中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

17 records (took 0.013 seconds)

    SECURE SENSOR DATA TRANSPORT AND PROCESSING
    1.
    发明申请
    SECURE SENSOR DATA TRANSPORT AND PROCESSING 有权

    公开(公告)号:US20170093852A1

    公开(公告)日:2017-03-30

    申请号:US14865258

    申请日:2015-09-25

    Applicant: Intel Corporation

    Inventor: HORMUZD M. KHOSRAVI BASSAM N. COURY VINCENT J. ZIMMER

    IPC: H04L29/06

    CPC classification number: H04L63/0876 G06F21/32 G06F21/57 G06F21/606 H04L63/0861 H04L63/102

    Abstract: The present disclosure is directed to secure sensor data transport and processing. End-to-end security may prevent attackers from altering data during the sensor-based security procedure. For example, following sensor data capture execution in a device may be temporarily suspended. During the suspension of execution, sensor interface circuitry in the device may copy the sensor data from a memory location associated with the sensor to a trusted execution environment (TEE) within the device. The TEE may provide a secure location in which the sensor data may be processed and a determination may be made as to whether to grant access to the secure resources. The TEE may comprise, for example, match circuitry to compare the sensor data to previously captured sensor data for users that are allowed to access the secured resources and output circuitry to grant access to the secured resources or to perform activities associated with a security exception.

    MIGRATION OF FULL-DISK ENCRYPTED VIRTUALIZED STORAGE BETWEEN BLADE SERVERS
    2.
    发明申请
    MIGRATION OF FULL-DISK ENCRYPTED VIRTUALIZED STORAGE BETWEEN BLADE SERVERS 审中-公开
    刀片服务器之间全盘加密虚拟化存储的迁移

    公开(公告)号:US20150244559A1

    公开(公告)日:2015-08-27

    申请号:US14697956

    申请日:2015-04-28

    Applicant: Intel Corporation

    Inventor: PALSAMY SAKTHIKUMAR VINCENT J. ZIMMER

    IPC: H04L12/24

    CPC classification number: H04L41/00 G06F11/203 G06F21/57 G06F21/80 G06F2221/2107 H04L9/0827 H04L9/0877 H04L41/28 H04L63/061

    Abstract: A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.

    Abstract translation: 一种具有指令的方法,系统和计算机可读存储介质,用于在刀片服务器之间迁移全盘加密的虚拟存储。 获得用于在第一刀片服务器上执行操作的键。 密钥是从虚拟安全硬件实例获得的,并通过安全的带外通信信道提供给第一个刀片服务器。 密钥从第一个刀片服务器迁移到第二个刀片服务器。 该密钥用于对存储在第一个刀片服务器上的数据执行硬件加密。 将数据迁移到第二个刀片服务器,而不会在第一个刀片服务器上解密数据,而第二个刀片服务器使用密钥来访问数据。 描述和要求保护其他实施例。

    TECHNIQUES FOR DISTRIBUTED OPERATION OF SECURE CONTROLLERS
    3.
    发明申请
    TECHNIQUES FOR DISTRIBUTED OPERATION OF SECURE CONTROLLERS 有权

    公开(公告)号:US20220382526A1

    公开(公告)日:2022-12-01

    申请号:US17885509

    申请日:2022-08-10

    Applicant: INTEL CORPORATION

    Inventor: Mingqiu SUN Rajesh POORNACHANDRAN VINCENT J. ZIMMER Ned M. SMITH Gopinatth SELVARAJE

    IPC: G06F8/41 G06F9/455 G06F21/57 G06F9/50 G06F21/53 G06F21/62 G06F21/00

    Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

    TECHNIQUES TO PROVIDE A SECURE SYSTEM MANAGEMENT MODE
    5.
    发明申请
    TECHNIQUES TO PROVIDE A SECURE SYSTEM MANAGEMENT MODE 审中-公开

    公开(公告)号:US20170286318A1

    公开(公告)日:2017-10-05

    申请号:US15089235

    申请日:2016-04-01

    Applicant: INTEL CORPORATION

    Inventor: KIRK D. BRANNOCK BARRY E. HUNTLEY VINCENT J. ZIMMER

    IPC: G06F12/14 G06F12/10 G06F13/24

    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for allocating a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM, generating a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and setting one or more page table attributes for the page table to prevent a malicious code attack on the SMM.

    MIGRATION OF FULL-DISK ENCRYPTED VIRTUALIZED STORAGE BETWEEN BLADE SERVERS
    6.
    发明申请
    MIGRATION OF FULL-DISK ENCRYPTED VIRTUALIZED STORAGE BETWEEN BLADE SERVERS 审中-公开
    刀片服务器之间全盘加密虚拟化存储的迁移

    公开(公告)号:US20170033970A9

    公开(公告)日:2017-02-02

    申请号:US14697956

    申请日:2015-04-28

    Applicant: Intel Corporation

    Inventor: PALSAMY SAKTHIKUMAR VINCENT J. ZIMMER

    IPC: H04L12/24

    CPC classification number: H04L41/00 G06F11/203 G06F21/57 G06F21/80 G06F2221/2107 H04L9/0827 H04L9/0877 H04L41/28 H04L63/061

    Abstract: A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.

