公开(公告)号：US20170317996A1

公开(公告)日：2017-11-02

申请号：US15143741

申请日：2016-05-02

Applicant: Intel Corporation

Inventor： Rajesh Poornachandran ,  Ned M. Smith ,  Vincent J. Zimmer

IPC: H04L29/06 ,  G06F21/10

CPC classification number: H04L63/061 ,  G06F21/10 ,  G06F2221/0706 ,  H04L63/045 ,  H04L63/0823 ,  H04L63/0853 ,  H04L2463/082 ,  H04N21/2541 ,  H04N21/26613

Abstract: Technologies for secure mediated reality content publishing includes one or more mediated reality servers, multiple mediated reality listeners, and multiple mediated reality creators. The mediated reality server performs an attestation procedure with each listener based on a pre-provisioned attestation credential of that listener and provisions a session encryption key to each validated listener. The attestation procedure may validate a trusted execution environment of each listener. The mediated reality server generates aggregated mediated reality content based on protected mediated reality content received from the creators and generates an associated license that defines one or more content usage restrictions of the aggregated mediated reality content. The server sends the aggregated mediated reality content to the listeners, protected by the corresponding session encryption key. The server may provision each of the listeners with a back-channel encryption key to protect feedback data generated by sensors of the listeners. Other embodiments are described and claimed.

公开(公告)号：US09798641B2

公开(公告)日：2017-10-24

申请号：US14978597

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Robert C. Swanson ,  Theodros Yigzaw ,  Eswaramoorthi Nallusamy ,  Raghunandan Makaram ,  Vincent J. Zimmer

IPC: G06F11/00 ,  G06F11/263 ,  G06F1/24 ,  G06F21/53 ,  G06F11/10 ,  G06F11/07

CPC classification number: G06F11/263 ,  G06F1/24 ,  G06F11/073 ,  G06F11/0793 ,  G06F11/1016 ,  G06F21/53 ,  G06F2221/034

Abstract: Methods and apparatus to increase cloud availability and silicon isolation using secure enclaves. A compute platform is configured to host a compute domain in which a plurality of secure enclaves are implemented. In conjunction with creating and deploying secure enclaves, mapping information is generated that maps the secure enclaves to platform/CPU resources, such as Intellectual Property blocks (IP) belong to the secure enclaves. In response to platform error events caused by errant platform/CPU resources, the secure enclave(s) belonging to the errant platform/CPU are identified via the mapping information, and an interrupt is directed to that/those secure enclave(s). In response to the interrupt, a secure enclave may be configured to one or more of handle the error, pass information to another secure enclave, and teardown the enclave. The secure enclave may execute an interrupt service routine that causes the errant platform/CPU resource to reset without resetting the entire platform or CPU, as applicable.

公开(公告)号：US20170277530A1

公开(公告)日：2017-09-28

申请号：US15079725

申请日：2016-03-24

Applicant: Intel Corporation

Inventor： Nicholas J. Adams ,  Krishnakumar Narasimhan ,  Vincent J. Zimmer

IPC: G06F9/445 ,  G06F13/42 ,  H04L29/08 ,  G06F12/10 ,  G06F12/14 ,  G06F9/44 ,  G06F13/28 ,  G06F3/06

CPC classification number: G06F8/65 ,  G06F8/654 ,  G06F9/4403 ,  G06F12/10 ,  G06F12/1081 ,  G06F12/14 ,  G06F12/1441 ,  G06F13/28 ,  G06F13/4282 ,  G06F2212/1052 ,  G06F2212/65 ,  G06F2213/0024 ,  G06F2213/0042 ,  G06F2213/28

Abstract: Technologies for performing a secure firmware update include a compute device that includes a memory device to store firmware update payload, one or more devices that have direct memory access (DMA) to the memory, a DMA remap module, and a firmware update module. The DMA remap module is to create a memory isolation domain for each of the one or more devices. Each memory isolation domain comprises a physical address space in the memory that is mutually exclusive to the physical address spaces of the other memory isolation domains. The firmware update module is to (i) analyze the firmware update payload to identify one or more of the devices associated with the firmware update payload and (ii) move the firmware update payload to the memory isolation domains of each associated device to enable secure transmission of the firmware update payload to the associated devices.

