理的方法，系统和计算机程序产品，其更快地启动操作系统，因为诸如用户输入硬件设备的某些设备可能不被初始化，除非确定引导过程的用户中断是 有可能。 也就是说，尽管暴露了设备的接口，但除非发生对接口的调用，否则不会发生初始化。 描述并要求保护其他实施例。