-
公开(公告)号:US10601955B2
公开(公告)日:2020-03-24
申请号:US15428274
申请日:2017-02-09
Applicant: Intel Corporation
Inventor: Vincent J. Zimmer , Rajesh Poornachandran , Ned M. Smith , Mingqiu Sun , Gopinatth Selvaraje
Abstract: An automated method for distributed and redundant firmware evaluation involves using a first interface that is provided by system firmware of a client device to obtain, at an evaluation server, a first firmware resource table (FRT) from the client device. The evaluation server also uses a second interface that is provided by a component of the client device other than the system firmware to obtain a second FRT from the client device. The evaluation server automatically uses the first and second FRTs to identify a trustworthy FRT among the first and second FRTs. The evaluation server automatically uses the trustworthy FRT to determine whether the client device should be updated. For instance, the evaluation server may automatically use the trustworthy FRT to determine whether firmware in the client device should be updated. Other embodiments are described and claimed.
-
2.发明申请公开(公告)号:US20170372076A1
公开(公告)日:2017-12-28
申请号:US15195320
申请日:2016-06-28
Applicant: Intel Corporation
Inventor: Rajesh Poornachandran , Vincent J. Zimmer , Mingqiu Sun , Gopinatth Selvaraje
CPC classification number: G06F21/575 , G06F9/44 , G06F9/4401 , G06F21/53 , G06F21/74 , G06F2221/034 , H04L9/0897 , H04L9/3268
Abstract: Technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed.
-
公开(公告)号:US09626227B2
公开(公告)日:2017-04-18
申请号:US14671077
申请日:2015-03-27
Applicant: Intel Corporation
Inventor: Mingqiu Sun , Rajesh Poornachandran , Vincent J. Zimmer , Gopinatth Selvaraje , Uttam K. Sengupta
IPC: G06F9/46 , G06F15/173 , G06F1/26 , G06F9/50 , G06N99/00
CPC classification number: G06F9/5094 , G06F9/5044 , G06F2209/509 , G06N99/005 , Y02D10/22
Abstract: Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.
-
公开(公告)号:US10540193B2
公开(公告)日:2020-01-21
申请号:US15590781
申请日:2017-05-09
Applicant: INTEL CORPORATION
Inventor: Mingqiu Sun , Noah Zentzis , Vincent J. Zimmer , Peggy J. Irelan , Timothy E. Abels , Gopinatth Selvaraje , Rajesh Poornachandran
Abstract: A microservice infrastructure that securely maintains the currency of computing platform microservices implemented within a process virtual machine is provided. The computing platform microservices maintained by the infrastructure may include protected methods that provide and control access to components of the underlying computing environment. These components may include, for example, storage devices, peripherals, and network interfaces. By providing a software-defined microservice layer between these hardware components and workflows that specify high-level application logic, the embodiments disclosed herein have enhanced flexibility and scalability when compared to conventional technology.
-
公开(公告)号:US20190243620A1
公开(公告)日:2019-08-08
申请号:US16232372
申请日:2018-12-26
Applicant: INTEL CORPORATION
Inventor: Mingqiu SUN , Rajesh Poornachandran , Vincent J. Zimmer , Ned M. Smith , Gopinatth Selvaraje
CPC classification number: G06F8/41 , G06F9/455 , G06F9/45516 , G06F9/45533 , G06F9/5044 , G06F21/00 , G06F21/53 , G06F21/57 , G06F21/6281
Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.
-
Patent Agency Ranking
公开(公告)号:US10366237B2
公开(公告)日:2019-07-30
申请号:US15421539
申请日:2017-02-01
Applicant: Intel Corporation
Inventor: Vincent J. Zimmer , Peter J. Barry , Rajesh Poornachandran , Arjan Van De Ven , Peter A. Dice , Gopinatth Selvaraje , Julien Carreno , Lee G. Rosenbaum
IPC: G06F21/57 , G06F21/53 , G06F9/44 , H04L9/08 , H04L9/14 , H04L9/30 , G06F21/72 , G06F21/79 , G06F9/4401
Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.
-
公开(公告)号:US09589155B2
公开(公告)日:2017-03-07
申请号:US14493786
申请日:2014-09-23
Applicant: Intel Corporation
CPC classification number: G06F21/73 , G06F21/55 , G06F21/575 , G06F21/74
Abstract: Technologies for verifying hardware components of a computing device include retrieving platform identification data of the computing device, wherein the platform identification data is indicative of one or more reference hardware components of the computing device, accessing hardware component identification data from one or more dual-headed identification devices of the computing device, and comparing the platform identification data to the hardware component identification data to determine whether a hardware component of the computing device has been modified. Each of the one or more dual-headed identification devices is secured to a corresponding hardware component of the computing device, includes identification data indicative of an identity of the corresponding hardware component of the computing device, and is capable of wired and wireless communication.
Abstract translation: 用于验证计算设备的硬件组件的技术包括检索所述计算设备的平台识别数据,其中所述平台标识数据指示所述计算设备的一个或多个参考硬件组件,从一个或多个双头 计算装置的识别装置,以及将平台识别数据与硬件部件识别数据进行比较,以确定计算装置的硬件部件是否已被修改。 一个或多个双头识别装置中的每一个被固定到计算装置的对应的硬件部件,包括指示计算装置的对应硬件部件的身份的识别数据,并且能够进行有线和无线通信。
-
公开(公告)号:US10067805B2
公开(公告)日:2018-09-04
申请号:US15461635
申请日:2017-03-17
Applicant: Intel Corporation
Inventor: Mingqiu Sun , Rajesh Poornachandran , Vincent J. Zimmer , Gopinatth Selvaraje , Uttam K. Sengupta
IPC: G06F9/46 , G06F15/173 , G06F1/26 , G06F9/50 , G06N99/00
Abstract: Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.
-
9.发明申请公开(公告)号:US20170185457A1
公开(公告)日:2017-06-29
申请号:US15461635
申请日:2017-03-17
Applicant: Intel Corporation
Inventor: Mingqiu Sun , Rajesh Poornachandran , Vincent J. Zimmer , Gopinatth Selvaraje , Uttam K. Sengupta
CPC classification number: G06F9/5094 , G06F9/5044 , G06F2209/509 , G06N99/005 , Y02D10/22
Abstract: Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.
-
公开(公告)号:US09674141B2
公开(公告)日:2017-06-06
申请号:US14369567
申请日:2013-12-27
Applicant: INTEL CORPORATION
Inventor: Jiu-Tao Nie , Mingqiu Sun , Chengrui Deng , Xin Wang , Ligang Wang , Gopinatth Selvaraje
CPC classification number: H04L63/02 , G06F21/554 , G06F21/566 , G06F21/57 , H04L51/22
Abstract: Various embodiments are generally directed to implementing a secure mailbox in resource-constrained embedded systems. An apparatus to establish communication with a trusted execution environment includes a processor component, a co-processor component for executing the trusted execution environment, a host operating system component for execution by the processor component and including one or more application components, a mailbox array component for execution by the co-processor to store one or more mailbox components, each mailbox component being associated with a mailbox identification number, and a mailbox firewall component for execution by the co-processor component to facilitate communication between the one or more application components and the one or more mailbox components. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
26
records
(took 0.029 seconds)
