Patents by Inventor David Grawrock
David Grawrock has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20140181794Abstract: In an embodiment a software application may include a “baseline trace” indicating proper application execution. The baseline trace may include counts for various types of instructions (e.g., how many times each of a LR instruction and a MV instruction occurs during an execution of code). The finished application includes the baseline trace. Upon execution the application randomly selects which of the various types of instructions to count during execution (e.g., LR or MV instruction) to produce a “real time trace”. The application executes and produces the real-time trace. The baseline trace is then compared to the real-time trace, which is specific to the randomly chosen type of instruction. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. Other embodiments are described herein.Type: ApplicationFiled: December 20, 2012Publication date: June 26, 2014Inventors: David GRAWROCK, David OTT, Corey MALONE, Jesse WALKER
-
Patent number: 8407476Abstract: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.Type: GrantFiled: November 10, 2009Date of Patent: March 26, 2013Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
-
Patent number: 8386788Abstract: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.Type: GrantFiled: November 10, 2009Date of Patent: February 26, 2013Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
-
Patent number: 7971057Abstract: Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition.Type: GrantFiled: April 2, 2010Date of Patent: June 28, 2011Assignee: Intel CorporationInventors: Steven Grobman, David Grawrock, Narendar B. Sahgal, Joe Gruber
-
Patent number: 7921293Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.Type: GrantFiled: January 24, 2006Date of Patent: April 5, 2011Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock, Gilbert Neiger, Richard A. Uhlig, Bradley G. Burgess, David I. Poisner, Clifford D. Hall, Andy Glew, Lawrence O. Smith, III, Robert George
-
Patent number: 7844809Abstract: A trusted system management interrupt handler may be verified by first locating a signed system management interrupt handler image in system memory. The digital signature of the signed system management interrupt handler image is verified. An existing basic input/output system management interrupt handler is erased and replaced with a new system management interrupt handler image. Then an analysis is done of the system management interrupt handler message is to determine whether to continue to launch.Type: GrantFiled: September 26, 2007Date of Patent: November 30, 2010Assignee: Intel CorporationInventors: Kirk Brannock, David Grawrock
-
Patent number: 7809957Abstract: Embodiments of a method and system for creating sealed data are disclosed herein. A trusted platform module (TPM) is used to seal data and other information in a sealed blob. In one embodiment, a monotonic counter parameter is included in the sealed blob. In another embodiment, a tick counter parameter is included in the sealed blob. In yet another embodiment, a session parameter is included in the sealed blob. In each instance, the data is only released if the associated parameter included in the blob corresponds to a current parameter. Other embodiments are described and claimed.Type: GrantFiled: September 29, 2005Date of Patent: October 5, 2010Assignee: Intel CorporationInventor: David Grawrock
-
Publication number: 20100192150Abstract: Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition.Type: ApplicationFiled: April 2, 2010Publication date: July 29, 2010Inventors: Steven Grobman, David Grawrock, Narendar B. Sahgal, Joe Gruber
-
Patent number: 7752436Abstract: Executing a monitor on a platform, the monitor capable of providing exclusive, secure access to an audio I/O device of the platform, executing a first partition on the platform, providing an audio device model in the first partition by directly mapping the audio I/O device from the monitor to the first partition for applications executing in the first partition, and providing exclusive, secure access to the audio I/O device to a program performing an audio function in a secure mode in the first partition.Type: GrantFiled: August 9, 2005Date of Patent: July 6, 2010Assignee: Intel CorporationInventors: Steven Grobman, David Grawrock, Narendar B. Sahgal, Joe Gruber
-
Publication number: 20100058075Abstract: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.Type: ApplicationFiled: November 10, 2009Publication date: March 4, 2010Inventors: Michael A. Kozuch, James A. Sutton, David Grawrock
-
Publication number: 20100058076Abstract: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.Type: ApplicationFiled: November 10, 2009Publication date: March 4, 2010Inventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
-
