-
公开(公告)号:WO2012018508A2
公开(公告)日:2012-02-09
申请号:PCT/US2011/044334
申请日:2011-07-18
Applicant: INTEL CORPORATION , SWANSON, Robert C. , ZIMMER, Vincent J. , BULUSU, Mallik , ROTHMAN, Michael A. , SAKTHIKUMAR, Palsamy
Inventor: SWANSON, Robert C. , ZIMMER, Vincent J. , BULUSU, Mallik , ROTHMAN, Michael A. , SAKTHIKUMAR, Palsamy
Abstract: Using radio frequency identification (RFID) tags embedded in processors within a computing system to assist in system initialization processing. The RFID tags provide a separate communication path to other components of the computing system during initialization processing, apart from the system interconnect. When the computing system is powered up, each processor in the system may cause its RFID tag to broadcast data regarding the processor's interconnect location and initialization status. The RFID tags may be sensed by a RFID receiver in the Platform Control Hub (PCH) of the computing system, and each processor's interconnect location and initialization status data may be stored in selected registers within the PCH. When the BIOS executes during system initialization processing, the BIOS may access these PCH registers to obtain the processor's data. The interconnect location and initialization status data may be used by the BIOS to select the optimal routing table and to configure the virtual network within the computing system based at least in part on the optimal routing table and the RFID tag data and without the need for interrogating each processor individually over the system interconnect.
Abstract translation: 使用嵌入在计算系统内的处理器中的射频识别(RFID)标签来辅助系统初始化处理。 除了系统互连之外,RFID标签在初始化处理期间提供到计算系统的其他组件的单独通信路径。 当计算系统加电时,系统中的每个处理器可以使其RFID标签广播关于处理器的互连位置和初始化状态的数据。 RFID标签可以由计算系统的平台控制中心(PCH)中的RFID接收器感测,并且每个处理器的互连位置和初始化状态数据可以存储在PCH内的选定寄存器中。 当BIOS在系统初始化处理期间执行时,BIOS可以访问这些PCH寄存器以获得处理器的数据。 互连位置和初始化状态数据可以由BIOS用来选择最佳路由表并且至少部分地基于最优路由表和RFID标签数据来配置计算系统内的虚拟网络,并且不需要询问 每个处理器分别通过系统互连。
-
12.发明申请
公开(公告)号:WO2011163263A2
公开(公告)日:2011-12-29
申请号:PCT/US2011/041294
申请日:2011-06-21
Applicant: INTEL CORPORATION , ZIMMER, Vincent J. , BULUSU, Mallik , ROTHMAN, Michael A. , SWANSON, Robert C. , SAKTHIKUMAR, Palsamy
Inventor: ZIMMER, Vincent J. , BULUSU, Mallik , ROTHMAN, Michael A. , SWANSON, Robert C. , SAKTHIKUMAR, Palsamy
IPC: G06F21/22
CPC classification number: G06F21/57 , G06F2221/2111 , G06F2221/2151
Abstract: Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.
Abstract translation: 可以通过将一个或多个附加属性(诸如地理位置,可信时间,硬件供应商串和一个或多个环境因素)包括在用于机器模式的访问控制空间中来实现计算系统的安全协处理器模块中的局部性 计算系统的测量。
-
公开(公告)号:WO2011156738A2
公开(公告)日:2011-12-15
申请号:PCT/US2011/040020
申请日:2011-06-10
Applicant: INTEL CORPORATION , SAKTHIKUMAR, Palsamy , SWANSON, Robert C. , ZIMMER, Vincent J. , ROTHMAN, Michael A. , BULUSU, Mallik
Inventor: SAKTHIKUMAR, Palsamy , SWANSON, Robert C. , ZIMMER, Vincent J. , ROTHMAN, Michael A. , BULUSU, Mallik
CPC classification number: G06F21/572 , G06F2221/2141
Abstract: A method, apparatus, system, and computer program product for multi-owner deployment of firmware images. The method includes obtaining a signed firmware image that comprises a first code module signed by a first code owner and a second code module signed by a second code owner. The method further includes obtaining an updated first code module comprising updated code for the first code module, verifying that the updated first code module is signed by the first code owner, and updating the signed firmware image with the updated first code module in response to verifying that the updated first code module is signed by the first code owner. The signed firmware image may further comprise an access control list that authorizes updates to the first code module by the first code owner and updates to the second code module by the second code owner.
