公开(公告)号：US20160173465A1

公开(公告)日：2016-06-16

申请号：US14568747

申请日：2014-12-12

申请人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Shahrok Shahidzadeh ,  Mohan J. Kumar ,  Sergiu D. Ghetie

发明人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Shahrok Shahidzadeh ,  Mohan J. Kumar ,  Sergiu D. Ghetie

IPC分类号： H04L29/06 ,  G06F21/44

CPC分类号： H04L63/107 ,  G06F21/34 ,  G06F21/575 ,  G06F2221/2111

摘要： Technologies for verifying authorized operation includes an administration server to query a dual-headed identification device of a server for identification data indicative of an identity of the server. The dual-headed identification device includes a wired communication circuit, a wireless communication circuit, and a memory having the identification data stored therein. The administration server further obtains the identification data from the dual-headed identification device of the server, determines a context of the server, and determines whether boot of the server is authorized based on the context of the server, the identification data of the server, and a security policy of the server.

摘要翻译： 用于验证授权操作的技术包括管理服务器，用于查询服务器的双头标识设备，用于指示服务器的身份的标识数据。 双头识别装置包括有线通信电路，无线通信电路和存储有识别数据的存储器。 管理服务器还从服务器的双头识别装置获取识别数据，确定服务器的上下文，并根据服务器的上下文，服务器的识别数据，确定服务器的启动是否被授权， 和服务器的安全策略。

公开(公告)号：US08590040B2

公开(公告)日：2013-11-19

申请号：US12976523

申请日：2010-12-22

申请人： Sergiu D. Ghetie ,  Shahrokh Shahidzadeh ,  Michael Neve de Mevergnies ,  Adil Karrar ,  Vincent J. Zimmer

发明人： Sergiu D. Ghetie ,  Shahrokh Shahidzadeh ,  Michael Neve de Mevergnies ,  Adil Karrar ,  Vincent J. Zimmer

IPC分类号： G06F21/00

CPC分类号： G06F21/572

摘要： Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image.In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.

摘要翻译： 本发明的实施例针对存储在处理器安全存储器中的逻辑和/或模块来确定第一平台固件映像（例如，基本输入/输出系统（BIOS），设备只读存储器（ROM），可管理性引擎固件） 加载到处理器缓存中是有效的。 如果判定为有效，则处理器执行第一平台固件映像。 如果第一平台图像被确定为无效，则定位第二平台固件图像。 如果该平台固件图像被确定为有效，则处理器将执行所述第二平台图像。 在本发明的一些实施例中，确定第一平台固件图像是否有效是至少部分地基于与第一平台固件图像相关联的数字签名的验证。 可以例如从私钥来创建数字签名，其中通过公钥验证数字签名。

公开(公告)号：US20120167205A1

公开(公告)日：2012-06-28

申请号：US12976523

申请日：2010-12-22

申请人： Sergiu D. Ghetie ,  Shahrokh Shahidzadeh ,  Michael Neve de Mevergnies ,  Adil Karrar ,  Vincent J. Zimmer

发明人： Sergiu D. Ghetie ,  Shahrokh Shahidzadeh ,  Michael Neve de Mevergnies ,  Adil Karrar ,  Vincent J. Zimmer

IPC分类号： G06F21/00

CPC分类号： G06F21/572

摘要： Embodiments of the invention are directed towards logic and/or modules stored in processor secure storage to determine whether a first platform firmware image (e.g., basic input/output system (BIOS), device read-only memory (ROM), manageability engine firmware) loaded onto a processor cache is valid. The processor executes the first platform firmware image if it is determined to be valid. If the first platform image is determined to be invalid, a second platform firmware image is located. If this platform firmware image is determined to be valid, the processor will execute said second platform image.In some embodiments of the invention, the determination of whether the first platform firmware image is valid is based, at least in part, on verification of a digital signature associated with the first platform firmware image. The digital signature may be created, for example, from a private key, wherein the digital signature is verified via a public key.

