公开(公告)号：US09958926B2

公开(公告)日：2018-05-01

申请号：US13976903

申请日：2011-12-13

Applicant: Leena K. Puthiyedath ,  Raj K. Ramanujan ,  Michael Rothman ,  Blaise Fanning ,  Vincent J. Zimmer

Inventor： Leena K. Puthiyedath ,  Raj K. Ramanujan ,  Michael Rothman ,  Blaise Fanning ,  Vincent J. Zimmer

IPC: G06F1/32

CPC classification number: G06F1/3234 ,  G06F1/3275 ,  Y02D10/13 ,  Y02D10/14

Abstract: A non-volatile random access memory (NVRAM) is used in a computer system to provide instant responses to sleep state transitions. The computer system includes a processor coupled to an NVRAM, which is accessible by the processor without passing through an I/O subsystem. The NVRAM is byte-rewritable and byte-erasable by the processor. In response to a request to enter a powered sleep state, the computer system converts the powered sleep state into a powered-off sleep state with system memory context stored in the NVRAM. The powered sleep state is defined as a state in which power is supplied to volatile random access memory in the computer system, and the powered-off sleep state is defined as a state in which power is removed from the volatile random access memory. In response to a wake event, the computer system resumes working state operations using the system memory context stored in the NVRAM.

公开(公告)号：US20170185207A1

公开(公告)日：2017-06-29

申请号：US14998314

申请日：2015-12-26

Applicant: Rajesh Poornachandran ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Nithyananda S. Jeganathan ,  Gunner D. Danneels

Inventor： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Nithyananda S. Jeganathan ,  Gunner D. Danneels

IPC: G06F3/041 ,  G06F1/16

CPC classification number: G06F3/0416 ,  G06F1/1652 ,  G06F3/0412 ,  G06F9/44505

Abstract: Technologies for dynamic display include a mobile compute device that comprises a display transformable between at least two different physical topologies. The mobile compute device determines a current physical topology of the display and retrieves a policy based on the determined current physical topology. The policy identifies a corresponding action to occur in response to each of one or more user inputs to the mobile compute device while the display has the current physical topology. The mobile compute device processes a user input based on the retrieved policy.

公开(公告)号：US20170177395A1

公开(公告)日：2017-06-22

申请号：US14976936

申请日：2015-12-21

Applicant: Mingqiu Sun ,  Vincent J. Zimmer ,  Rajesh Poornachandran ,  Gopinatth Selvaraje

Inventor： Mingqiu Sun ,  Vincent J. Zimmer ,  Rajesh Poornachandran ,  Gopinatth Selvaraje

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/5038 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45587

Abstract: A system on a chip (SoC) may comprise at least one processor with at least one core and a storage device comprising a first system virtual machine configured to be executed on the at least one processor. The storage device may comprise a second system virtual machine configured to be executed by the at least one processor. The second system virtual machine may include at least one process virtual machine; a modem configured as one of the at least one process virtual machine; and a real-time operating system (RTOS) to schedule execution of the at least one process virtual machine on the at least one processor.

公开(公告)号：US20160070932A1

公开(公告)日：2016-03-10

申请号：US14482136

申请日：2014-09-10

Applicant: Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

Inventor： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

IPC: G06F21/72 ,  G06F21/79 ,  G06F21/57 ,  H04L9/08

CPC classification number: G06F21/575 ,  G06F9/4406 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L2209/60

Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，芯片上的系统包括：执行遗留指令集的单个核心，所述单个核心被配置为进入系统管理模式（SMM）以提供可信赖执行环境以执行至少一个安全操作; 以及耦合到所述单个核的存储器控​​制器，所述存储器控制器与系统存储器接口，其中所述系统存储器的一部分包括用于所述SMM的安全存储器，并且所述单个核心将认证并执行引导固件，并且传递 控制到SMM以从受保护的存储器获取密钥对，并将密钥对存储在安全存储器中。 描述和要求保护其他实施例。

公开(公告)号：US09210148B2

公开(公告)日：2015-12-08

申请号：US13995511

申请日：2011-12-30

Applicant: Mallik Bulusu ,  Robert Bahnsen ,  Vincent J. Zimmer ,  Robert S. Gittins ,  Robert C. Swanson

Inventor： Mallik Bulusu ,  Robert Bahnsen ,  Vincent J. Zimmer ,  Robert S. Gittins ,  Robert C. Swanson

IPC: H04L29/06 ,  G06F21/00

CPC classification number: H04L63/0876 ,  G06F21/00 ,  H04L63/08 ,  H04W12/06 ,  H04W12/08

Abstract: An embodiment includes a secure and stable method for sending information across a compute continuum. For example, the method may include executing an application (e.g., video player) on a first node (e.g., tablet) with a desire to perform “context migration” to a second node (e.g., desktop). This may allow a user to watch a movie on the tablet, stop watching the movie, and then resume watching the movie from the desktop. To do so in a secure and stable manner, the first node may request security and performance credentials from the second node. If both credential sets satisfy thresholds, the first node may transfer content (e.g., encrypted copy of a movie) and state information (e.g., placeholder indicating where the movie was when context transfer began). The second node may then allow the user to resume his or her movie watching from the desktop. Other embodiments are described herein.

