公开(公告)号：US20160070932A1

公开(公告)日：2016-03-10

申请号：US14482136

申请日：2014-09-10

申请人： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

发明人： Vincent J. Zimmer ,  Peter J. Barry ,  Rajesh Poornachandran ,  Arjan Van De Ven ,  Peter A. Dice ,  Gopinatth Selvaraje ,  Julien Carreno ,  Lee G. Rosenbaum

IPC分类号： G06F21/72 ,  G06F21/79 ,  G06F21/57 ,  H04L9/08

CPC分类号： G06F21/575 ,  G06F9/4406 ,  G06F21/53 ,  G06F21/72 ,  G06F21/79 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2111 ,  H04L9/0861 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/302 ,  H04L2209/60

摘要： In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，芯片上的系统包括：执行遗留指令集的单个核心，所述单个核心被配置为进入系统管理模式（SMM）以提供可信赖执行环境以执行至少一个安全操作; 以及耦合到所述单个核的存储器控​​制器，所述存储器控制器与系统存储器接口，其中所述系统存储器的一部分包括用于所述SMM的安全存储器，并且所述单个核心将认证并执行引导固件，并且传递 控制到SMM以从受保护的存储器获取密钥对，并将密钥对存储在安全存储器中。 描述和要求保护其他实施例。

公开(公告)号：US20160283284A1

公开(公告)日：2016-09-29

申请号：US14671077

申请日：2015-03-27

申请人： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent J. Zimmer ,  Gopinatth Selvaraje ,  Uttam K. Sengupta

发明人： Mingqiu Sun ,  Rajesh Poornachandran ,  Vincent J. Zimmer ,  Gopinatth Selvaraje ,  Uttam K. Sengupta

IPC分类号： G06F9/50 ,  G06N99/00

CPC分类号： G06F9/5094 ,  G06F9/5044 ,  G06F2209/509 ,  G06N99/005 ,  Y02D10/22

摘要： Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.

摘要翻译： 用于在处理器和协处理器之间传送卸载或上载数据或任务的技术包括具有处理器和包括协处理器的传感器集线器的计算设备。 协处理器接收与一个或多个传感器相关联的传感器数据，并检测与传感器数据相关的事件。 协处理器确定事件的频率，资源使用成本和功率状态转换成本。 响应于来自处理器的卸载任务请求，协处理器基于频率，资源使用成本和功率状态转移成本来确定总负载值，并且基于总负载值来确定是否接受卸载的任务请求。 总负载值可以被确定为指数移动平均值。 协处理器可以基于事件的主成分分析来确定是否接受卸载的任务请求。 描述和要求保护其他实施例。

公开(公告)号：US20170177395A1

公开(公告)日：2017-06-22

申请号：US14976936

申请日：2015-12-21

申请人： Mingqiu Sun ,  Vincent J. Zimmer ,  Rajesh Poornachandran ,  Gopinatth Selvaraje

发明人： Mingqiu Sun ,  Vincent J. Zimmer ,  Rajesh Poornachandran ,  Gopinatth Selvaraje

IPC分类号： G06F9/455 ,  G06F9/50

CPC分类号： G06F9/45558 ,  G06F9/5038 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45587

摘要： A system on a chip (SoC) may comprise at least one processor with at least one core and a storage device comprising a first system virtual machine configured to be executed on the at least one processor. The storage device may comprise a second system virtual machine configured to be executed by the at least one processor. The second system virtual machine may include at least one process virtual machine; a modem configured as one of the at least one process virtual machine; and a real-time operating system (RTOS) to schedule execution of the at least one process virtual machine on the at least one processor.

公开(公告)号：US20160085995A1

公开(公告)日：2016-03-24

申请号：US14493786

申请日：2014-09-23

申请人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Shahrokh Shahidzadeh ,  Gopinatth Selvaraje

发明人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Shahrokh Shahidzadeh ,  Gopinatth Selvaraje

IPC分类号： G06F21/73 ,  G06F21/55

CPC分类号： G06F21/73 ,  G06F21/55 ,  G06F21/575 ,  G06F21/74

摘要： Technologies for verifying hardware components of a computing device include retrieving platform identification data of the computing device, wherein the platform identification data is indicative of one or more reference hardware components of the computing device, accessing hardware component identification data from one or more dual-headed identification devices of the computing device, and comparing the platform identification data to the hardware component identification data to determine whether a hardware component of the computing device has been modified. Each of the one or more dual-headed identification devices is secured to a corresponding hardware component of the computing device, includes identification data indicative of an identity of the corresponding hardware component of the computing device, and is capable of wired and wireless communication.