摘要翻译： 本发明的实施例针对存储在处理器安全存储器中的逻辑和/或模块来确定第一平台固件映像（例如，基本输入/输出系统（BIOS），设备只读存储器（ROM），可管理性引擎固件） 加载到处理器缓存中是有效的。 如果判定为有效，则处理器执行第一平台固件映像。 如果第一平台图像被确定为无效，则定位第二平台固件图像。 如果该平台固件图像被确定为有效，则处理器将执行所述第二平台图像。 在本发明的一些实施例中，确定第一平台固件图像是否有效是至少部分地基于与第一平台固件图像相关联的数字签名的验证。 可以例如从私钥来创建数字签名，其中通过公钥验证数字签名。

公开(公告)号：US20160283284A1

公开(公告)日：2016-09-29

申请号：US14671077

申请日：2015-03-27

申请人： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent J. Zimmer ,  Gopinatth Selvaraje ,  Uttam K. Sengupta

发明人： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent J. Zimmer ,  Gopinatth Selvaraje ,  Uttam K. Sengupta

IPC分类号： G06F9/50 ,  G06N99/00

CPC分类号： G06F9/5094 ,  G06F9/5044 ,  G06F2209/509 ,  G06N99/005 ,  Y02D10/22

摘要： Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.

摘要翻译： 用于在处理器和协处理器之间传送卸载或上载数据或任务的技术包括具有处理器和包括协处理器的传感器集线器的计算设备。 协处理器接收与一个或多个传感器相关联的传感器数据，并检测与传感器数据相关的事件。 协处理器确定事件的频率，资源使用成本和功率状态转换成本。 响应于来自处理器的卸载任务请求，协处理器基于频率，资源使用成本和功率状态转移成本来确定总负载值，并且基于总负载值来确定是否接受卸载的任务请求。 总负载值可以被确定为指数移动平均值。 协处理器可以基于事件的主成分分析来确定是否接受卸载的任务请求。 描述和要求保护其他实施例。

公开(公告)号：US20170185207A1

公开(公告)日：2017-06-29

申请号：US14998314

申请日：2015-12-26

申请人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Nithyananda S. Jeganathan ,  Gunner D. Danneels

发明人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Nithyananda S. Jeganathan ,  Gunner D. Danneels

IPC分类号： G06F3/041 ,  G06F1/16

CPC分类号： G06F3/0416 ,  G06F1/1652 ,  G06F3/0412 ,  G06F9/44505

摘要： Technologies for dynamic display include a mobile compute device that comprises a display transformable between at least two different physical topologies. The mobile compute device determines a current physical topology of the display and retrieves a policy based on the determined current physical topology. The policy identifies a corresponding action to occur in response to each of one or more user inputs to the mobile compute device while the display has the current physical topology. The mobile compute device processes a user input based on the retrieved policy.

公开(公告)号：US20170177395A1

公开(公告)日：2017-06-22

申请号：US14976936

申请日：2015-12-21

申请人： Mingqiu Sun ,  Vincent J. Zimmer ,  Rajesh Poornachandran ,  Gopinatth Selvaraje

发明人： Mingqiu Sun ,  Vincent J. Zimmer ,  Rajesh Poornachandran ,  Gopinatth Selvaraje

IPC分类号： G06F9/455 ,  G06F9/50

CPC分类号： G06F9/45558 ,  G06F9/5038 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45587

摘要： A system on a chip (SoC) may comprise at least one processor with at least one core and a storage device comprising a first system virtual machine configured to be executed on the at least one processor. The storage device may comprise a second system virtual machine configured to be executed by the at least one processor. The second system virtual machine may include at least one process virtual machine; a modem configured as one of the at least one process virtual machine; and a real-time operating system (RTOS) to schedule execution of the at least one process virtual machine on the at least one processor.

公开(公告)号：US20160070932A1

公开(公告)日：2016-03-10

申请号：US14482136

申请日：2014-09-10

申请人： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

发明人： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

IPC分类号： G06F21/72 ,  G06F21/79 ,  G06F21/57 ,  H04L9/08

CPC分类号： G06F21/575 ,  G06F9/4406 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L2209/60

摘要： In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，芯片上的系统包括：执行遗留指令集的单个核心，所述单个核心被配置为进入系统管理模式（SMM）以提供可信赖执行环境以执行至少一个安全操作; 以及耦合到所述单个核的存储器控​​制器，所述存储器控制器与系统存储器接口，其中所述系统存储器的一部分包括用于所述SMM的安全存储器，并且所述单个核心将认证并执行引导固件，并且传递 控制到SMM以从受保护的存储器获取密钥对，并将密钥对存储在安全存储器中。 描述和要求保护其他实施例。

公开(公告)号：US20160259649A1

公开(公告)日：2016-09-08

申请号：US14636970

申请日：2015-03-03

申请人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Karunakara Kotary ,  Venkatesh Ramamurthy ,  Pralhad M. Madhavi

发明人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Karunakara Kotary ,  Venkatesh Ramamurthy ,  Pralhad M. Madhavi

