公开(公告)号：JP2010073193A

公开(公告)日：2010-04-02

申请号：JP2009152986

申请日：2009-06-26

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： ZIMMER VINCENT J ,  ROTHMAN MICHAEL A

IPC: G06F21/22

CPC classification number: G06F21/575

Abstract: PROBLEM TO BE SOLVED: To execute firmware only in the way permitted by an owner in a mobile computing platform. SOLUTION: A system includes: a host processor 910 for performing a host operating system and a host application; firmware for booting the host processor 910 using one or more signing keys between boots, each signing key associated with a software image 921 loaded in the platform between the boots; and a security processor 931 of the platform bound with a secure memory store 920 that the firmware and other host processor 910 applications are unable to access, which manages the one or more signing keys and controls loading of images between the boots. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：仅以移动计算平台中的所有者允许的方式执行固件。 解决方案：系统包括：用于执行主机操作系统和主机应用的主机处理器910; 用于使用引导之间的一个或多个签名密钥来引导主处理器910的固件，每个签名密钥与加载在该引导器之间的平台中的软件映像921相关联; 以及平台的安全处理器931与安全存储器存储器920绑定，固件和其他主机处理器910应用程序无法访问，管理一个或多个签名密钥并控制引导之间的图像加载。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：JP2009129460A

公开(公告)日：2009-06-11

申请号：JP2008296543

申请日：2008-11-20

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： ZIMMER VINCENT J ,  ROTHMAN MICHAEL A

IPC: G06F21/20 ,  G06F13/00

CPC classification number: G06F21/575

Abstract: PROBLEM TO BE SOLVED: To securely perform remote provisioning. SOLUTION: Embodiments of the present invention provide for remote provisioning using a device identifier. In some embodiments, a client device may transmit the device identifier to a provisioning server. After an association of the device identifier and the client device is authenticated, the client device may receive a boot image of an operating system from the function provision server. Other embodiments may be described and claimed. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：安全地执行远程配置。 解决方案：本发明的实施例提供使用设备标识符进行远程配置。 在一些实施例中，客户端设备可以将设备标识符发送到配置服务器。 在设备标识符和客户端设备的关联被认证之后，客户端设备可以从功能提供服务器接收操作系统的引导映像。 可以描述和要求保护其他实施例。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：JP2012164337A

公开(公告)日：2012-08-30

申请号：JP2012091070

申请日：2012-04-12

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： WANG JING W ,  KUANG MING ,  ROTHMAN MICHAEL A ,  ZIMMER VINCENT J ,  CHEN ZU HONG JACK ,  ZHAO YEBIN ANDY

IPC: G06F9/48 ,  G06F9/46 ,  G06F9/50

CPC classification number: G06F1/3203

Abstract: PROBLEM TO BE SOLVED: To execute a task in a low power state in order to prevent any wasteful power from being generated.SOLUTION: A physical resource is virtualized concerning an operating environment and a service environment, and when a power saving mode is set, the physical resource passes the operating environment, and enters the service environment, and a first set formed of one or more physical resources is put in a low power consumption state, and a task is executed in the service environment by using a processor and a second set formed of one or more physical resources. The physical resource may be assigned to the operating environment when the operating environment is initialized, and the physical resource may be reassigned to the service environment used by the service environment while the other physical resources are put in the low power consumption state.

Abstract translation: 要解决的问题：为了防止产生任何浪费的电力，以低功率状态执行任务。 解决方案：关于操作环境和服务环境对物理资源进行虚拟化，并且当设置省电模式时，物理资源通过操作环境并进入服务环境，并且第一集合由一个或多个 更多的物理资源被置于低功耗状态，并且通过使用由一个或多个物理资源形成的处理器和第二集合在服务环境中执行任务。 当操作环境被初始化时，可以将物理资源分配给操作环境，并且可以将物理资源重新分配给服务环境使用的服务环境，而其他物理资源被置于低功耗状态。 版权所有（C）2012，JPO＆INPIT

公开(公告)号：JP2012003772A

公开(公告)日：2012-01-05

申请号：JP2011136221

申请日：2011-06-20

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： ZIMMER VINCENT J ,  MICHAEL A ROSMAN ,  ROBERT C SWANSON ,  PALUSAMI SAKTHIKUMAR ,  MALICK BOURSE

IPC: G06F21/20 ,  G06F21/24

CPC classification number: G06F21/57 ,  G06F2221/2111 ,  G06F2221/2151

Abstract: PROBLEM TO BE SOLVED: To enhance locality in a security co-processor module of a computer system.SOLUTION: Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.

