公开(公告)号：US09703346B2

公开(公告)日：2017-07-11

申请号：US14312017

申请日：2014-06-23

Applicant: Intel Corporation

Inventor： Giri P. Mudusuru ,  Vincent J. Zimmer ,  Karunakara Kotary ,  Ronald N. Story ,  Robert C. Swanson ,  Isaac W. Oram

IPC: G06F1/30 ,  G06F11/14 ,  G06F13/32 ,  G06F12/02 ,  G11C5/14 ,  G06F11/20

CPC classification number: G06F1/30 ,  G06F11/1441 ,  G06F11/2015 ,  G06F12/0246 ,  G06F12/0804 ,  G06F12/0866 ,  G06F12/0875 ,  G06F12/1416 ,  G06F12/1491 ,  G06F13/32 ,  G06F2212/1024 ,  G06F2212/222 ,  G11C5/141

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for a Unified Extensible Firmware Interface (UEFI) with durable storage to provide memory write persistence, for example, in the event of power loss. The system may include a processor to host the firmware interface which may be configured to control access to system variables in a protected region of a volatile memory. The system may also include a power management circuit to provide power to the processor and further to provide a power loss indicator to the firmware interface. The system may also include a reserve energy storage module to provide power to the processor in response to the power loss indicator. The firmware interface is further configured to copy the system variables from the volatile memory to a non-volatile memory in response to the power loss indicator.

公开(公告)号：US09686281B2

公开(公告)日：2017-06-20

申请号：US14938223

申请日：2015-11-11

Applicant: Intel Corporation

Inventor： Mallik Bulusu ,  Robert Bruce Bahnsen ,  Vincent J. Zimmer ,  Robert S. Gittins ,  Robert C. Swanson

IPC: G06F21/00 ,  H04L29/06 ,  H04W12/08 ,  H04W12/06

CPC classification number: H04L63/0876 ,  G06F21/00 ,  H04L63/08 ,  H04W12/06 ,  H04W12/08

Abstract: An embodiment includes a secure and stable method for sending information across a compute continuum. For example, the method may include executing an application (e.g., video player) on a first node (e.g., tablet) with a desire to perform “context migration” to a second node (e.g., desktop). This may allow a user to watch a movie on the tablet, stop watching the movie, and then resume watching the movie from the desktop. To do so in a secure and stable manner, the first node may request security and performance credentials from the second node. If both credential sets satisfy thresholds, the first node may transfer content (e.g., encrypted copy of a movie) and state information (e.g., placeholder indicating where the movie was when context transfer began). The second node may then allow the user to resume his or her movie watching from the desktop. Other embodiments are described herein.

公开(公告)号：US20170140153A1

公开(公告)日：2017-05-18

申请号：US15421539

申请日：2017-02-01

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

IPC: G06F21/57 ,  G06F9/44 ,  H04L9/30 ,  G06F21/53 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L2209/60

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

公开(公告)号：US09626196B2

公开(公告)日：2017-04-18

申请号：US14222014

申请日：2014-03-21

Applicant: Intel Corporation

Inventor： Vincent J. Zimmer ,  Michael A. Rothman

IPC: H04L29/06 ,  G06F9/24 ,  G06F9/44

CPC classification number: G06F9/4416 ,  G06F9/4401 ,  G06F21/575 ,  H04L1/0041 ,  H04L9/3268 ,  H04L63/0823 ,  H04L65/4076 ,  H04L67/34

Abstract: Technologies for broadcasting management information include a management server and a number of client devices. The management server encodes management data such as a certificate revocation list into a number of message fragments using a fountain code encoding algorithm and broadcasts the message fragments continually over a network. Each client device analyzes the network during a boot process to receive the broadcast message fragments. Each client device decodes the message fragments using a fountain code decoding algorithm and determines whether the message is complete. If the message is complete, the client device parses the message to retrieve the management data and may install the management data on the client device. If the message is incomplete, the client device may store the message fragments in nonvolatile storage for processing during future boot events. The client device may perform those operations in a pre-boot firmware environment. Other embodiments are described and claimed.