IPC分类号： G06F9/44 ,  G06F1/32

CPC分类号： G06F9/4401 ,  G06F1/3203 ,  G06F1/3212 ,  G06F1/3287

摘要： Technologies for fast low-power startup include a computing device with a processor having a power management integrated circuit. The computing device initializes platform components into a low-power state and determines, in a pre-boot firmware environment, the battery state of the computing device. The computing device determines a minimum-power startup (MPS) configuration that identifies platform components to be energized and determines whether the battery state is sufficient for the MPS configuration. If sufficient, the computing device energizes the platform components of the MPS configuration and boots into an MPS boot mode. In the MPS boot mode, the computing device may execute one or more user-configured application(s). If the battery state is sufficient for normal operation, the computing device may boot into a normal mode. In the normal mode, the user may configure the MPS configuration by selecting features for the future MPS boot mode. Other embodiments are described and claimed.

摘要翻译： 用于快速低功率启动的技术包括具有电源管理集成电路的处理器的计算设备。 计算设备将平台组件初始化为低功率状态，并且在预引导固件环境中确定计算设备的电池状态。 计算设备确定识别待激励的平台组件的最小功率启动（MPS）配置，并确定电池状态是否足够用于MPS配置。 如果足够，计算设备激活MPS配置的平台组件并启动到MPS引导模式。 在MPS引导模式中，计算设备可以执行一个或多个用户配置的应用。 如果电池状态对于正常操作是足够的，则计算设备可以启动进入正常模式。 在正常模式下，用户可以通过选择未来MPS引导模式的功能来配置MPS配置。 描述和要求保护其他实施例。

公开(公告)号：US20160191595A1

公开(公告)日：2016-06-30

申请号：US14583668

申请日：2014-12-27

申请人： Rajesh Poornachandran ,  Ned M. Smith ,  Michael D. Rosenzweig ,  Vincent J. Zimmer ,  Qixiong J. Bian

发明人： Rajesh Poornachandran ,  Ned M. Smith ,  Michael D. Rosenzweig ,  Vincent J. Zimmer ,  Qixiong J. Bian

IPC分类号： H04L29/06 ,  H04L12/26

CPC分类号： H04L65/607 ,  H04L65/80

摘要： Technologies for adaptive real-time media streaming include a computing device to determine, by a trusted execution environment of the computing device, a current workload of the computing device based on at least one activity counter. The at least one activity counter is to record counter data associated with performance of the computing device. Further, the computing device determines a residual workload capable of being supported by the computing device based on the determined current workload and a new content playback characteristics for streaming media content based on the determined residual workload. The computing device streams media content received from a trusted server based on the determined new content playback characteristics.

摘要翻译： 用于自适应实时媒体流的技术包括计算设备，用于基于至少一个活动计数器确定所述计算设备的可信执行环境中所述计算设备的当前工作负载。 至少一个活动计数器是记录与计算设备的性能相关联的计数器数据。 此外，计算设备基于所确定的当前工作负载来确定能够被计算设备支持的剩余工作负载，以及基于所确定的剩余工作量的流媒体内容的新内容回放特性。 计算设备基于所确定的新内容播放特性来流式传输从可信服务器接收的媒体内容。

公开(公告)号：US09858412B2

公开(公告)日：2018-01-02

申请号：US14749856

申请日：2015-06-25

申请人： Karunakara Kotary ,  Rajesh Poornachandran ,  Scott D. Brenden ,  Vincent J. Zimmer

发明人： Karunakara Kotary ,  Rajesh Poornachandran ,  Scott D. Brenden ,  Vincent J. Zimmer

IPC分类号： G06F21/53 ,  G06F21/57 ,  G06F12/14 ,  G06F3/06

CPC分类号： G06F21/53 ,  G06F3/0623 ,  G06F3/0655 ,  G06F3/0679 ,  G06F12/1408 ,  G06F21/572 ,  G06F2212/1052 ,  G06F2221/2111

摘要： Systems, apparatuses and methods may provide for receiving, from a host driver, factory data including one or more of calibration data, platform identifier data, manufacturer data or wireless carrier data, and verifying integrity of the factory data. Additionally, the factory data may be provisioned into non-volatile memory (NVM) in accordance with an operating system independent format managed by a platform root-of-trust such as a Trusted Execution Environment (TEE). In one example, provisioning the factory data includes defining one or more partitions in the NVM, initiating storage of the factory data to the NVM along the one or more partitions, and specifying a restriction profile for the one or more partitions, wherein the restriction profile includes one or more of read restrictions, write restrictions, time bound restrictions or location bound restrictions.