Abstract translation: 要解决的问题：增强计算机系统的安全协处理器模块中的位置。 解决方案：可以通过将一个或多个附加属性（例如地理位置，可信时间，硬件供应商串，以及一个或多个环境因素）包括在访问中来实现在计算系统的安全协处理器模块中的增强位置 用于计算系统的机器模式测量的控制空间。 版权所有（C）2012，JPO＆INPIT

公开(公告)号：JP2011134321A

公开(公告)日：2011-07-07

申请号：JP2010277064

申请日：2010-12-13

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： ROTHMAN MICHAEL A ,  ZIMMER VINCENT J

IPC: G06F1/32

CPC classification number: G06F1/3206 ,  G06F1/3209

Abstract: PROBLEM TO BE SOLVED: To achieve processing of a wake event in a firmware environment while a computing device is maintaining low power consumption state.
SOLUTION: Method includes: a step of re-instantiating a firmware environment that includes one or more firmware functions available at pre-boot time when transitioning the computing device from a first high power consumption state to a second low power consumption state; a step of receiving a network event by the firmware while the computing device is the second low power consumption state; and a step where the firmware environment processes the network event without returning the entire computing device to the first high power consumption state independently of an operating system.
COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：在计算设备保持低功耗状态的同时，在固件环境中实现唤醒事件的处理。 方法包括：重新实例化固件环境的步骤，该固件环境包括在将计算设备从第一高功耗状态转换到第二低功耗状态时在预引导时可用的一个或多个固件功能; 当所述计算设备是所述第二低功耗状态时，由所述固件接收网络事件的步骤; 以及固件环境处理网络事件而不将操作系统独立地将整个计算设备返回到第一高功耗状态的步骤。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2011028712A

公开(公告)日：2011-02-10

申请号：JP2009224640

申请日：2009-09-29

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： SHANG SEAN ,  FANG HUA ,  YAO JIEWEN ,  ZIMMER VINCENT J ,  LONG QIN ,  GONG JIONG ,  NI RUIYU ,  ROTHMAN MICHAEL A

IPC: G06F3/14 ,  G06F1/24

CPC classification number: G06F9/4401

Abstract: PROBLEM TO BE SOLVED: To provide a methods and systems to display platform graphics during initialization of a computer, including functions to interrupt initialization of an operating system and to update a video frame buffer with platform graphics data when the initialization of the operating system is interrupted, and to merge graphics generated by operating system initialization logic with platform graphics data. SOLUTION: The methods and systems include virtualization methods and systems and system management mode methods and systems. COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：提供一种在计算机初始化期间显示平台图形的方法和系统，包括中断操作系统的初始化的功能，以及当操作的初始化时用平台图形数据更新视频帧缓冲器 系统中断，并将由操作系统初始化逻辑生成的图形与平台图形数据进行合并。 解决方案：方法和系统包括虚拟化方法和系统以及系统管理模式的方法和系统。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2010250817A

公开(公告)日：2010-11-04

申请号：JP2010085510

申请日：2010-04-01

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： ZIMMER VINCENT J ,  JAO JIEWEN

IPC: G06F9/48

CPC classification number: G06F9/4812

Abstract: PROBLEM TO BE SOLVED: To respond an action such as an inter-processor interruption (IPI) in a system management mode in a multicore environment.
SOLUTION: A first processor core is brought into the system management mode, out of the some processor cores, at least one out of the other processor cores different from the first processor core maintains an operation, and is not brought into the system management mode. Then, the first processor core responds to the inter-processor interruption, during the system management mode. A context of a system of the objective core is saved when receiving the IPI, and transfers control to an operation system (OS) handler 140 for the IPI. The context of the system is restored when finishing the OS IPI, and the control is returned to an SMI handler for further processing.
COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：在多核环境中响应系统管理模式中的处理器间中断（IPI）等动作。 解决方案：第一个处理器内核进入系统管理模式，在一些处理器内核中，与第一个处理器核心不同的其他处理器核心中至少有一个核心维护一个操作，而不是进入系统 管理模式。 然后，在系统管理模式期间，第一处理器核心响应处理器间中断。 在接收到IPI时，保存目标核心的系统的上下文，并将控制转移到用于IPI的操作系统（OS）处理器140。 当完成OS IPI时，恢复​​系统的上下文，并将控件返回给SMI处理程序进行进一步处理。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2010157230A

公开(公告)日：2010-07-15

申请号：JP2009292870

申请日：2009-12-24

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： KHOSRAVI HORMUZD M ,  ZIMMER VINCENT J ,  KOLAR SUNDER DIVYA NAIDU