公开(公告)号：US09563775B2

公开(公告)日：2017-02-07

申请号：US14982697

申请日：2015-12-29

Applicant: Intel Corporation

Inventor： Guo Dong ,  Jiewen Yao ,  Vincent J. Zimmer ,  Michael A. Rothman

IPC: G06F3/00 ,  G06F21/57 ,  G06F21/71 ,  G06F9/44

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F21/71 ,  G06F2221/034 ,  G09C1/00 ,  H04L2209/127

Abstract: Technologies for improving platform initialization on a computing device include beginning initialization of a platform of the computing device using a basic input/output system (BIOS) of the computing device. A security co-processor driver module adds a security co-processor command to a command list when a security processor command is received from the BIOS module. The computing device establishes a periodic interrupt of the initialization of the platform to query the security co-processor regarding the availability of a response to a previously submitted security co-processor command, forward any responses received by the security co-processor driver module to the BIOS module, and submit the next security co-processor command in the command list to the security co-processor.

Abstract translation: 用于在计算设备上改进平台初始化的技术包括使用计算设备的基本输入/输出系统（BIOS）开始初始化计算设备的平台。 当从BIOS模块接收到安全处理器命令时，安全协处理器驱动程序模块将一个安全协处理器命令添加到命令列表中。 计算设备建立平台的初始化的周期性中断，以向安全协处理器询问关于先前提交的安全协处理器命令的响应的可用性，将由安全协处理器驱动器模块接收的任何响应转发到 BIOS模块，并将命令列表中的下一个安全协处理器命令提交给安全协处理器。

公开(公告)号：US20160323284A1

公开(公告)日：2016-11-03

申请号：US15204799

申请日：2016-07-07

Applicant: Intel Corporation

Inventor： Robert C. Swanson ,  Daniel Nemiroff ,  Vincent J. Zimmer ,  Mallik Bulusu ,  John R. Lindsley ,  Robert W. Cone ,  Malay Trivedi ,  Piotr Kwidzinski

IPC: H04L29/06 ,  G06F21/57 ,  G06F21/55 ,  G06F3/06

CPC classification number: H04L63/10 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0683 ,  G06F13/28 ,  G06F21/554 ,  G06F21/57 ,  G06F21/572

Abstract: Embodiments of multinode hubs for trust operations are disclosed herein. In some embodiments, a multinode hub may include a plurality of memory regions, a trapping module, and a trusted platform module (TPM) component. Each memory region may be associated with and receive trust operation data from a coherent computing node. The trapping module may generate trap notifications in response to accesses to the plurality of memory regions by the associated coherent computing nodes. The trap notifications may indicate which of the plurality of memory locations has been accessed, and the TPM component may process the trust operation data in a memory region indicated by a trap notification. Other embodiments may be disclosed and/or claimed.

公开(公告)号：US09384352B2

公开(公告)日：2016-07-05

申请号：US14127211

申请日：2013-10-02

Applicant: Intel Corporation

Inventor： Jiewen Yao ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Willard M. Wiseman ,  Qin Long ,  Shihui Li

IPC: G06F9/00 ,  G06F21/57 ,  G06F21/72 ,  G06F9/44

CPC classification number: G06F21/575 ,  G06F9/4403 ,  G06F21/72

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor including secure non-volatile storage that couples to a root index, having a fixed address, and comprises first and second variables referenced by the root index; and semiconductor integrated code (SIC) including embedded processor logic to initialize a processor and embedded memory logic to initialize a memory coupled to the processor; wherein (a) the SIC is to be executed responsive to resetting the processor and prior to providing control to boot code, and (b) the SIC is to perform pre-boot operations in response to accessing at least one of the first and second variables. Other embodiments are described herein.

Abstract translation: 实施例包括一种装置，包括：带外密码处理器，包括耦合到具有固定地址的根索引的安全非易失性存储器，并且包括由根索引引用的第一和第二变量; 以及包括用于初始化处理器和嵌入式存储器逻辑的嵌入式处理器逻辑以初始化耦合到所述处理器的存储器的半导体集成代码（SIC）; 其中（a）响应于重置所述处理器并且在向引导代码提供控制之前响应于所述SIC执行所述SIC，以及（b）所述SIC响应于访问所述第一和第二变量中的至少一个来执行预引导操作 。 本文描述了其它实施例。