摘要翻译： 用于验证计算设备的硬件组件的技术包括检索所述计算设备的平台识别数据，其中所述平台标识数据指示所述计算设备的一个或多个参考硬件组件，从一个或多个双头 计算装置的识别装置，以及将平台识别数据与硬件部件识别数据进行比较，以确定计算装置的硬件部件是否已被修改。 一个或多个双头识别装置中的每一个被固定到计算装置的对应的硬件部件，包括指示计算装置的对应硬件部件的身份的识别数据，并且能够进行有线和无线通信。

公开(公告)号：US20170185207A1

公开(公告)日：2017-06-29

申请号：US14998314

申请日：2015-12-26

申请人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Nithyananda S. Jeganathan ,  Gunner D. Danneels

发明人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Nicholas J. Adams ,  Nithyananda S. Jeganathan ,  Gunner D. Danneels

IPC分类号： G06F3/041 ,  G06F1/16

CPC分类号： G06F3/0416 ,  G06F1/1652 ,  G06F3/0412 ,  G06F9/44505

摘要： Technologies for dynamic display include a mobile compute device that comprises a display transformable between at least two different physical topologies. The mobile compute device determines a current physical topology of the display and retrieves a policy based on the determined current physical topology. The policy identifies a corresponding action to occur in response to each of one or more user inputs to the mobile compute device while the display has the current physical topology. The mobile compute device processes a user input based on the retrieved policy.

公开(公告)号：US20160259649A1

公开(公告)日：2016-09-08

申请号：US14636970

申请日：2015-03-03

申请人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Karunakara Kotary ,  Venkatesh Ramamurthy ,  Pralhad M. Madhavi

发明人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Karunakara Kotary ,  Venkatesh Ramamurthy ,  Pralhad M. Madhavi

IPC分类号： G06F9/44 ,  G06F1/32

CPC分类号： G06F9/4401 ,  G06F1/3203 ,  G06F1/3212 ,  G06F1/3287

摘要： Technologies for fast low-power startup include a computing device with a processor having a power management integrated circuit. The computing device initializes platform components into a low-power state and determines, in a pre-boot firmware environment, the battery state of the computing device. The computing device determines a minimum-power startup (MPS) configuration that identifies platform components to be energized and determines whether the battery state is sufficient for the MPS configuration. If sufficient, the computing device energizes the platform components of the MPS configuration and boots into an MPS boot mode. In the MPS boot mode, the computing device may execute one or more user-configured application(s). If the battery state is sufficient for normal operation, the computing device may boot into a normal mode. In the normal mode, the user may configure the MPS configuration by selecting features for the future MPS boot mode. Other embodiments are described and claimed.

摘要翻译： 用于快速低功率启动的技术包括具有电源管理集成电路的处理器的计算设备。 计算设备将平台组件初始化为低功率状态，并且在预引导固件环境中确定计算设备的电池状态。 计算设备确定识别待激励的平台组件的最小功率启动（MPS）配置，并确定电池状态是否足够用于MPS配置。 如果足够，计算设备激活MPS配置的平台组件并启动到MPS引导模式。 在MPS引导模式中，计算设备可以执行一个或多个用户配置的应用。 如果电池状态对于正常操作是足够的，则计算设备可以启动进入正常模式。 在正常模式下，用户可以通过选择未来MPS引导模式的功能来配置MPS配置。 描述和要求保护其他实施例。

公开(公告)号：US20160173465A1

公开(公告)日：2016-06-16

申请号：US14568747

申请日：2014-12-12

申请人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Shahrok Shahidzadeh ,  Mohan J. Kumar ,  Sergiu D. Ghetie

发明人： Rajesh Poornachandran ,  Vincent J. Zimmer ,  Shahrok Shahidzadeh ,  Mohan J. Kumar ,  Sergiu D. Ghetie

IPC分类号： H04L29/06 ,  G06F21/44

CPC分类号： H04L63/107 ,  G06F21/34 ,  G06F21/575 ,  G06F2221/2111

摘要： Technologies for verifying authorized operation includes an administration server to query a dual-headed identification device of a server for identification data indicative of an identity of the server. The dual-headed identification device includes a wired communication circuit, a wireless communication circuit, and a memory having the identification data stored therein. The administration server further obtains the identification data from the dual-headed identification device of the server, determines a context of the server, and determines whether boot of the server is authorized based on the context of the server, the identification data of the server, and a security policy of the server.

