Patents by Inventor David W. Grawrock

David W. Grawrock has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7707629
    Abstract: Apparatus and systems, as well as methods and articles, may operate to intercept a first request to use a platform configuration register (PCR) directed to a first trusted platform module (TPM) port, a second request to use the PCR directed to the first TPM port, or both, and to re-direct the first and second requests to use the PCR to a second TPM port capable of accessing a first virtual static platform configuration register (VS-PCR) set and a second VS-PCR set.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: April 27, 2010
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Patent number: 7698552
    Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Grant
    Filed: June 3, 2004
    Date of Patent: April 13, 2010
    Assignee: Intel Corporation
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Patent number: 7697691
    Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol.
    Type: Grant
    Filed: July 14, 2004
    Date of Patent: April 13, 2010
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, Ernie F. Brickell, Clifford D. Hall, David W. Grawrock
  • Patent number: 7693286
    Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system.
    Type: Grant
    Filed: July 14, 2004
    Date of Patent: April 6, 2010
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, Clifford D. Hall, Ernie F. Brickell, David W. Grawrock
  • Patent number: 7624272
    Abstract: An integrity signature may provide information about a platform used to create a digital signature. The value of a digital signature may be related to the integrity and trustworthiness of the platform on which it is created. Signed platform integrity information provides a measure of trust regarding the platform used to create the digital signature. The integrity signature may be created separately from a document signature, or a combined integrity and document signature may be provided.
    Type: Grant
    Filed: March 31, 2003
    Date of Patent: November 24, 2009
    Assignee: Intel Corporation
    Inventors: Willard M. Wiseman, David W. Grawrock
  • Publication number: 20090259845
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Application
    Filed: June 8, 2009
    Publication date: October 15, 2009
    Inventors: James A. Sutton, II, David W. Grawrock
  • Patent number: 7571329
    Abstract: Secure storage and retrieval of a unique value associated with a device to/from a memory of a processing system. In at least one embodiment, the device needs to be able to access the unique value across processing system resets, and the device does not have sufficient non-volatile storage to store the unique value itself. Instead, the unique value is stored in the processing system memory in such a way that the stored unique value does not create a unique identifier for the processing system or the device. A pseudo-randomly or randomly generated initialization vector may be used to vary an encrypted data structure used to store the unique value in the memory.
    Type: Grant
    Filed: July 14, 2004
    Date of Patent: August 4, 2009
    Assignee: Intel Corporation
    Inventors: Ernie F. Brickell, Alberto J. Martinez, David W. Grawrock, James A. Sutton, II, Clifford D. Hall
  • Patent number: 7546457
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: June 9, 2009
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, David W. Grawrock
  • Patent number: 7526649
    Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.
    Type: Grant
    Filed: December 30, 2003
    Date of Patent: April 28, 2009
    Assignee: Intel Corporation
    Inventors: Willard M. Wiseman, David W. Grawrock, Ernie Brickell, Matthew D. Wood, Joseph F. Cihula
  • Patent number: 7480806
    Abstract: Methods, apparatus and computer readable medium are described for sealing objects to two or more tokens. Further, methods, apparatus and computer readable medium are described for unsealing objects that have been sealed to two or more tokens.
    Type: Grant
    Filed: February 22, 2002
    Date of Patent: January 20, 2009
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Publication number: 20080244261
    Abstract: A device, method, and system are disclosed. In one embodiment, the device includes storage to contain more than one trust root, and logic to associate each command ordinal sent to the device with one of the trust roots.
    Type: Application
    Filed: March 29, 2007
    Publication date: October 2, 2008
    Inventors: Willard M. Wiseman, David W. Grawrock
  • Publication number: 20080244292
    Abstract: A processing system features random access memory (RAM), a processor, and a trusted platform module (TPM). When the processing system enters a sleep mode during which the RAM is to stay powered, the processing system may measuring a VMM and one or more secure VMs in the processing system. However, the processing system may not measure or encrypt all of system memory. Upon resuming from sleep, the processing system may verify the measurements, to ensure that the VMM and secure VMs have not been tampered with. Other steps may include sealing encryption keys to the TPM, while preserving the blobs in memory. Other embodiments are described and claimed.