公开(公告)号：US09098300B2

公开(公告)日：2015-08-04

申请号：US13935767

申请日：2013-07-05

Applicant: INTEL CORPORATION

Inventor： Vincent J. Zimmer ,  Bin Xing ,  Scott H. Robinson

IPC: G06F1/00 ,  G06F9/44 ,  G06F11/07 ,  G06F11/10 ,  G06F21/14 ,  G06F21/57

CPC classification number: G06F9/4401 ,  G06F11/073 ,  G06F11/076 ,  G06F11/1092 ,  G06F21/14 ,  G06F21/572 ,  G06F21/575

Abstract: In one embodiment, a semiconductor integrated code (SIC) may be provided in a binary format by a processor manufacturer. This SIC may include platform independent code of the processor manufacturer. Such code may include embedded processor logic to initialize the processor and at least one link that couples the processor to a memory, and embedded memory logic to initialize the memory. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，半导体集成代码（SIC）可由处理器制造商以二进制格式提供。 该SIC可以包括处理器制造商的平台无关代码。 这样的代码可以包括用于初始化处理器的嵌入式处理器逻辑和将处理器耦合到存储器的至少一个链路以及嵌入式存储器逻辑以初始化存储器。 描述和要求保护其他实施例。

公开(公告)号：US08832494B2

公开(公告)日：2014-09-09

申请号：US13994951

申请日：2012-09-26

Applicant: Intel Corporation

Inventor： Qian Ouyang ,  Yang Cong ,  Jiewen Yao ,  Vincent J. Zimmer

IPC: G06F11/00 ,  H04N5/44

CPC classification number: H04N5/44 ,  H04L12/1827 ,  H04N21/41415 ,  H04N21/443 ,  H04N21/488 ,  H04N21/812

Abstract: A first video messaging service, running on top of an operating system in a data processing system, automatically presents a first video message. After using the first video messaging service to present the first video message, the data processing system automatically determines whether the first video messaging service has become nonfunctional. In response to determining that the first video messaging service has become nonfunctional, the data processing system automatically uses a backup video messaging service to present a second video message. The backup video messaging service operates in a boot environment. In one embodiment, the data processing system is configured to provide digital signage, the first video messaging service presents content for the digital signage when the operating system is operational, and the second video messaging service presents content for the digital signage when the operating system is nonfunctional. Other embodiments are described and claimed.

Abstract translation: 在数据处理系统中的操作系统之上运行的第一视频消息服务自动呈现第一视频消息。 在使用第一视频消息服务呈现第一视频消息之后，数据处理系统自动地确定第一视频消息服务是否已经变得不起作用。 为了响应于确定第一视频消息收发服务变得不起作用，数据处理系统自动使用备份视频消息服务来呈现第二视频消息。 备份视频消息服务在引导环境中运行。 在一个实施例中，数据处理系统被配置为提供数字标牌，当操作系统可操作时，第一视频消息收发服务呈现用于数字标牌的内容，并且当操作系统为 无功能 描述和要求保护其他实施例。

公开(公告)号：US08786622B2

公开(公告)日：2014-07-22

申请号：US13722088

申请日：2012-12-20

Applicant: Intel Corporation

Inventor： Jerry Zhao ,  Michael A. Rothman ,  Vincent J. Zimmer ,  Qian Ouyang

IPC: G09G5/00

CPC classification number: G06F9/45533 ,  G06F9/451

Abstract: Methods and apparatus to provide dynamic messaging services are disclosed. An example method includes determining, in a pre-boot environment, supported dimensions for display of information on the display screen; generating, in the pre-boot environment, restricted dimensions that are less than the supported dimensions; providing the restricted dimensions to an operating system of a virtual machine supported by a virtual machine manager, wherein the restricted dimensions define a boundary between a first screen portion and a second screen portion; displaying first information in the first screen portion and displaying second information in the second screen portion; and preventing, via the virtual machine manager, elimination of the first screen portion from the display screen.

Abstract translation: 公开了提供动态消息接发服务的方法和装置。 示例性方法包括在预引导环境中确定用于在显示屏幕上显示信息的支持尺寸; 在预引导环境中生成小于所支持尺寸的限制尺寸; 向所述虚拟机管理器支持的虚拟机的操作系统提供所述限制的维度，其中所述受限维度定义了第一屏幕部分和第二屏幕部分之间的边界; 在第一屏幕部分显示第一信息并在第二屏幕部分显示第二信息; 并且经由虚拟机管理器防止从显示屏幕消除第一屏幕部分。