摘要翻译： 用于验证授权操作的技术包括管理服务器，用于查询服务器的双头标识设备，用于指示服务器的身份的标识数据。 双头识别装置包括有线通信电路，无线通信电路和存储有识别数据的存储器。 管理服务器还从服务器的双头识别装置获取识别数据，确定服务器的上下文，并根据服务器的上下文，服务器的识别数据，确定服务器的启动是否被授权， 和服务器的安全策略。

公开(公告)号：US20160191595A1

公开(公告)日：2016-06-30

申请号：US14583668

申请日：2014-12-27

申请人： Rajesh Poornachandran ,  Ned M. Smith ,  Michael D. Rosenzweig ,  Vincent J. Zimmer ,  Qixiong J. Bian

发明人： Rajesh Poornachandran ,  Ned M. Smith ,  Michael D. Rosenzweig ,  Vincent J. Zimmer ,  Qixiong J. Bian

IPC分类号： H04L29/06 ,  H04L12/26

CPC分类号： H04L65/607 ,  H04L65/80

摘要： Technologies for adaptive real-time media streaming include a computing device to determine, by a trusted execution environment of the computing device, a current workload of the computing device based on at least one activity counter. The at least one activity counter is to record counter data associated with performance of the computing device. Further, the computing device determines a residual workload capable of being supported by the computing device based on the determined current workload and a new content playback characteristics for streaming media content based on the determined residual workload. The computing device streams media content received from a trusted server based on the determined new content playback characteristics.

摘要翻译： 用于自适应实时媒体流的技术包括计算设备，用于基于至少一个活动计数器确定所述计算设备的可信执行环境中所述计算设备的当前工作负载。 至少一个活动计数器是记录与计算设备的性能相关联的计数器数据。 此外，计算设备基于所确定的当前工作负载来确定能够被计算设备支持的剩余工作负载，以及基于所确定的剩余工作量的流媒体内容的新内容回放特性。 计算设备基于所确定的新内容播放特性来流式传输从可信服务器接收的媒体内容。

公开(公告)号：US09858412B2

公开(公告)日：2018-01-02

申请号：US14749856

申请日：2015-06-25

申请人： Karunakara Kotary ,  Rajesh Poornachandran ,  Scott D. Brenden ,  Vincent J. Zimmer

发明人： Karunakara Kotary ,  Rajesh Poornachandran ,  Scott D. Brenden ,  Vincent J. Zimmer

IPC分类号： G06F21/53 ,  G06F21/57 ,  G06F12/14 ,  G06F3/06

CPC分类号： G06F21/53 ,  G06F3/0623 ,  G06F3/0655 ,  G06F3/0679 ,  G06F12/1408 ,  G06F21/572 ,  G06F2212/1052 ,  G06F2221/2111

摘要： Systems, apparatuses and methods may provide for receiving, from a host driver, factory data including one or more of calibration data, platform identifier data, manufacturer data or wireless carrier data, and verifying integrity of the factory data. Additionally, the factory data may be provisioned into non-volatile memory (NVM) in accordance with an operating system independent format managed by a platform root-of-trust such as a Trusted Execution Environment (TEE). In one example, provisioning the factory data includes defining one or more partitions in the NVM, initiating storage of the factory data to the NVM along the one or more partitions, and specifying a restriction profile for the one or more partitions, wherein the restriction profile includes one or more of read restrictions, write restrictions, time bound restrictions or location bound restrictions.

公开(公告)号：US20160275290A1

公开(公告)日：2016-09-22

申请号：US14662415

申请日：2015-03-19

申请人： Karunakara Kotary ,  Vincent J. Zimmer ,  Scott D. Brenden ,  Jose Benchimol ,  Panner Kumar ,  Rajesh Poornachandran

发明人： Karunakara Kotary ,  Vincent J. Zimmer ,  Scott D. Brenden ,  Jose Benchimol ,  Panner Kumar ,  Rajesh Poornachandran

IPC分类号： G06F21/57

摘要： A dynamic firmware module loader loads one of a plurality of a firmware contexts or modules as needed in a containerized environment for secure isolated execution. The modules, called applets, may be loaded and unloaded in a firmware context. The loader may use a hardware inter process communication channel (IPC) to communicate with the secure engine. The modules may be designed to implement specific features desired by basic input/output system vendors, without the use of a system management mode. Designed modules may provide necessary storage and I/O access driver capabilities to be run in trusted execution environment containers.

摘要翻译： 动态固件模块加载器根据需要在容器化环境中加载多个固件上下文中的一个，以进行安全的隔离执行。 称为小程序的模块可以在固件上下文中加载和卸载。 加载器可以使用硬件进程间通信信道（IPC）来与安全引擎进行通信。 模块可以被设计为实现基本输入/输出系统供应商所需的特定特征，而不使用系统管理模式。 设计的模块可以提供必要的存储和I / O访问驱动程序功能，以在受信任的执行环境容器中运行。