Patents by Inventor David W. Grawrock

David W. Grawrock has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20160191248
    Abstract: Technologies for secure presence assurance include a computing device having a presence assertion circuitry that receives an input seed value and generates a cryptographic hash based on the received input seed value. The computing device further verifies the integrity of the presence assertion circuitry based on the generated cryptographic hash.
    Type: Application
    Filed: December 27, 2014
    Publication date: June 30, 2016
    Inventors: David Johnston, David W. Grawrock
  • Patent number: 9361121
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Grant
    Filed: March 24, 2014
    Date of Patent: June 7, 2016
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, David W. Grawrock
  • Publication number: 20160063261
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Application
    Filed: November 11, 2015
    Publication date: March 3, 2016
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Publication number: 20160056960
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Application
    Filed: September 24, 2015
    Publication date: February 25, 2016
    Applicant: Intel Corporation
    Inventors: James A. Sutton, David W. Grawrock
  • Patent number: 9245106
    Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 21, 2014
    Date of Patent: January 26, 2016
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Vedvyas Shanbhogue, Geoffrey S. Strongin, Willard M. Wiseman, David W. Grawrock
  • Publication number: 20150379269
    Abstract: Technologies for monitoring protected functionality of an integrated circuit device include an integrated circuit device having a protected function module. The protected function module includes a modifiable security device. When the protected function module is activated or powered up, an attribute of the modifiable security device is irreversibly modified. The integrated circuit device may be a processor, and the protected function module may be a debug module of the processor. The modifiable circuit device may be an oscillator. The frequency of the oscillator may change when the oscillator is powered due to oscillator aging. The integrated circuit device may be included in a computing device. The integrated circuit device may expose data indicative of the attribute of the modifiable security device to firmware or software of the computing device. The data may be exposed through a cryptographically signed, firmware-readable memory space. Other embodiments are described and claimed.
    Type: Application
    Filed: June 27, 2014
    Publication date: December 31, 2015
    Inventors: David W. Grawrock, Sarat Kompalli
  • Patent number: 9213865
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Grant
    Filed: October 3, 2014
    Date of Patent: December 15, 2015
    Assignee: Intel Corporation
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Patent number: 9146833
    Abstract: In an embodiment a software application may include a “baseline trace” indicating proper application execution. The baseline trace may include counts for various types of instructions (e.g., how many times each of a LR instruction and a MV instruction occurs during an execution of code). The finished application includes the baseline trace. Upon execution the application randomly selects which of the various types of instructions to count during execution (e.g., LR or MV instruction) to produce a “real time trace”. The application executes and produces the real-time trace. The baseline trace is then compared to the real-time trace, which is specific to the randomly chosen type of instruction. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. Other embodiments are described herein.
    Type: Grant
    Filed: December 20, 2012
    Date of Patent: September 29, 2015
    Assignee: Intel Corporation
    Inventors: David W. Grawrock, David Ott, Corey Malone, Jesse Walker
  • Patent number: 9043594
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: May 26, 2015
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, David W. Grawrock
  • Publication number: 20150127983
    Abstract: An apparatus and method is described herein for providing a test, validation, and debug architecture. At a target or base level, hardware (Design for Test or DFx) are designed into and integrated with silicon parts. A controller may provide abstracted access to such hooks, such as through an abstraction layer that abstracts low level details of the hardware DFx. In addition, the abstraction layer through an interface, such as APIs, provides services, routines, and data structures to higher-level software/presentation layers, which are able to collect test data for validation and debug of a unit/platform under test. Moreover, the architecture potentially provides tiered (multiple levels of) secure access to the test architecture. Additionally, physical access to the test architecture for a platform may be simplified through use of a unified, bi-directional test access port, while also potentially allowing remote access to perform remote test and de-bug of a part/platform under test.
