Patents by Inventor David W. Grawrock

David W. Grawrock has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7216369
    Abstract: An apparatus may include a root of trust for measurement (RTM) module coupled to a verified platform security property policy module and a comparison module. The comparison module may operate to prevent transfer of control to an operating system (and/or halt the boot process) if a policy included in the platform security property policy module is violated. A system may include a memory coupled to a processor, a platform security property policy module, and a comparison module. The memory may include an RTM. A method may include beginning execution at an entry point within an RTM, determining that the RTM is trustworthy, determining that a main initialization code associated with a platform is trustworthy and transferring control to the main initialization code, and otherwise, refraining from transferring control to the main initialization code.
    Type: Grant
    Filed: June 28, 2002
    Date of Patent: May 8, 2007
    Assignee: Intel Corporation
    Inventors: Willard M. Wiseman, David W. Grawrock
  • Patent number: 7117376
    Abstract: In general, a method of securely transmitting data features an operation of authenticating a user of a platform during a Basic Input/Output System (BIOS) boot process. In response to authenticating the user, a first keying material is released from a token communicatively coupled to the platform. The first keying material is combined with a second keying material internally stored within the platform in order to produce a combination key. This combination key is used to decrypt a second BIOS area to recover a second segment of BIOS code.
    Type: Grant
    Filed: December 27, 2000
    Date of Patent: October 3, 2006
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Patent number: 7103771
    Abstract: Credentials may by issued to virtual tokens of a computing device based upon a credential issued to physical token of the computing device thus tying the virtual token credential to the physical token credential.
    Type: Grant
    Filed: December 17, 2001
    Date of Patent: September 5, 2006
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Patent number: 7089595
    Abstract: One embodiment of present invention is a method for preventing the modification of a primary pass-phrase of an electronic system. Access to stored information such as a primary pass-phrase is disabled despite assertion of an override pin of an integrated circuit device of the electronic device when an override disable pin of the integrated circuit device is asserted prior to assertion of the override pin.
    Type: Grant
    Filed: March 31, 2000
    Date of Patent: August 8, 2006
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Patent number: 7076669
    Abstract: A method and apparatus to communicate with a token using a previously reserved binary number in the start field of a cycle, wherein the cycle is not echoed on any bus other than the bus through which the communication is received.
    Type: Grant
    Filed: April 15, 2002
    Date of Patent: July 11, 2006
    Assignee: Intel Corporation
    Inventors: David I. Poisner, David W. Grawrock, James A. Sutton
  • Patent number: 7069442
    Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.
    Type: Grant
    Filed: March 29, 2002
    Date of Patent: June 27, 2006
    Assignee: Intel Corporation
    Inventors: James A. Sutton, II, David W. Grawrock
  • Patent number: 7058807
    Abstract: In one embodiment, a method comprises generating a cryptographic key pair associated with a data center. The method also includes storing a private key of the cryptographic key pair within a platform. The private key is used to sign a value stored in the platform for validation of inclusion of the platform into the data center. In an embodiment, the private key is revoked upon determining that the platform has been compromised. In one embodiment, the private key may be revoked in each of the platforms of the data center.
    Type: Grant
    Filed: April 15, 2002
    Date of Patent: June 6, 2006
    Assignee: Intel Corporation
    Inventors: David W. Grawrock, James A. Sutton, II
  • Patent number: 7028149
    Abstract: A method and apparatus for resetting and modifying special registers in a security token is described. In one embodiment, a register may be reset when a reset flag is true when a special transmission on a bus demonstrates the mutual locality of the associated processor and chipset. A modify flag may also be used to indicate whether the register contents may be modified. Modifications may also be dependent upon demonstration of mutual locality.
    Type: Grant
    Filed: March 29, 2002
    Date of Patent: April 11, 2006
    Assignee: Intel Corporation
    Inventors: David W. Grawrock, James A. Sutton, II
  • Patent number: 6990579
    Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.
    Type: Grant
    Filed: March 31, 2000
    Date of Patent: January 24, 2006
    Assignee: Intel Corporation
    Inventors: Howard C. Herbert, David W. Grawrock, Carl M. Ellison, Roger A. Golliver, Derrick C. Lin, Francis X. McKeen, Gilbert Neiger, Ken Reneris, James A. Sutton, Shreekant S. Thakkar, Millind Mittal
  • Patent number: 6948065
    Abstract: In one embodiment, a platform comprises a processor, an input/output control hub (ICH), and a trusted platform module (TPM). Coupled to the ICH, the TPM comprises an internal memory, and an asymmetric key generation unit. The symmetric key generation unit produces an ephemeral asymmetric key pair including an ephemeral asymmetric public key and an ephemeral asymmetric private key. Both the ephemeral asymmetric public key and the ephemeral asymmetric private key are used for encryption and decryption operations during a single communications session.
    Type: Grant
    Filed: December 27, 2000
    Date of Patent: September 20, 2005
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Publication number: 20040193888
    Abstract: An integrity signature may provide information about a platform used to create a digital signature. The value of a digital signature may be related to the integrity and trustworthiness of the platform on which it is created. Signed platform integrity information provides a measure of trust regarding the platform used to create the digital signature. The integrity signature may be created separately from a document signature, or a combined integrity and document signature may be provided.
