公开(公告)号：US20170115993A1

公开(公告)日：2017-04-27

申请号：US15402663

申请日：2017-01-10

Applicant: Intel Corporation

Inventor： James A. Sutton, II ,  David W. Grawrock

IPC: G06F9/44 ,  G06F12/14 ,  H04L9/32 ,  G06F12/0802 ,  G06F21/57 ,  G06F9/445

CPC classification number: G06F9/4403 ,  G01N23/223 ,  G01N33/502 ,  G01N33/6872 ,  G01N2223/076 ,  G06F9/44505 ,  G06F12/0802 ,  G06F12/145 ,  G06F12/1458 ,  G06F13/4282 ,  G06F21/57 ,  G06F21/572 ,  G06F2212/1052 ,  G06F2212/60 ,  G06F2213/0026 ,  G06F2221/033 ,  H04L9/32 ,  H04L9/3247

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：US09043594B2

公开(公告)日：2015-05-26

申请号：US13835997

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： James A. Sutton, II ,  David W. Grawrock

IPC: H04L29/00 ,  G06F9/44 ,  G06F9/445 ,  G06F21/57 ,  G01N23/223 ,  G01N33/50 ,  G01N33/68 ,  G06F12/14

CPC classification number: G06F9/4403 ,  G01N23/223 ,  G01N33/502 ,  G01N33/6872 ,  G01N2223/076 ,  G06F9/44505 ,  G06F12/0802 ,  G06F12/145 ,  G06F12/1458 ,  G06F13/4282 ,  G06F21/57 ,  G06F21/572 ,  G06F2212/1052 ,  G06F2212/60 ,  G06F2213/0026 ,  G06F2221/033 ,  H04L9/32 ,  H04L9/3247

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：US20140359754A1

公开(公告)日：2014-12-04

申请号：US14464874

申请日：2014-08-21

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Vedvyas Shanbhogue ,  Geoffrey S. Strongin ,  Willard M. Wiseman ,  David W. Grawrock

IPC: G06F21/44

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器可以强制黑名单并且根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种执行可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁定完整性协议未被验证的设备的列表。 描述和要求保护其他实施例。

公开(公告)号：US11477625B2

公开(公告)日：2022-10-18

申请号：US17083374

申请日：2020-10-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/069 ,  H04L9/40

Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.

公开(公告)号：US11144911B2

公开(公告)日：2021-10-12

申请号：US15187631

申请日：2016-06-20

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  David W. Grawrock ,  Geoffrey H. Cooper

IPC: G06Q20/36 ,  G06Q20/02 ,  G06Q20/20 ,  G06Q20/38 ,  G06Q20/40

Abstract: Technologies for device commissioning include a rendezvous server to receive, from a buyer device, a request to transfer ownership of a compute device to the buyer device. The rendezvous server verifies the provenance of the compute device based on a block chain and establishes a secure session with the compute device in response to verification of the provenance. The block chain identifies each transaction associated with ownership of the compute device.

公开(公告)号：US10856122B2

公开(公告)日：2020-12-01

申请号：US15168321

申请日：2016-05-31

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W12/08 ,  H04W4/70 ,  H04W4/00 ,  H04W12/06 ,  H04L29/06

Abstract: In one embodiment, a domain controller includes: a quarantine logic to quarantine unknown devices from unrestricted network access, the quarantine logic comprising a first quarantine point at a first layer of a multi-layer communication model; a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model. Other embodiments are described and claimed.

公开(公告)号：US10241842B2

公开(公告)日：2019-03-26

申请号：US15280990

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  David W. Grawrock

IPC: G06F9/46 ,  G06F9/50 ,  G06F21/62

Abstract: Cloud container resource binding and tasking using keys is generally described herein. An example device to bind and perform tasks using cloud-based resource may include a container to claim tasks to be performed and to select and bind to a resource based on capabilities of the resource and requirements of the tasks.

公开(公告)号：US09507952B2

公开(公告)日：2016-11-29

申请号：US14938021

申请日：2015-11-11

Applicant: Intel Corporation

Inventor： John H. Wilson ,  Ioannis T. Schoinas ,  Mazin S. Yousif ,  Linda J. Rankin ,  David W. Grawrock ,  Robert J. Greiner ,  James A. Sutton ,  Kushagra Vaid ,  Willard M. Wiseman

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.

公开(公告)号：US20230049177A1

公开(公告)日：2023-02-16

申请号：US17821422

申请日：2022-08-22

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Ravi S. Subramaniam ,  David W. Grawrock

IPC: H04W4/70 ,  H04W4/00 ,  H04W12/069 ,  H04L9/40

Abstract: In one embodiment, a domain controller includes a quarantine logic to quarantine unknown devices from unrestricted network access. The quarantine logic comprises a first quarantine point at a first layer of a multi-layer communication model. The domain controller also includes: a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point that comprises a second quarantine point at a second layer of the multi-level communication model. The second layer is a lower layer than the first layer, and the second quarantine point is more restrictive than the first. Other embodiments are described and claimed.

公开(公告)号：US20170364908A1

公开(公告)日：2017-12-21

申请号：US15187631

申请日：2016-06-20

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  David W. Grawrock ,  Geoffrey H. Cooper

IPC: G06Q20/36 ,  G06Q20/38 ,  G06Q20/40

CPC classification number: G06Q20/367 ,  G06Q20/023 ,  G06Q20/202 ,  G06Q20/203 ,  G06Q20/3827 ,  G06Q20/3829 ,  G06Q20/405 ,  G06Q2220/00

Abstract: Technologies for device commissioning include a rendezvous server to receive, from a buyer device, a request to transfer ownership of a compute device to the buyer device. The rendezvous server verifies the provenance of the compute device based on a block chain and establishes a secure session with the compute device in response to verification of the provenance. The block chain identifies each transaction associated with ownership of the compute device.