公开(公告)号：WO2015099698A1

公开(公告)日：2015-07-02

申请号：PCT/US2013/077656

申请日：2013-12-24

Applicant: INTEL CORPORATION ,  SMITH, Ned M. ,  HELDT-SHELLER, Nathan ,  MICHELIS, Pablo A. ,  ZIMMER, Vincent J. ,  WOOD, Matthew D. ,  BECKWITH, Richard T. ,  ROTHMAN, Michael A.

Inventor： SMITH, Ned M. ,  HELDT-SHELLER, Nathan ,  MICHELIS, Pablo A. ,  ZIMMER, Vincent J. ,  WOOD, Matthew D. ,  BECKWITH, Richard T. ,  ROTHMAN, Michael A.

IPC: G06F21/10

CPC classification number: H04L63/0428 ,  G06F21/10 ,  G06F21/60 ,  H04L63/0485 ,  H04L2463/101 ,  H04N21/4405 ,  H04N21/4627

Abstract: The present disclosure is directed to content protection for Data as a Service (DaaS). A device may receive encrypted data from a content provider via DaaS, the encrypted data comprising at least content for presentation on the device. For example, the content provider may utilize a secure multiplex transform (SMT) module in a trusted execution environment (TEE) module to generate encoded data from the content and digital rights management (DRM) data and to generate the encrypted data from the encoded data. The device may also comprise a TEE module including a secure demultiplex transform (SDT) module to decrypt the encoded data from the encrypted data and to decode the content and DRM data from the encoded data. The SMT and SDT modules may interact via a secure communication session to validate security, distribute decryption key(s), etc. In one embodiment, a trust broker may perform TEE module validation and key distribution.

Abstract translation: 本公开涉及数据即服务（DaaS）的内容保护。 设备可以经由DaaS从内容提供商接收加密数据，所述加密数据至少包括用于在设备上呈现的内容。 例如，内容提供商可以利用可信执行环境（TEE）模块中的安全多路转换（SMT）模块来从内容和数字版权管理（DRM）数据生成编码数据，并从编码数据生成加密数据 。 该设备还可以包括TEE模块，该TEE模块包括安全解复用变换（SDT）模块，用于从加密数据解密编码数据，并从编码数据解码内容和DRM数据。 SMT和SDT模块可以通过安全通信会话交互以验证安全性，分发解密密钥等。在一个实施例中，信任代理可以执行TEE模块验证和密钥分发。

公开(公告)号：WO2014063330A1

公开(公告)日：2014-05-01

申请号：PCT/CN2012/083498

申请日：2012-10-25

Applicant: INTEL CORPORATION ,  QIAN, Ouyang ,  WANG, Jian J. ,  ZIMMER, Vincent J. ,  ROTHMAN, Michael A. ,  ZHANG, Chao B.

Inventor： QIAN, Ouyang ,  WANG, Jian J. ,  ZIMMER, Vincent J. ,  ROTHMAN, Michael A. ,  ZHANG, Chao B.

IPC: G06F21/00

CPC classification number: G06F21/602 ,  G06F9/4406 ,  G06F21/32 ,  G06F21/575

Abstract: Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the biometric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.

Abstract translation: 公开了用于增强的系统引导处理的方法，系统和存储介质，其在将引导代码加载到系统存储器之前，基于用户的生物特征信息认证引导代码。 对于至少一些实施例，生物认证认证增强了基于唯一平台标识符的引导代码的认证。 增强的引导代码认证在加载操作系统之前发生，并且可以在统一的可扩展固件接口（UEFI）引导序列期间执行。 描述和要求保护其他实施例。

公开(公告)号：WO2013082752A1

公开(公告)日：2013-06-13

申请号：PCT/CN2011/083522

申请日：2011-12-06

Applicant: INTEL CORPORATION ,  WANG, Qi ,  WANG, Jian ,  SHANG, Yaohui ,  ROTHMAN, Michael, A. ,  ZIMMER, Vincent, J.