    Type: Application
    Filed: March 31, 2003
    Publication date: September 30, 2004
    Inventors: Willard M. Wiseman, David W. Grawrock
  • Publication number: 20040117318
    Abstract: Methods, apparatus and machine readable medium are described that prevent successfully launching a trusted environment without providing the computing device with an appropriate portable token. In one embodiment, the computing device stores information on the portable token that is required in order to launch the trusted environment. In another embodiment, information that is required to launch the trusted environment is encrypted with a key that has been sealed to a portable token. Accordingly, the required information may only be decoded if the portable token is present.
    Type: Application
    Filed: December 16, 2002
    Publication date: June 17, 2004
    Inventor: David W. Grawrock
  • Publication number: 20040117625
    Abstract: Methods, apparatus and machine readable medium are described for creating and using protected key blobs that require a particular portable token be present before use of the key or keys of the protected key blob is granted. Such protected key blobs may be used to establish a level of trust between a local user and the computing device.
    Type: Application
    Filed: December 16, 2002
    Publication date: June 17, 2004
    Inventor: David W. Grawrock
  • Patent number: 6678833
    Abstract: In one embodiment, an integrated circuit device comprises a trusted platform module and a boot block memory unit covered by a common package. The boot block memory unit is in communication with the trusted platform module and provides boot information to the trusted platform module. An example of the boot information includes a boot block code.
    Type: Grant
    Filed: June 30, 2000
    Date of Patent: January 13, 2004
    Assignee: Intel Corporation
    Inventor: David W. Grawrock
  • Publication number: 20040003273
    Abstract: Methods, apparatus and machine-readable medium are described that attempt to protect secrets from sleep attacks. In some embodiments, the secrets are encrypted and a security enhanced environment dismantled prior to entering a sleep state. Some embodiments further re-establish a security enhanced environment and decrypt the secrets in response to a wake event.
    Type: Application
    Filed: June 26, 2002
    Publication date: January 1, 2004
    Inventors: David W. Grawrock, David I. Poisner
  • Publication number: 20040003321
    Abstract: A system is initialized for operation in a protected operating environment by executing authenticated code that prepares various portions of the hardware for protection from non-trusted software. In one embodiment, initialization includes identifying and locking down specified areas of memory for protected processing, then placing trusted software into the specified areas of memory and validating the trusted software. In a particular embodiment, initialization may also include deriving and protectively storing identifying characteristics of the trusted software.
    Type: Application
    Filed: June 27, 2002
    Publication date: January 1, 2004
    Inventors: Andrew F. Glew, James A. Sutton, Lawrence O. Smith, David W. Grawrock, Gilbert Neiger, Michael A. Kozuch
  • Publication number: 20040003288
    Abstract: An apparatus may include a root of trust for measurement (RTM) module coupled to a verified platform security property policy module and a comparison module. The comparison module may operate to prevent transfer of control to an operating system (and/or halt the boot process) if a policy included in the platform security property policy module is violated. A system may include a memory coupled to a processor, a platform security property policy module, and a comparison module. The memory may include an RTM. A method may include beginning execution at an entry point within an RTM, determining that the RTM is trustworthy, determining that a main initialization code associated with a platform is trustworthy and transferring control to the main initialization code, and otherwise, refraining from transferring control to the main initialization code.
    Type: Application
    Filed: June 28, 2002
    Publication date: January 1, 2004
    Applicant: Intel Corporation
    Inventors: Willard M. Wiseman, David W. Grawrock
  • Publication number: 20030229794
    Abstract: A system and method for permitting the execution of system management mode (SMM) code during secure operations in a microprocessor system is described. In one embodiment, the system management interrupt (SMI) may be first directed to a handler in a secured virtual machine monitor (SVMM). The SMI may then be re-directed to SMM code located in a virtual machine (VM) that is under the security control of the SVMM. This redirection may be accomplished by allowing the SVMM to read and write the system management (SM) base register in the processor.
    Type: Application
    Filed: June 7, 2002
    Publication date: December 11, 2003
    Inventors: James A. Sutton, David W. Grawrock, Richard A. Uhlig, David I. Poisner, Andrew F. Glew, Clifford D. Hall, Lawrence O. Smith, Gilbert Neiger, Michael A. Kozuch, Robert T. George, Bradley G. Burgess
  • Publication number: 20030196088
    Abstract: A method and apparatus to communicate with a token using a previously reserved binary number in the start field of a cycle, wherein the cycle is not echoed on any bus other than the bus through which the communication is received.
    Type: Application
    Filed: April 15, 2002
    Publication date: October 16, 2003
    Inventors: David I. Poisner, David W. Grawrock, James A. Sutton
  • Publication number: 20030196100
    Abstract: Methods, apparatus and computer readable medium are described that attempt to protect secrets from system reset attacks. In some embodiments, the memory is locked after a system reset and secrets removed from the memory before the memory is unlocked.
    Type: Application
    Filed: April 15, 2002
    Publication date: October 16, 2003
    Inventors: David W. Grawrock, David I. Poisner, James A. Sutton