公开(公告)号：US20160267276A1

公开(公告)日：2016-09-15

申请号：US15164398

申请日：2016-05-25

Applicant: Intel Corporation

Inventor： Ting Ye ,  Qin Long ,  Vincent Zimmer

IPC: G06F21/57

CPC classification number: G06F21/575 ,  G06F21/45 ,  G06F2221/034 ,  G06F2221/2117 ,  G06F2221/2131

Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.

Abstract translation: 这里描述的是用于恢复对用户帐户的访问的技术。 特别地，描述了使用平台认证证书进行帐户恢复的系统和方法。 在一些实施例中，平台证明凭证由预引导环境中的认证设备生成。 平台认证凭证的第一个副本可能会被帐户管理系统约束到用户帐户。 随后可以使用平台认证凭证的第二副本来恢复对用户帐户的访问。

公开(公告)号：US09323541B2

公开(公告)日：2016-04-26

申请号：US13976504

申请日：2013-02-25

Applicant: Intel Corporation

Inventor： Qin Long ,  Ting Ye ,  Vincent Zimmer ,  Jiewen Yao

IPC: G06F9/00 ,  G06F9/44 ,  G06F9/445 ,  G06F21/51 ,  G06F21/57

CPC classification number: G06F9/4401 ,  G06F9/445 ,  G06F21/51 ,  G06F21/575

Abstract: Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code.

Abstract translation: 在示例实施例中提供技术，用于确定要加载模块，模块与模块代码相关联，确定模块是冻结模块，冻结模块与冻结的模块代码相关联，确定模块的模块指纹 模块不能对应于冻结模块的冻结模块指纹，并导致加载冻结模块代码而不是模块代码。

公开(公告)号：US11360907B2

公开(公告)日：2022-06-14

申请号：US16490523

申请日：2017-03-30

Applicant: Intel Corporation

Inventor： Junjing Shi ,  Qin Long ,  Liming Gao ,  Michael A. Rothman ,  Vincent J. Zimmer

IPC: G06F12/0893 ,  G06F21/12 ,  G06F12/14 ,  G06F8/41

Abstract: A disclosed example to protect memory from buffer overflow or underflow includes defining an implicit bound pointer based on an implicit bound pointer definition in a configuration file for a memory region; instrumenting object code with an implicit buffer bound check based on the implicit bound pointer; and generating hardened executable object code based on the object code, the implicit buffer bound check, and the implicit bound pointer, the implicit bound pointer located in the hardened executable object code during a compilation phase to facilitate loading the implicit bound pointer in a global bounds table during runtime for access by the implicit buffer bound check.

公开(公告)号：US09384352B2

公开(公告)日：2016-07-05

申请号：US14127211

申请日：2013-10-02

Applicant: Intel Corporation

Inventor： Jiewen Yao ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Willard M. Wiseman ,  Qin Long ,  Shihui Li

IPC: G06F9/00 ,  G06F21/57 ,  G06F21/72 ,  G06F9/44

CPC classification number: G06F21/575 ,  G06F9/4403 ,  G06F21/72

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor including secure non-volatile storage that couples to a root index, having a fixed address, and comprises first and second variables referenced by the root index; and semiconductor integrated code (SIC) including embedded processor logic to initialize a processor and embedded memory logic to initialize a memory coupled to the processor; wherein (a) the SIC is to be executed responsive to resetting the processor and prior to providing control to boot code, and (b) the SIC is to perform pre-boot operations in response to accessing at least one of the first and second variables. Other embodiments are described herein.

Abstract translation: 实施例包括一种装置，包括：带外密码处理器，包括耦合到具有固定地址的根索引的安全非易失性存储器，并且包括由根索引引用的第一和第二变量; 以及包括用于初始化处理器和嵌入式存储器逻辑的嵌入式处理器逻辑以初始化耦合到所述处理器的存储器的半导体集成代码（SIC）; 其中（a）响应于重置所述处理器并且在向引导代码提供控制之前响应于所述SIC执行所述SIC，以及（b）所述SIC响应于访问所述第一和第二变量中的至少一个来执行预引导操作 。 本文描述了其它实施例。

公开(公告)号：US09378371B2

公开(公告)日：2016-06-28

申请号：US13995238

申请日：2013-03-13

Applicant: Intel Corporation

Inventor： Ting Ye ,  Qin Long ,  Vincent Zimmer

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/45

CPC classification number: G06F21/575 ,  G06F21/45 ,  G06F2221/034 ,  G06F2221/2117 ,  G06F2221/2131

Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.

Abstract translation: 这里描述的是用于恢复对用户帐户的访问的技术。 特别地，描述了使用平台认证证书进行帐户恢复的系统和方法。 在一些实施例中，平台证明凭证由预引导环境中的认证设备生成。 平台认证凭证的第一个副本可能会被帐户管理系统约束到用户帐户。 随后可以使用平台认证凭证的第二副本来恢复对用户帐户的访问。

公开(公告)号：US09600671B2

公开(公告)日：2017-03-21

申请号：US15164398

申请日：2016-05-25

Applicant: Intel Corporation

Inventor： Ting Ye ,  Qin Long ,  Vincent Zimmer

IPC: G06F21/57 ,  G06F21/45

CPC classification number: G06F21/575 ,  G06F21/45 ,  G06F2221/034 ,  G06F2221/2117 ,  G06F2221/2131

Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.