Inventor： WANG, Qi ,  WANG, Jian ,  SHANG, Yaohui ,  ROTHMAN, Michael, A. ,  ZIMMER, Vincent, J.

IPC: G06F13/24

CPC classification number: H04N1/00209 ,  B60R1/002 ,  B60R11/04 ,  B60R2300/802 ,  B60W30/18036 ,  B60W50/06 ,  B60W2420/42 ,  G06F13/24 ,  H04N1/00095 ,  H04N2101/00

Abstract: A method and system for improving responsiveness of a vehicle computing platform includes enabling a camera feature during the pre-boot phase of a computing device and using a special-purpose operating mode of the computing device to initiate the streaming of camera image data to a display.

Abstract translation: 一种用于改善车辆计算平台的响应性的方法和系统包括在计算设备的预引导阶段启用相机特征，并且使用计算设备的专用操作模式来启动将相机图像数据流传输到显示器 。

公开(公告)号：WO2012040606A2

公开(公告)日：2012-03-29

申请号：PCT/US2011/053045

申请日：2011-09-23

Applicant: INTEL CORPORATION ,  SWANSON, Robert ,  ROTHMAN, Michael A. ,  BULUSU, Mallik ,  ZIMMER, Vincent J. ,  SAKTHIKUMAR, Palsamy

Inventor： SWANSON, Robert ,  ROTHMAN, Michael A. ,  BULUSU, Mallik ,  ZIMMER, Vincent J. ,  SAKTHIKUMAR, Palsamy

IPC: G06F9/22 ,  G06F9/06 ,  G06F13/14

CPC classification number: G06F9/4416

Abstract: A network interface card with read-only memory having at least a micro-kernel of a cluster computing operation system, a server formed with such network interface card, and a computing cluster formed with such servers are disclosed herein. In various embodiments, on transfer, after an initial initialization phase during an initialization of a server, the network interface card loads the cluster computing operation system into system memory of the server, to enable the server, in conjunction with other similarly provisioned servers to form a computing cluster. Other embodiments are also disclosed and claimed.

Abstract translation: 本文公开了一种具有只读存储器的网络接口卡，其具有至少集群计算操作系统的微内核，形成有这种网络接口卡的服务器以及与这种服务器形成的计算集群。 在各种实施例中，在传输时，在服务器的初始化期间的初始初始化阶段之后，网络接口卡将集群计算操作系统加载到服务器的系统存储器中，以使服务器与其他类似的供应服务器一起形成 一个计算集群。 还公开并要求保护其他实施例。

公开(公告)号：WO2011163263A3

公开(公告)日：2012-02-23

申请号：PCT/US2011041294

申请日：2011-06-21

Applicant: INTEL CORP ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SWANSON ROBERT C ,  SAKTHIKUMAR PALSAMY

Inventor： ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SWANSON ROBERT C ,  SAKTHIKUMAR PALSAMY

IPC: G06F21/22

CPC classification number: G06F21/57 ,  G06F2221/2111 ,  G06F2221/2151

Abstract: Enhancing locality in a security co-processor module of a computing system may be achieved by including one or more additional attributes such as geographic location, trusted time, a hardware vendor string, and one or more environmental factors into an access control space for machine mode measurement of a computing system.

Abstract translation: 可以通过将一个或多个附加属性（诸如地理位置，可信时间，硬件供应商串和一个或多个环境因素）包括在用于机器模式的访问控制空间中来实现计算系统的安全协处理器模块中的局部性 计算系统的测量。

公开(公告)号：WO2007061681A2

公开(公告)日：2007-05-31

申请号：PCT/US2006/044125

申请日：2006-11-13

Applicant: INTEL CORPORATION ,  ROTHMAN, Michael, A. ,  ZHAO, Jerry ,  CHEN, Changpeng ,  LI, Ruth ,  WU, Xiaojian