Abstract translation: 一个实施例包括用于在计算连续体上发送信息的安全且稳定的方法。 例如，该方法可以包括在第一节点（例如，平板电脑）上执行应用（例如，视频播放器），期望执行到第二节点（例如桌面）的“上下文迁移”。 这可能允许用户在平板电脑上观看电影，停止观看电影，然后从桌面恢复观看电影。 为了以安全和稳定的方式这样做，第一节点可以从第二节点请求安全性和性能凭证。 如果两个凭证组都满足阈值，则第一节点可以传送内容（例如，电影的加密副本）和状态信息（例如，当上下文传送开始时，指示电影在哪里的占位符）。 然后，第二节点可以允许用户从桌面恢复他或她的电影观看。 本文描述了其它实施例。

公开(公告)号：US20150278068A1

公开(公告)日：2015-10-01

申请号：US14226612

申请日：2014-03-26

Applicant: Robert C. Swanson ,  C. Brendan Traw ,  Vincent J. Zimmer ,  Mallik Bulusu ,  John R. Lindsley ,  Mahesh S. Natu ,  Dimitrios Ziakas ,  Robert W. Cone ,  Madhusudhan Rangarajan ,  Babak Nikjou ,  Kirk D. Brannock ,  Russell J. Wunderlich ,  Miles F. Schwartz ,  Stephen S. Pawlowski

Inventor： Robert C. Swanson ,  C. Brendan Traw ,  Vincent J. Zimmer ,  Mallik Bulusu ,  John R. Lindsley ,  Mahesh S. Natu ,  Dimitrios Ziakas ,  Robert W. Cone ,  Madhusudhan Rangarajan ,  Babak Nikjou ,  Kirk D. Brannock ,  Russell J. Wunderlich ,  Miles F. Schwartz ,  Stephen S. Pawlowski

IPC: G06F11/34 ,  G06F9/44

CPC classification number: G06F11/3476 ,  G06F9/4403 ,  G06F9/4416 ,  G06F11/1417 ,  G06F21/575 ,  G06F2201/84

Abstract: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.

Abstract translation: 平台控制器，计算机可读存储介质以及与计算设备的初始化相关联的方法。 在实施例中，平台控制器可以包括与引导控制器耦合的引导控制器和一个或多个非易失性存储器模块。 在实施例中，一个或多个非易失性存储器模块可以具有存储在其上的第一指令和第二指令。 当由托管平台控制器的计算设备的处理器执行时，第一指令可以引起计算设备的初始化。 第二指令在由引导控制器执行时可能导致引导控制器监视计算设备执行第一指令的至少一部分，并且可以生成第一指令的执行的监视部分的跟踪。 在实施例中，迹线可以存储在一个或多个非易失性存储器模块中。 可以描述和/或要求保护其他实施例。

公开(公告)号：US09135470B2

公开(公告)日：2015-09-15

申请号：US12772365

申请日：2010-05-03

Applicant: Vincent J. Zimmer ,  Michael A. Rothman

Inventor： Vincent J. Zimmer ,  Michael A. Rothman

IPC: G06F21/71 ,  G06F21/57 ,  G06F21/72 ,  G06F21/80

CPC classification number: H04L63/0823 ,  G06F13/4068 ,  G06F21/575 ,  G06F21/71 ,  G06F21/72 ,  G06F21/80 ,  G06F2221/2107 ,  G06F2221/2115 ,  H04L9/3268 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/08

Abstract: In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

Abstract translation: 在一个实施例中，提供了可以包括一个或多个操作的方法。 这些操作中的一个可以至少部分地包括存储输入数据的请求，至少部分地基于一个或多个密钥加密输入数据，以生成输出数据以存储在存储器中。 一个或多个键可以由远程机构授权。 或者或另外，这些操作中的另一个可以至少部分地包括从存储器检索输入数据的请求，至少部分地基于至少一个密钥来解密输出数据。 在不脱离本实施例的情况下，可以进行许多修改，变型和替换。

公开(公告)号：US09063836B2

公开(公告)日：2015-06-23

申请号：US12843617

申请日：2010-07-26

Applicant: Robert C. Swanson ,  Eric R. Wehage ,  Vincent J. Zimmer ,  Mallik Bulusu