    Abstract translation: 一种具有指令的方法,系统和计算机可读存储介质,用于在刀片服务器之间迁移全盘加密的虚拟存储。 获得用于在第一刀片服务器上执行操作的键。 密钥是从虚拟安全硬件实例获得的,并通过安全的带外通信信道提供给第一个刀片服务器。 密钥从第一个刀片服务器迁移到第二个刀片服务器。 该密钥用于对存储在第一个刀片服务器上的数据执行硬件加密。 将数据迁移到第二个刀片服务器,而不会在第一个刀片服务器上解密数据,而第二个刀片服务器使用密钥来访问数据。 描述和要求保护其他实施例。

    COMMUNICATION OF DEVICE PRESENCE BETWEEN BOOT ROUTINE AND OPERATING SYSTEM
    7.
    发明申请
    COMMUNICATION OF DEVICE PRESENCE BETWEEN BOOT ROUTINE AND OPERATING SYSTEM 审中-公开
    引导程序和操作系统之间的设备通信

    公开(公告)号:US20160371098A1

    公开(公告)日:2016-12-22

    申请号:US15076384

    申请日:2016-03-21

    Applicant: INTEL CORPORATION

    Inventor: DAVID C. ESTRADA VINCENT J. ZIMMER PALSAMY SAKTHIKUMAR

    IPC: G06F9/44 G06F13/26

    CPC classification number: G06F9/4411 G06F9/4406 G06F13/26 G06F13/4027

    Abstract: Various embodiments are directed to creating multiple device blocks associated with hardware devices, arranging the device blocks in an order indicative of positions of the hardware devices in a hierarchy of buses and bridges, and enabling access to the multiple device blocks from an operating system. An apparatus comprises a processor circuit and storage storing instructions operative on the processor circuit to create a device table comprising multiple device blocks, each device block corresponding to one of multiple hardware devices accessible to the processor circuit, the device blocks arranged in an order indicative of relative positions of the hardware devices in a hierarchy of buses and at least one bridge device; enable access to the device table by an operating system; and execute a second sequence of instructions of the operating system operative on the processor circuit to access the device table. Other embodiments are described and claimed herein.

    Abstract translation: 各种实施例涉及创建与硬件设备相关联的多个设备块,以指示总线和桥接器层级中的硬件设备的位置的顺序排列设备块,以及使得能够从操作系统访问多个设备块。 一种装置包括处理器电路和存储器,其存储指令,其操作在所述处理器电路上以创建包括多个设备块的设备表,每个设备块对应于所述处理器电路可访问的多个硬件设备之一,所述设备块以指示 硬件设备在总线和至少一个桥接设备层级中的相对位置; 使操作系统能够访问设备表; 并且执行在处理器电路上操作的操作系统的第二指令序列以访问设备表。 在此描述和要求保护的其它实施例。

    TECHNIQUES FOR PERSISTENT FIRMWARE TRANSFER MONITORING
    9.
    发明申请
    TECHNIQUES FOR PERSISTENT FIRMWARE TRANSFER MONITORING 审中-公开

    公开(公告)号:US20180181762A1

    公开(公告)日:2018-06-28

    申请号:US15393198

    申请日:2016-12-28

    Applicant: INTEL CORPORATION

    Inventor: RAJESH POORNACHANDRAN NED M. SMITH VINCENT J. ZIMMER ATUL A. KHARE KARUNAKARA KOTARY

    IPC: G06F21/57 G06F21/55

    CPC classification number: G06F21/577 G06F21/554 G06F21/575 G06F2221/033

    Abstract: Techniques and computing devices for persistent firmware transfer monitoring and, more specifically, but not exclusively, to a resource filter within a firmware resource monitor configured to persistently store resource information after a boot operation. In one embodiment, for example, an apparatus for persistent firmware transfer monitoring in a computer system comprises at least one memory, at least one processor, and a resource filter comprising logic, at least a portion of the logic comprised in hardware and executed by the processor. The logic to may be configured to receive a list of required resources during a boot operation and receive a list of excluded resources. The resource filter may be further configured to persistently store the list of required resources and the list of excluded resources after the boot operation has completed. It may be determined that one or more changes occurred to either of the list of required resources and the list of excluded resources during the boot process, and a security alert may be generated indicating a potential security threat. Other embodiments are described and claimed.

    SECURE SENSOR DATA TRANSPORT AND PROCESSING
    10.
    发明申请
    SECURE SENSOR DATA TRANSPORT AND PROCESSING 审中-公开

    公开(公告)号:US20180026981A1

    公开(公告)日:2018-01-25

    申请号:US15709091

    申请日:2017-09-19

    Applicant: Intel Corporation

    Inventor: HORMUZD M. KHOSRAVI BASSAM N. COURY VINCENT J. ZIMMER

    IPC: H04L29/06

    CPC classification number: H04L63/0876 G06F21/32 G06F21/57 G06F21/606 H04L63/0861 H04L63/102

    Abstract: The present disclosure is directed to secure sensor data transport and processing. End-to-end security may prevent attackers from altering data during the sensor-based security procedure. For example, following sensor data capture execution in a device may be temporarily suspended. During the suspension of execution, sensor interface circuitry in the device may copy the sensor data from a memory location associated with the sensor to a trusted execution environment (TEE) within the device. The TEE may provide a secure location in which the sensor data may be processed and a determination may be made as to whether to grant access to the secure resources. The TEE may comprise, for example, match circuitry to compare the sensor data to previously captured sensor data for users that are allowed to access the secured resources and output circuitry to grant access to the secured resources or to perform activities associated with a security exception.

Patent Agency Ranking