IPC: G06F21/22 ,  G06F21/50 ,  G06F9/445 ,  G06F17/14

CPC classification number: G06F21/64 ,  G06F21/52 ,  G06F2221/2101

Abstract: PROBLEM TO BE SOLVED: To provide a system and method for effectively executing runtime integrity verification. SOLUTION: A processor-based system includes at least one processor, at least one memory coupled to the at least one processor, a code block, and a code which is executable by the processor-based system, The code causes the processor-based system to generate integrity information for the code block upon a restart of the processor-based system and securely stores the integrity information and verifies the integrity of the code block during a runtime of the processor-based system using the securely stored integrity information. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：提供一种有效执行运行时完整性验证的系统和方法。 解决方案：基于处理器的系统包括至少一个处理器，耦合到至少一个处理器的至少一个存储器，代码块和可由基于处理器的系统执行的代码。代码使处理器 的系统，以在基于处理器的系统的重新启动时生成代码块的完整性信息，并且安全地存储完整性信息，并使用安全存储的完整性信息在基于处理器的系统的运行时间期间验证代码块的完整性。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：JP2009153123A

公开(公告)日：2009-07-09

申请号：JP2008316181

申请日：2008-12-11

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： KARKARIA BURGES M ,  ZIMMER VINCENT J ,  BACA JIM S

IPC: H04W52/02 ,  H04M1/73 ,  H04M11/00 ,  H04W8/22 ,  H04W64/00

CPC classification number: G06F1/3203 ,  G06F1/3287 ,  H04M1/72569 ,  H04M1/72572 ,  H04M2250/12 ,  H04W52/028 ,  Y02D10/171 ,  Y02D70/00 ,  Y02D70/1222 ,  Y02D70/1224 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/146 ,  Y02D70/164 ,  Y02D70/23

Abstract: PROBLEM TO BE SOLVED: To provide wider capability which unites a device and a circumferential environment. SOLUTION: A method, a device and a system, in a computing apparatus, make periodically active a location operating system that detects a substantial change of location of the device, select a computing environment optimum to the changed location from a plurality of predetermined computing environments based on a change in device location, and alter power modes of one and more components of the device designated by selected computing environment. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：提供结合设备和周边环境的更宽的能力。 解决方案：在计算装置中的方法，装置和系统使定期操作的位置操作系统能够检测设备的位置的实质性变化，从多个 基于设备位置的变化的预定计算环境，以及改变由所选择的计算环境指定的设备的一个或多个组件的功率模式。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：WO2011162914A3

公开(公告)日：2012-04-05

申请号：PCT/US2011038504

申请日：2011-05-31

Applicant: INTEL CORP ,  ZHOU HUA ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  QIAN YI ,  CHEN JUNWEI STANLEY ,  HUANG FUJIN

Inventor： ZHOU HUA ,  ZIMMER VINCENT J ,  ROTHMAN MICHAEL A ,  QIAN YI ,  CHEN JUNWEI STANLEY ,  HUANG FUJIN

IPC: G06F9/445

CPC classification number: G06F9/45558 ,  G06F2009/45579

Abstract: In a computing system having a processor package, an operating system, and a physical I/O device, a partial virtual machine is provided to instantiate a virtual I/O device corresponding to the physical I/O device, the virtual I/O device having a virtual I/O controller. The partial virtual machine includes an I/O port trap to capture an I/O request to the virtual I/O device by the operating system; an I/O controller emulator coupled to the I/O port trap to handle an I/O control request to the virtual I/O controller, when the I/O request comprises an I/O control request; an I/O device emulator coupled to the I/O port trap component to handle an I/O access request to communicate with the virtual I/O device, when the I/O request comprises an I/O access request; and a device driver coupled to the I/O controller emulator and the I/O device emulator to communicate with the physical I/O device based at least in part on the I/O control request and the I/O access request. The partial virtual machine executes within a secure enclave session within the processor package, improving security of I/O transactions by preventing access to the partial virtual machine by the operating system.

Abstract translation: 在具有处理器包，操作系统和物理I / O设备的计算系统中，提供部分虚拟机来实例化对应于物理I / O设备的虚拟I / O设备，虚拟I / O设备 具有虚拟I / O控制器。 部分虚拟机包括I / O端口陷阱，以捕获操作系统对虚拟I / O设备的I / O请求; 当I / O请求包括I / O控制请求时，耦合到I / O端口陷阱的I / O控制器仿真器来处理对虚拟I / O控制器的I / O控制请求; 当I / O请求包括I / O访问请求时，I / O设备仿真器耦合到I / O端口陷阱组件以处理与虚拟I / O设备通信的I / O访问请求; 以及耦合到I / O控制器仿真器和I / O设备仿真器以至少部分地基于I / O控制请求和I / O访问请求与物理I / O设备通信的设备驱动器。 部分虚拟机在处理器包内的安全飞地会话内执行，通过防止操作系统访问部分虚拟机来提高I / O事务的安全性。