Patent number: 7631196Abstract: A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.Type: GrantFiled: February 25, 2002Date of Patent: December 8, 2009Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, David Grawrock
-
Patent number: 7594276Abstract: A machine system includes bubble protection for protecting the information of certain classes of files from unauthorized access by way of unauthorized classes of programs at unauthorized periods of time. The machine system additionally may have On-The-Fly (OTF) mechanisms for automatic decryption of confidential file data on a per-use basis and automatic later elimination of the decrypted data by scorching and/or re-encrypting is disclosed. The system can operate within a multi-threaded environment. The machine system additionally may have a digital signature mechanism for protecting file data from unauthorized tampering. The machine system additionally may have a volume-encryption mechanism for protecting plaintext versions of file data from exposure in events of power outages.Type: GrantFiled: August 11, 2003Date of Patent: September 22, 2009Assignee: Symantec CorporationInventors: David Grawrock, Kevin Jones
-
Publication number: 20090083532Abstract: A trusted system management interrupt handler may be verified by first locating a signed system management interrupt handler image in system memory. The digital signature of the signed system management interrupt handler image is verified. An existing basic input/output system management interrupt handler is erased and replaced with a new system management interrupt handler image. Then an analysis is done of the system management interrupt handler message is to determine whether to continue to launch.Type: ApplicationFiled: September 26, 2007Publication date: March 26, 2009Inventors: Kirk Brannock, David Grawrock
-
Publication number: 20080109655Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.Type: ApplicationFiled: December 27, 2007Publication date: May 8, 2008Inventors: John Wilson, Ioannis Schoinas, Mazin Yousif, Linda Rankin, David Grawrock, Robert Greiner, James Sutton, Kushagra Vaid, Willard Wiseman
-
Publication number: 20080109636Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.Type: ApplicationFiled: December 27, 2007Publication date: May 8, 2008Inventors: John Wilson, Ioannis Schoinas, Mazin Yousif, Linda Rankin, David Grawrock, Robert Greiner, James Sutton, Kushagra Vaid, Willard Wiseman
-
Publication number: 20080109638Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.Type: ApplicationFiled: December 27, 2007Publication date: May 8, 2008Inventors: John Wilson, Ioannis Schoinas, Mazin Yousif, Linda Rankin, David Grawrock, Robert Greiner, James Sutton, Kushagra Vaid, Willard Wiseman
-
Publication number: 20070192577Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.Type: ApplicationFiled: January 24, 2006Publication date: August 16, 2007Inventors: Michael Kozuch, James Sutton, David Grawrock, Gilbert Neiger, Richard Uhlig, Bradley Burgess, David Poisner, Clifford Hall, Andy Glew, Lawrence Smith, Robert George
-
Publication number: 20070073416Abstract: Embodiments of a method and system for creating sealed data are disclosed herein. A trusted platform module (TPM) is used to seal data and other information in a sealed blob. In one embodiment, a monotonic counter parameter is included in the sealed blob. In another embodiment, a tick counter parameter is included in the sealed blob. In yet another embodiment, a session parameter is included in the sealed blob. In each instance, the data is only released if the associated parameter included in the blob corresponds to a current parameter. Other embodiments are described and claimed.Type: ApplicationFiled: September 29, 2005Publication date: March 29, 2007Inventor: David Grawrock
-
Patent number: 7197638Abstract: A machine system includes access-constraining mechanisms for protecting the information of certain classes of files from unauthorized intelligible access or from other kinds of access by way of requests supplied from unauthorized classes of programs which may be made at unauthorized periods of time and/or from unauthorized locations and/or under association with unauthorized users. Permission rules are provided for what constitutes an unauthorized access attempt for intelligible or another kind of access to the data of a given file. The given file may be a native one stored in a local machine or an external file stored in a remote server and/or on easily removable media. The machine system includes localizing means for Transparently and Temporarily Localizing (TTL'ing) external files and their respective access permission rules so that such may be processed within relatively physically-secure confines of the local machine.Type: GrantFiled: August 21, 2001Date of Patent: March 27, 2007Assignee: Symantec CorporationInventors: David Grawrock, Cameron W. Cotrill, Paul R. Spear, Paul Puttonen