Abstract translation: 一种用于多所有者部署固件映像的方法,设备,系统和计算机程序产品。 该方法包括获得包括由第一代码所有者签名的第一代码模块和由第二代码所有者签名的第二代码模块的签名固件映像。 该方法还包括获得包括用于第一代码模块的更新的代码的更新的第一代码模块,验证更新的第一代码模块是否被第一代码所有者签名,以及响应于验证来更新带有更新的第一代码模块的签名固件映像 更新的第一代码模块由第一代码所有者签名。 签名的固件图像还可以包括访问控制列表,其授权第一代码所有者更新第一代码模块,并由第二代码所有者更新第二代码模块。
-
14.发明申请METHOD TO INCREASE CLOUD AVAILABILITY AND SILICON ISOLATION USING SECURE ENCLAVES 审中-公开使用安全壳增加云的可用性和隔离硅的方法
公开(公告)号:WO2017112141A1
公开(公告)日:2017-06-29
申请号:PCT/US2016/062188
申请日:2016-11-16
Applicant: INTEL CORPORATION
Inventor: SWANSON, Robert C. , YIGZAW, Theodros , NALLUSAMY, Eswaramoorthi , MAKARAM, Raghunandan , ZIMMER, Vincent J.
CPC classification number: G06F11/263 , G06F1/24 , G06F11/073 , G06F11/0793 , G06F11/1016 , G06F21/53 , G06F2221/034
Abstract: Methods and apparatus to increase cloud availability and silicon isolation using secure enclaves. A compute platform is configured to host a compute domain in which a plurality of secure enclaves are implemented. In conjunction with creating and deploying secure enclaves, mapping information is generated that maps the secure enclaves to platform/CPU resources, such as Intellectual Property blocks (IP) belong to the secure enclaves. In response to platform error events caused by errant platform/CPU resources, the secure enclave(s) belonging to the errant platform/CPU are identified via the mapping information, and an interrupt is directed to that/those secure enclave(s). In response to the interrupt, a secure enclave may be configured to one or more of handle the error, pass information to another secure enclave, and teardown the enclave. The secure enclave may execute an interrupt service routine that causes the errant platform/CPU resource to reset without resetting the entire platform or CPU, as applicable.
Abstract translation: 用于使用安全包围增加云可用性和硅隔离的方法和装置 计算平台被配置为托管实现多个安全飞地的计算域。 结合创建和部署安全区域,生成的映射信息将安全区域映射到平台/ CPU资源,例如属于安全区域的IP属性块(IP)。 响应于由错误的平台/ CPU资源引起的平台错误事件,属于错误平台/ CPU的安全区域通过映射信息被识别,并且中断针对那个/那些安全区域。 响应中断,可以将安全区域配置为处理错误,将信息传递到另一个安全区域以及拆除飞地中的一个或多个。 如果适用,安全区域可能会执行中断服务例程,导致错误的平台/ CPU资源重置,而不会重置整个平台或CPU。
-
公开(公告)号:WO2016149895A1
公开(公告)日:2016-09-29
申请号:PCT/CN2015/074838
申请日:2015-03-23
Applicant: INTEL CORPORATION , ZIMMER, Vincent J. , YAO, Jiewen , JAYAKUMAR, Sarathy , SWANSON, Robert C. , POORNACHANDRAN, Rajesh , SELVARAJE, Gopinatth , SUN, Mingqiu , HOWARD, John S. , GORBATOV, Eugene
Inventor: ZIMMER, Vincent J. , YAO, Jiewen , JAYAKUMAR, Sarathy , SWANSON, Robert C. , POORNACHANDRAN, Rajesh , SELVARAJE, Gopinatth , SUN, Mingqiu , HOWARD, John S. , GORBATOV, Eugene
IPC: G06F9/06
CPC classification number: G06F9/4856 , G06F1/1632 , G06F1/3215 , G06F1/3287 , G06F1/3293 , G06F9/46 , G06F9/4812 , G06F9/4893 , G06F9/5027 , Y02D10/24
Abstract: Methods, apparatuses and storage medium associated with migration between processors by a computing device are disclosed. A portable electronic device having an internal processor and internal memory may be attached to a dock. The dock may include another processor as well other memory. The attachment of the dock to the portable electronic device may cause an interrupt. In response to this interrupt, a state associated with the internal processor may be copied to the other memory of the dock. Instructions for the computing device may then be executed using the other processor of the dock.