公开(公告)号：US20170242710A1

公开(公告)日：2017-08-24

申请号：US15589467

申请日：2017-05-08

Applicant: Intel Corporation

Inventor： Michael A. Rothman ,  Vincent J. Zimmer ,  Zijian You

IPC: G06F9/44 ,  G06F9/54

CPC classification number: G06F9/4418 ,  G06F9/441 ,  G06F9/48 ,  G06F9/542

Abstract: Technologies for transitioning between operating systems include a computing device having a main memory and a data storage device. The computing device executes a first operating system and monitors for an operating system toggle event. The toggle event may be a software command, a hardware buttonpress, or other user command. In response to the toggle event, the computing device copies state data of the first operating system to a reserved memory area. After copying the state data, the computing device executes a second operating system. While the second operating system is executing, the computing device copies the state data of the first operating system from the reserved memory area to the data storage device. The computing device monitors for operating system toggle events during execution of the second operating system and may similarly toggle execution back to the first operating system. Other embodiments are described and claimed.

公开(公告)号：US09740492B2

公开(公告)日：2017-08-22

申请号：US14666219

申请日：2015-03-23

Applicant: INTEL CORPORATION

Inventor： Nicholas J. Adams ,  Vincent J. Zimmer ,  Lee G. Rosenbaum ,  Giri P. Mudusuru

IPC: G06F11/00 ,  G06F9/30 ,  G06F9/34 ,  G06F21/44 ,  G06F21/57 ,  G06F21/74

CPC classification number: G06F9/30189 ,  G06F9/34 ,  G06F21/44 ,  G06F21/57 ,  G06F21/74

Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.

公开(公告)号：US20170185457A1

公开(公告)日：2017-06-29

申请号：US15461635

申请日：2017-03-17

Applicant: Intel Corporation

Inventor： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent J. Zimmer ,  Gopinatth Selvaraje ,  Uttam K. Sengupta

IPC: G06F9/50 ,  G06N99/00

CPC classification number: G06F9/5094 ,  G06F9/5044 ,  G06F2209/509 ,  G06N99/005 ,  Y02D10/22

Abstract: Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.

公开(公告)号：US09645864B2

公开(公告)日：2017-05-09

申请号：US14316370

申请日：2014-06-26

Applicant: Intel Corporation

Inventor： Michael A. Rothman ,  Vincent J. Zimmer ,  Zijian You

IPC: G06F15/00 ,  G06F13/00 ,  G06F9/54 ,  G06F9/44 ,  G06F9/48

CPC classification number: G06F9/4418 ,  G06F9/441 ,  G06F9/48 ,  G06F9/542

Abstract: Technologies for transitioning between operating systems include a computing device having a main memory and a data storage device. The computing device executes a first operating system and monitors for an operating system toggle event. The toggle event may be a software command, a hardware buttonpress, or other user command. In response to the toggle event, the computing device copies state data of the first operating system to a reserved memory area. After copying the state data, the computing device executes a second operating system. While the second operating system is executing, the computing device copies the state data of the first operating system from the reserved memory area to the data storage device. The computing device monitors for operating system toggle events during execution of the second operating system and may similarly toggle execution back to the first operating system. Other embodiments are described and claimed.