Inventor： ROTHMAN, Michael, A. ,  ZHAO, Jerry ,  CHEN, Changpeng ,  LI, Ruth ,  WU, Xiaojian

IPC: G06F15/177

CPC classification number: G06Q30/02 ,  G06F9/4401 ,  H04L67/20 ,  H04L67/34

Abstract: A method and apparatus for retrieving dynamic content over a communications network prior to booting an operating system is presented. The content may include a screen image for display on a console. The time period for displaying the content may be controlled by another computer coupled to the communications network. The content may be an advertisement that is displayed on a computer system in an Internet cafe for a controllable period of time prior to booting an operating system.

Abstract translation: 提出了一种在引导操作系统之前通过通信网络检索动态内容的方法和装置。 内容可以包括用于在控制台上显示的屏幕图像。 用于显示内容的时间段可以由耦合到通信网络的另一个计算机控制。 内容可以是在引导操作系统之前在可控制的时间段内在网吧的计算机系统上显示的广告。

公开(公告)号：WO2018176339A1

公开(公告)日：2018-10-04

申请号：PCT/CN2017/078865

申请日：2017-03-30

Applicant: INTEL CORPORATION ,  SHI, Junjing ,  LONG, Qin ,  GAO, Liming ,  ROTHMAN, Michael A. ,  ZIMMER, Vincent J.

Inventor： SHI, Junjing ,  LONG, Qin ,  GAO, Liming ,  ROTHMAN, Michael A. ,  ZIMMER, Vincent J.

IPC: G06F21/52

Abstract: A disclosed example to protect memory from buffer overflow or underflow includes defining an implicit bound pointer based on an implicit bound pointer definition in a configuration file for a memory region; instrumenting object code with an implicit buffer bound check based on the implicit bound pointer; and generating hardened executable object code based on the object code, the implicit buffer bound check, and the implicit bound pointer, the implicit bound pointer located in the hardened executable object code during a compilation phase to facilitate loading the implicit bound pointer in a global bounds table during runtime for access by the implicit buffer bound check.

公开(公告)号：WO2012018508A3

公开(公告)日：2012-05-03

申请号：PCT/US2011044334

申请日：2011-07-18

Applicant: INTEL CORP ,  SWANSON ROBERT C ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SAKTHIKUMAR PALSAMY

Inventor： SWANSON ROBERT C ,  ZIMMER VINCENT J ,  BULUSU MALLIK ,  ROTHMAN MICHAEL A ,  SAKTHIKUMAR PALSAMY

IPC: G06F13/14 ,  G06F9/22 ,  G06F11/27 ,  G06K17/00

CPC classification number: H04L45/02 ,  H04W4/008 ,  H04W84/18

Abstract: Using radio frequency identification (RFID) tags embedded in processors within a computing system to assist in system initialization processing. The RFID tags provide a separate communication path to other components of the computing system during initialization processing, apart from the system interconnect. When the computing system is powered up, each processor in the system may cause its RFID tag to broadcast data regarding the processor's interconnect location and initialization status. The RFID tags may be sensed by a RFID receiver in the Platform Control Hub (PCH) of the computing system, and each processor's interconnect location and initialization status data may be stored in selected registers within the PCH. When the BIOS executes during system initialization processing, the BIOS may access these PCH registers to obtain the processor's data. The interconnect location and initialization status data may be used by the BIOS to select the optimal routing table and to configure the virtual network within the computing system based at least in part on the optimal routing table and the RFID tag data and without the need for interrogating each processor individually over the system interconnect.