Abstract translation: 公开了一种通过计算设备与处理器之间的迁移相关联的方法,设备和存储介质。 具有内部处理器和内部存储器的便携式电子设备可以附接到坞站。 码头可以包括另一个处理器以及其他存储器。 坞站连接到便携式电子设备可能会导致中断。 响应于该中断,与内部处理器相关联的状态可以被复制到码头的另一个存储器。 然后可以使用码头的另一个处理器来执行计算设备的指令。
-
Patent Agency Ranking16.发明申请
公开(公告)号:WO2014039363A1
公开(公告)日:2014-03-13
申请号:PCT/US2013/057249
申请日:2013-08-29
Applicant: INTEL CORPORATION
Inventor: SWANSON, Robert C. , SAKTHIKUMAR, Palsamy , BULUSU, Mallik , BAHNSEN, Robert Bruce
IPC: G06F21/50
CPC classification number: G06F21/72 , G06F21/57 , G06F21/575
Abstract: In accordance with some embodiments, a single trusted platform module per platform may be used to handle conventional trusted platform tasks as well as those that would arise prior to the existence of a primary trusted platform module in conventional systems. Thus one single trusted platform module may handle measurements of all aspects of the platform including the baseboard management controller. In some embodiments, a management engine image is validated using a read only memory embedded in a chipset such as a platform controller hub, as the root of trust. Before the baseboard management controller (BMC) is allowed to boot, it must validate the integrity of its flash memory. But the BMC image may be stored in a memory coupled to a platform controller hub (PCH) in a way that it can be validated by the PCH.
Abstract translation: 根据一些实施例,可以使用每个平台的单个可信平台模块来处理常规可信任平台任务以及在传统系统中存在主要可信平台模块之前出现的那些任务。 因此,单个可信平台模块可以处理包括基板管理控制器的平台的所有方面的测量。 在一些实施例中,使用嵌入在诸如平台控制器集线器的芯片组中的只读存储器作为信任根来验证管理引擎映像。 在允许引导基板管理控制器(BMC)之前,必须验证其闪存的完整性。 但是,BMC图像可以存储在耦合到平台控制器集线器(PCH)的存储器中,其可以由PCH验证。
-
公开(公告)号:WO2013147859A1
公开(公告)日:2013-10-03
申请号:PCT/US2012/031511
申请日:2012-03-30
Applicant: INTEL CORPORATION , SAKTHIKUMAR, Palsamy , ZIMMER, Vincent J. , SWANSON, Robert C.
Inventor: SAKTHIKUMAR, Palsamy , ZIMMER, Vincent J. , SWANSON, Robert C.
CPC classification number: G06F21/56 , G06F21/566
Abstract: An apparatus includes a memory that is accessible by an operating system; and a basic input/output system (BIOS) handler. The BIOS handler, in response to detected malicious software activity, stores data in the memory to report the activity to the operating system.
Abstract translation: 一种装置包括可由操作系统访问的存储器; 和基本的输入/输出系统(BIOS)处理程序。 BIOS处理程序响应于检测到的恶意软件活动,将数据存储在内存中以向操作系统报告活动。
-
公开(公告)号:WO2013101154A1
公开(公告)日:2013-07-04
申请号:PCT/US2011/068031
申请日:2011-12-30
Applicant: INTEL CORPORATION , BULUSU, Mallik , BAHNSEN, Robert , ZIMMER, Vincent J. , GITTINS, Robert S. , SWANSON, Robert C.