    Type: Application
    Filed: March 30, 2007
    Publication date: October 2, 2008
    Inventors: Alok Kumar, Minal B. Patel, Kuo-Lang Tseng, Ramesh M. Thomas, Mudhukar Tallam, Aneet Chopra, Ned M. Smith, David W. Grawrock, David Champagne
  • Publication number: 20080155256
    Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Application
    Filed: December 27, 2007
    Publication date: June 26, 2008
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Patent number: 7392415
    Abstract: Methods, apparatus and machine-readable medium are described that attempt to protect secrets from sleep attacks. In some embodiments, the secrets are encrypted and a security enhanced environment dismantled prior to entering a sleep state. Some embodiments further re-establish a security enhanced environment and decrypt the secrets in response to a wake event.
    Type: Grant
    Filed: June 26, 2002
    Date of Patent: June 24, 2008
    Assignee: Intel Corporation
    Inventors: David W. Grawrock, David I. Poisner
  • Patent number: 7389427
    Abstract: A method and platform for maintaining the security of output data in an isolated execution environment. A system memory has an isolated output area readable only by secure output controllers having an isolated execution mode. The output controllers may make a request for access to the isolated output area, upon proper authentication if the request access is granted. The output device may either DMA the content of the isolated output area to an output end point, such as a display, or load it into local storage, the security of which is guaranteed by the controller.
    Type: Grant
    Filed: September 28, 2000
    Date of Patent: June 17, 2008
    Assignee: Intel Corporation
    Inventors: Francis X. McKeen, Ken Reneris, David W. Grawrock
  • Patent number: 7318235
    Abstract: Methods, apparatus and machine readable medium are described for creating and using protected key blobs that require a particular portable token be present before use of the key or keys of the protected key blob is granted. Such protected key blobs may be used to establish a level of trust between a local user and the computing device.
    Type: Grant
    Filed: December 16, 2002
    Date of Patent: January 8, 2008
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Patent number: 7308576
    Abstract: An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.
    Type: Grant
    Filed: December 31, 2001
    Date of Patent: December 11, 2007
    Assignee: Intel Corporation
    Inventors: Andrew F. Glew, James A. Sutton, Lawrence O. Smith, David W. Grawrock, Gilbert Neiger, Michael A. Kozuch
  • Patent number: 7254707
    Abstract: In one embodiment, a method of attestation involves a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing one or more software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving an attestation request. Then, the retrieved audit log is digitally signed to produce a digital signature in response to the attestation request.
    Type: Grant
    Filed: August 12, 2005
    Date of Patent: August 7, 2007
    Assignee: Intel Corporation
    Inventors: Howard C. Herbert, David W. Grawrock, Carl M. Ellison, Roger A. Golliver, Derrick C. Lin, Francis X. McKeen, Gilbert Neiger, Ken Reneris, James A. Sutton, Shreekant S. Thakkar, Millind Mittal
  • Patent number: 7215781
    Abstract: In general, one embodiment of the invention features a method comprising operations performed internally within a device. A first operation involves generating data for permanent storage in a protected area of internal memory of the device. This prevents subsequent modification of the data. A second operation involves producing a secret value being a combination of both the data and a short term value generated in response to a periodic event such as a power-up sequence of a platform employing the device.
    Type: Grant
    Filed: December 22, 2000
    Date of Patent: May 8, 2007
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Patent number: 7216369
    Abstract: An apparatus may include a root of trust for measurement (RTM) module coupled to a verified platform security property policy module and a comparison module. The comparison module may operate to prevent transfer of control to an operating system (and/or halt the boot process) if a policy included in the platform security property policy module is violated. A system may include a memory coupled to a processor, a platform security property policy module, and a comparison module. The memory may include an RTM. A method may include beginning execution at an entry point within an RTM, determining that the RTM is trustworthy, determining that a main initialization code associated with a platform is trustworthy and transferring control to the main initialization code, and otherwise, refraining from transferring control to the main initialization code.
    Type: Grant
    Filed: June 28, 2002
    Date of Patent: May 8, 2007
    Assignee: Intel Corporation
    Inventors: Willard M. Wiseman, David W. Grawrock