    Type: Application
    Filed: December 23, 2010
    Publication date: May 7, 2015
    Applicant: INTEL CORPORATION
    Inventors: Mark B. Trobough, Keshavan K. Tiruvallur, Chinna B. Prudvi, Christian E. Iovin, David W. Grawrock, Jay J. Nejedlo, Ashok N. Kabadi, Travis K. Goff, Evan J. Halprin, Kapila B. Udawatta, Jiun Long Foo, Wee Hoo Cheah, Vui Yong Liew, Selvakumar Raja Gopal, Yuen Tat Lee, Samie B. Samaan, Kip C. Killpack, Neil Dobler, Nagib Z. Hakim, Briar Meyer, William H. Penner, John L. Baudrexl, Russell J. Wunderlich, James J. Grealish, Kyle Markley, Timothy S. Storey, Loren J. McConnell, Lyle E. Cool, Mukesh Kataria, Rahima K. Mohammed, Tieyu Zheng, Yi Amy Xia, Ridvan A. Sahan, Arun R. Ramadorai, Priyadarsan Patra, Edwin E. Parks, Abhijit Davare, Padmakumar Gopal, Bruce Querbach, Hermann W. Gartler, Keith Drescher, Sanjay S. Salem, David C. Florey
  • Patent number: 9003236
    Abstract: In an embodiment of the invention an application provider may include “tracing elements” in a target software application. While working with the application the trace elements are detected and provide a “baseline trace” indicating proper application execution. The provider then supplies the application, which still includes the trace elements, and the baseline trace to a user. The user operates the application to produce a “real-time trace” based on the application still having trace elements that produce trace events. A comparator then compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. If the level of assurance is low, an embodiment may trigger a hardware interrupt or similar event to prevent further execution of software. Other embodiments are described herein.
    Type: Grant
    Filed: September 28, 2012
    Date of Patent: April 7, 2015
    Assignee: Intel Corporation
    Inventors: David W. Grawrock, Jesse Walker, Yuriy Bulygin, Kirk D. Brannock, Matthew L. King
  • Publication number: 20150059007
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Application
    Filed: October 3, 2014
    Publication date: February 26, 2015
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Publication number: 20140359754
    Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.
    Type: Application
    Filed: August 21, 2014
    Publication date: December 4, 2014
    Inventors: Ned M. Smith, Vedvyas Shanbhogue, Geoffrey S. Strongin, Willard M. Wiseman, David W. Grawrock
  • Patent number: 8874906
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Grant
    Filed: May 20, 2013
    Date of Patent: October 28, 2014
    Assignee: Intel Corporation
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Williard M. Wiseman
  • Patent number: 8844021
    Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 25, 2013
    Date of Patent: September 23, 2014
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Vedvyas Shanbhogue, Geoffrey S. Strongin, Willard M. Wiseman, David W. Grawrock
  • Publication number: 20140281467
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Application
    Filed: March 24, 2014
    Publication date: September 18, 2014
    Inventors: James A. Sutton, II, David W. Grawrock
  • Publication number: 20140143608
    Abstract: An embodiment provides a level of assurance regarding correct operation of software. An embodiment creates baseline and real-time measurements of software and compares the measurements to determine whether the software is operating correctly. An application provider may include “tracing elements” in target software application. While producing the application the trace elements are detected and provide trace events, which collectively provide a “baseline trace” indicating proper application execution. The provider supplies the application and the baseline trace to a user. The user operates the application in real-time to produce a “real-time trace” based on the application still having trace elements that produce trace events (which collectively form the “real-time” trace). A comparator compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. Other embodiments are included herein.
    Type: Application
    Filed: March 29, 2012
    Publication date: May 22, 2014
    Inventors: David W. Grawrock, Jesse Walker
  • Publication number: 20140095936
    Abstract: In an embodiment of the invention an application provider may include “tracing elements” in a target software application. While working with the application the trace elements are detected and provide a “baseline trace” indicating proper application execution. The provider then supplies the application, which still includes the trace elements, and the baseline trace to a user. The user operates the application to produce a “real-time trace” based on the application still having trace elements that produce trace events. A comparator then compares the baseline and real-time traces. If the traces are within a pre-determined range of each other the user has a level of assurance the software is operating correctly. If the level of assurance is low, an embodiment may trigger a hardware interrupt or similar event to prevent further execution of software. Other embodiments are described herein.
    Type: Application
    Filed: September 28, 2012
    Publication date: April 3, 2014
    Inventors: David W. Grawrock, Jesse Walker, Yuriy Bulygin, Kirk D. Brannock, Matthew L. King
  • Patent number: 8660266
    Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.
    Type: Grant
    Filed: February 23, 2010
    Date of Patent: February 25, 2014
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, Ernie F. Brickell, Clifford D. Hall, David W. Grawrock
  • Patent number: 8645688
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Grant
    Filed: April 11, 2012
    Date of Patent: February 4, 2014
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, David W. Grawrock