Inventor: BULUSU, Mallik , BAHNSEN, Robert , ZIMMER, Vincent J. , GITTINS, Robert S. , SWANSON, Robert C.
IPC: G06F21/20
CPC classification number: H04L63/0876 , G06F21/00 , H04L63/08 , H04W12/06 , H04W12/08
Abstract: An embodiment includes a secure and stable method for sending information across a compute continuum. For example, the method may include executing an application (e.g., video player) on a first node (e.g., tablet) with a desire to perform "context migration" to a second node (e.g., desktop). This may allow a user to watch a movie on the tablet, stop watching the movie, and then resume watching the movie from the desktop. To do so in a secure and stable manner, the first node may request security and performance credentials from the second node. If both credential sets satisfy thresholds, the first node may transfer content (e.g., encrypted copy of a movie) and state information (e.g., placeholder indicating where the movie was when context transfer began). The second node may then allow the user to resume his or her movie watching from the desktop. Other embodiments are described herein.
Abstract translation: 一个实施例包括用于在计算连续体上发送信息的安全且稳定的方法。 例如,该方法可以包括在第一节点(例如,平板电脑)上执行应用(例如,视频播放器),期望执行到第二节点(例如桌面)的“上下文迁移”。 这可能允许用户在平板电脑上观看电影,停止观看电影,然后从桌面恢复观看电影。 为了以安全和稳定的方式这样做,第一节点可以从第二节点请求安全性和性能凭证。 如果两个凭证组都满足阈值,则第一节点可以传送内容(例如,电影的加密副本)和状态信息(例如,当上下文传送开始时,指示电影在哪里的占位符)。 然后,第二节点可以允许用户从桌面恢复他或她的电影观看。 本文描述了其它实施例。
-
公开(公告)号:WO2013089729A1
公开(公告)日:2013-06-20
申请号:PCT/US2011/065105
申请日:2011-12-15
Applicant: INTEL CORPORATION , SWANSON, Robert C. , BAHNSEN, Robert Bruce , BULUSU, Mallik
Inventor: SWANSON, Robert C. , BAHNSEN, Robert Bruce , BULUSU, Mallik
CPC classification number: G06Q10/083 , G06Q10/08 , H04W4/02 , H04W4/20 , H04W12/08
Abstract: Methods, apparatuses and storage medium associated with providing location service, are disclosed. In various embodiments, a method may include receiving, by a location server, location information associated with a user of a mobile device or a party associated with user; and receiving, by the location server, from a delivery service server, a request for the location information. The request may include a credential indicative of eligibility of the delivery service server to receive the requested location information. The method may further include providing, by the location server, to the delivery service server, the location information, on confirmation of the eligibility of the delivery service server based at least in part on the credential. Other embodiments may be disclosed or claimed.
Abstract translation: 公开了与提供定位服务相关联的方法,装置和存储介质。 在各种实施例中,方法可以包括由位置服务器接收与移动设备的用户或与用户相关联的方相关联的位置信息; 并且由位置服务器从传送服务服务器接收对位置信息的请求。 请求可以包括指示传送服务服务器接收请求的位置信息的资格的证书。 所述方法可以进一步包括至少部分地基于所述证书,由所述位置服务器向所述递送服务服务器提供所述位置信息,以确认所述递送服务服务器的资格。 可以公开或要求保护其他实施例。
-
公开(公告)号:WO2012018525A3
公开(公告)日:2012-02-09
申请号:PCT/US2011/044621
申请日:2011-07-20
Applicant: INTEL CORPORATION , SWANSON, Robert C. , ZIMMER, Vincent J. , WEHAGE, Eric R. , BULUSU, Mallik
Inventor: SWANSON, Robert C. , ZIMMER, Vincent J. , WEHAGE, Eric R. , BULUSU, Mallik
Abstract: In one embodiment, the present invention includes a method for determining whether an address map of a system includes support for a read only region of system memory, and if so configuring the region and storing protected data in the region. This data, at least some of which can be readable in both trusted and untrusted modes, can be accessed from the read only region during execution of untrusted code. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
43
records
(took 0.024 seconds)