公开(公告)号：US09460483B2

公开(公告)日：2016-10-04

申请号：US14799001

申请日：2015-07-14

Applicant: Intel Corporation

Inventor： Kanivenahalli Govindaraju ,  Vincent J. Zimmer

IPC: G06F1/32 ,  G06T1/20 ,  G09G5/18

CPC classification number: G06T1/20 ,  G06F1/324 ,  G09G5/18 ,  G09G2330/021 ,  Y02D10/126

Abstract: Methods and apparatus are disclosed to manage power consumption at a graphics engine. An example method to manage power usage of a graphics engine via an application level interface includes obtaining a policy directive for the graphics engine via the application level interface, the policy directive identifying a threshold corresponding to power consumed by the graphics engine operating in a first graphics state. The example method also includes determining a power consumed by the graphics engine during operation. The example method also includes comparing the power consumed to the threshold of the policy directive, and when the threshold is met, setting the graphics engine in a second graphics state to cause the graphics engine to comply with the policy directive.

公开(公告)号：US20160283928A1

公开(公告)日：2016-09-29

申请号：US14668715

申请日：2015-03-25

Applicant: Intel Corporation

Inventor： Mingqiu Sun ,  Vincent J. Zimmer ,  Rajesh Poornachandran ,  Gopinatth Selvaraje

IPC: G06Q20/20 ,  H04L29/06 ,  G06F21/60

CPC classification number: G06Q20/204 ,  G06F21/606 ,  G06Q20/202 ,  G06Q20/4097 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/101

Abstract: A point-of-sale device (“POS”) is described to include a secure transaction tunnel generator (“STG”). The STG may generate secure tunnels between peripherals attached to the POS and remote network resources. The secure tunnel may be generated using a trusted execution environment (“TEE”) of the POS. The STG may be alerted to the need to generate the secure tunnel based on an alert from the peripheral. The STG may execute under a protected environment and may generate two ends of a secure transaction tunnel using the TEE. The STG may also check the peripheral against whitelists and/or blacklists to determine whether the peripheral is allowed or not disallowed to participate in secure transactions. By generating the secure tunnel, the STG may facilitate performance of transactions in such a way that sensitive information is not available to unsecured processes in the POS. Other embodiments may be described and/or claimed.

Abstract translation: 销售点设备（“POS”）被描述为包括安全事务隧道生成器（“STG”）。 STG可以在连接到POS的外围设备和远程网络资源之间生成安全隧道。 可以使用POS的可信执行环境（“TEE”）生成安全隧道。 可以基于来自外围设备的警报，警告STG需要生成安全通道。 STG可以在受保护的环境下执行，并且可以使用TEE生成安全事务隧道的两端。 STG还可以检查外设是否有白名单和/或黑名单，以确定外设是否被允许或不允许参与安全事务。 通过生成安全隧道，STG可以以敏感信息不可用于POS中的不安全进程的方式促进事务的执行。 可以描述和/或要求保护其他实施例。

公开(公告)号：US09448828B2

公开(公告)日：2016-09-20

申请号：US14330848

申请日：2014-07-14

Applicant: INTEL CORPORATION

Inventor： Jerry Zhao ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Qian Ouyang

IPC: G06F9/455 ,  G06F9/44

CPC classification number: G06F9/45533 ,  G06F9/451

Abstract: Methods and apparatus to provide dynamic messaging services are disclosed. An example method of displaying information on a display screen includes determining, using a virtual machine manager, supported dimensions for display of information on the display screen; generating, using the virtual machine manager, restricted dimensions that are less than the supported dimensions; providing the restricted dimensions to an operating system of a virtual machine supported by the virtual machine manager, wherein the restricted dimensions define a boundary between a first screen portion and a second screen portion; and using the virtual machine manager to display first information in the first screen portion, the virtual machine manager enforcing the presence of the first screen portion on the display screen.

Abstract translation: 公开了提供动态消息接发服务的方法和装置。 在显示屏幕上显示信息的示例性方法包括：使用虚拟机管理器确定支持的尺寸以在显示屏幕上显示信息; 使用虚拟机管理器生成小于所支持尺寸的限制尺寸; 向所述虚拟机管理器支持的虚拟机的操作系统提供所述限制的维度，其中所述受限维度定义了第一屏幕部分和第二屏幕部分之间的边界; 并且使用虚拟机管理器在第一屏幕部分中显示第一信息，虚拟机管理器在显示屏幕上强制存在第一屏幕部分。