Inventor： Robert C. Swanson ,  Eric R. Wehage ,  Vincent J. Zimmer ,  Mallik Bulusu

IPC: G06F11/00 ,  G06F11/10

CPC classification number: G06F11/004 ,  G06F11/1008

Abstract: Methods and apparatus to protect segments of memory are disclosed herein. An example method includes intercepting an interrupt request indicating an error; determining whether a first segment of memory is corrupt, the first segment of memory being designated as a protected region of memory; when the protected region of memory is corrupt, repairing the corrupted region of memory using a parity block of code; and in response to validating the protected region of memory, generating an interrupt enabling a utilization of code stored in the protected region of memory to handle the error associated with the interrupt request.

Abstract translation: 本文公开了保护存储器段的方法和装置。 示例性方法包括拦截指示错误的中断请求; 确定存储器的第一段是否损坏，所述第一存储器段被指定为存储器的保护区域; 当存储器的保护区域损坏时，使用奇偶校验块修复存储器的损坏区域; 并且响应于验证存储器的受保护区域，产生能够使用存储在存储器的保护区域中的代码来处理与中断请求相关联的错误的中断。

公开(公告)号：US20150121055A1

公开(公告)日：2015-04-30

申请号：US14128116

申请日：2013-10-29

Applicant: Vincent J. Zimmer ,  H. P. Anvin ,  Michael A. Rothman ,  David C. Estrada ,  Nicholas J. Yoke ,  Gopinatth Selvaraje

Inventor： Vincent J. Zimmer ,  H. P. Anvin ,  Michael A. Rothman ,  David C. Estrada ,  Nicholas J. Yoke ,  Gopinatth Selvaraje

IPC: G06F9/44 ,  G06F9/445

CPC classification number: G06F9/4401 ,  G06F9/4403 ,  G06F9/441

Abstract: The present disclosure is directed to flexible bootstrap code architecture. A device may comprise equipment for operating the device and an operating system (OS) for operating the equipment A boor, module may also be included in the device to execute boot operations. At least one flexible boot (FB) module in the boot module may interact with the equipment and/or OS during the boot operations to cause the boot operations to become device-specific. An example boot module may comprise a plurality of FB modules. An example FB module may verify a device/chipset identification and may control the boot operations based on the identification. Other example FB modules may select resources to load based on an OS type, may provide a boot configuration table location for use in OS runtime boot configuration or may load variables from a preload variable directory for use in configuring boot operations.

Abstract translation: 本公开涉及灵活的引导代码架构。 设备可以包括用于操作设备的设备和用于操作设备的操作系统（OS）。还可以将该模块包括在设备中以执行引导操作。 引导模块中的至少一个灵活启动（FB）模块可能在引导操作期间与设备和/或OS进行交互，以使引导操作成为设备特定的。 示例性引导模块可以包括多个FB模块。 示例FB模块可以验证设备/芯片组标识，并且可以基于识别来控制引导操作。 其他示例FB模块可以基于OS类型选择要加载的资源，可以提供用于OS运行时引导配置的引导配置表位置，或者可以从用于配置引导操作的预加载变量目录加载变量。

公开(公告)号：US08892858B2

公开(公告)日：2014-11-18

申请号：US13810654

申请日：2011-12-29

Applicant: Ned M. Smith ,  Vincent J. Zimmer ,  Victoria C. Moore

Inventor： Ned M. Smith ,  Vincent J. Zimmer ,  Victoria C. Moore

IPC: G06F21/57 ,  G06F9/24

CPC classification number: G06F21/575 ,  G06F9/24 ,  G06F9/4401

Abstract: A data processing system may include a high integrity storage (HIS) device with a partition or cache that is protected from updates. The data processing system may perform a boot process in response to being reactivated. The boot process may include the operation of executing a boot object. During the boot process, before executing the boot object, the data processing system may retrieve a digest for the boot object from the protected cache of the HIS device. The digest may be a cryptographic hash value for the boot object. During the boot process, the retrieved digest may be extended into a platform configuration register in a trusted platform module of the data processing system. Other embodiments are described and claimed.

Abstract translation: 数据处理系统可以包括具有防止更新的分区或高速缓存的高完整性存储（HIS）设备。 数据处理系统可以响应于重新激活而执行引导过程。 引导过程可以包括执行引导对象的操作。 在引导过程中，在执行引导对象之前，数据处理系统可以从HIS设备的受保护缓存中检索引导对象的摘要。 摘要可能是引导对象的加密哈希值。 在引导过程中，检索到的摘要可以扩展到数据处理系统的可信平台模块中的平台配置寄存器。 描述和要求保护其他实施例。