Abstract translation: 使用嵌入在计算系统内的处理器中的射频识别（RFID）标签来协助系统初始化处理。 除了系统互连，RFID标签在初始化处理期间提供到计算系统的其他组件的单独的通信路径。 当计算系统通电时，系统中的每个处理器可能使其RFID标签广播关于处理器的互连位置和初始化状态的数据。 RFID标签可以由计算系统的平台控制中心（PCH）中的RFID接收器感测，并且每个处理器的互连位置和初始化状态数据可以存储在PCH内的选定的寄存器中。 当BIOS在系统初始化处理期间执行时，BIOS可以访问这些PCH寄存器以获得处理器的数据。 BIOS可以使用互连位置和初始化状态数据来选择最佳路由表并且至少部分地基于最佳路由表和RFID标签数据来配置计算系统内的虚拟网络，并且不需要询问 每个处理器分别通过系统互连。

公开(公告)号：WO2006073864A1

公开(公告)日：2006-07-13

申请号：PCT/US2005/046576

申请日：2005-12-21

Applicant: INTEL CORPORATION ,  ROTHMAN, Michael, A. ,  ZIMMER, Vincent, J. ,  BULUSU, Mallik

Inventor： ROTHMAN, Michael, A. ,  ZIMMER, Vincent, J. ,  BULUSU, Mallik

IPC: G06F9/445

CPC classification number: G06F12/023 ,  G06F2212/1044

Abstract: Reducing memory fragmentation. Memory is allocated during a preboot phase of a computer system, wherein the memory is allocated based on a plurality of memory types. Fragmentation of memory is determined, wherein a fragment includes a contiguous block of memory of the same type. At least a portion of memory allocated to a firmware module is coalesced based on the plurality of memory types if the fragmentation is greater than a threshold. An operating system is booted by the computer system.

Abstract translation: 减少内存碎片。 在计算机系统的预引导阶段期间分配存储器，其中基于多个存储器类型来分配存储器。 确定存储器的碎片，其中片段包括相同类型的连续的存储块。 如果碎片大于阈值，则分配给固件模块的至少一部分存储器基于多个存储器类型进行合并。 操作系统由计算机系统启动。

公开(公告)号：WO2015065360A1

公开(公告)日：2015-05-07

申请号：PCT/US2013/067451

申请日：2013-10-30

Applicant: INTEL CORPORATION ,  ROTHMAN, Michael A. ,  ZIMMER, Vincent J. ,  KROGH, Daniel M.

Inventor： ROTHMAN, Michael A. ,  ZIMMER, Vincent J. ,  KROGH, Daniel M.

IPC: G06F9/24 ,  G06F9/44

CPC classification number: G06F3/0607 ,  G06F3/0655 ,  G06F3/0688 ,  G06F9/44505 ,  G06F12/0246 ,  G06F21/575 ,  G06F21/79 ,  G06F2212/7202

Abstract: Technologies for providing services to a non-volatile store include a computing device having a non-volatile store policy that defines a minimum amount of reserved space in the non-volatile store. The mobile computing device receives a call for services to the non-volatile store, determines useable free space in the non-volatile store based on the non-volatile store policy, and responds to the call for services based on the useable free space. Technologies for platform configuration include a computing device having a firmware environment and an operating system. The firmware environment determines information on configuration settings inaccessible to the operating system and exports the information to the operating system. The operating system determines a new configuration setting based on the exported information, and may configure the computing device at runtime. The operating system may securely pass a configuration directive to the firmware environment for configuration during boot. Other embodiments are described and claimed.

Abstract translation: 向非易失性存储器提供服务的技术包括具有非易失性存储策略的计算设备，该非易失性存储策略定义非易失性存储器中的最小保留空间量。 移动计算设备接收对非易失性存储的服务的呼叫，基于非易失性存储策略确定非易失性存储器中的可用空闲空间，并且基于可用的可用空间来响应对服务的呼叫。 用于平台配置的技术包括具有固件环境和操作系统的计算设备。 固件环境确定关于操作系统无法访问的配置设置的信息，并将信息导出到操作系统。 操作系统基于导出的信息确定新的配置设置，并且可以在运行时配置计算设备。 操作系统可以安全地将配置指令传递给固件环境，以便在引导期间进行配置。 描述和要求保护其他实施例。