Patents by Inventor Kirk D. Brannock
Kirk D. Brannock has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11783064Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.Type: GrantFiled: March 30, 2018Date of Patent: October 10, 2023Assignee: INTEL CORPORATIONInventors: Kirk D. Brannock, Barry E. Huntley
-
Patent number: 11199980Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for determining a region of the memory for which to store information, inserting the information into the region of the memory, and applying one or more characteristics to the region of the memory via an instruction set architecture (ISA) operation, the one or more characteristics comprising an immutable characteristic to prevent modification of the information in the region of the memory.Type: GrantFiled: August 6, 2018Date of Patent: December 14, 2021Assignee: INTEL CORPORATIONInventors: Kirk D. Brannock, Barry E. Huntley
-
Patent number: 10776283Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for allocating a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM, generating a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and setting one or more page table attributes for the page table to prevent a malicious code attack on the SMM.Type: GrantFiled: April 1, 2016Date of Patent: September 15, 2020Assignee: INTEL CORPORATIONInventors: Kirk D. Brannock, Barry E. Huntley, Vincent J. Zimmer
-
Patent number: 10769269Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for gathering configuration information of a computer system during a system management mode of the computer system and exposing the gathered configuration information to securely attest to the configuration of the system.Type: GrantFiled: June 30, 2018Date of Patent: September 8, 2020Assignee: INTEL CORPORATIONInventor: Kirk D. Brannock
-
Publication number: 20190156015Abstract: In one embodiment, a processor comprises a plurality of system resources accessible to processes executed at a first privilege level but generally not accessible to processes executing at a second privilege level; a memory to store an access control policy; and an execution unit to: execute a system management interrupt (SMI) handler at the second privilege level; and execute a policy manager at the first privilege level, the policy manager to detect a request from the SMI handler to access a first system resource of the plurality of system resources; and access the first system resource on behalf of the SMI handler in response to a determination that the access control policy allows the SMI handler to access the first system resource.Type: ApplicationFiled: December 29, 2018Publication date: May 23, 2019Inventors: Kirk D. Brannock, Jiewen Yao
-
Publication number: 20190158461Abstract: A custody transfer of a device can include sending a start of transfer request to an attestation device over a short range wireless communication channel, a nonce is received from the attestation device in association with the start of transfer request, and the nonce is signed at the particular gateway device. The signed nonce is sent to the attestation device, a transfer confirmation message is received from the attestation device, and a transfer message is sent to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device.Type: ApplicationFiled: January 14, 2019Publication date: May 23, 2019Applicant: McAfee, LLCInventors: Jesse Randall Walker, Howard C. Herbert, Kirk D. Brannock, Geoffrey H. Cooper, David A. deVries, David M. Amols, Sven Schrecker, Stephen H. Price
-
Publication number: 20190050232Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for gathering configuration information of a computer system during a system management mode of the computer system and exposing the gathered configuration information to securely attest to the configuration of the system.Type: ApplicationFiled: June 30, 2018Publication date: February 14, 2019Applicant: INTEL CORPORATIONInventor: Kirk D. Brannock
-
Publication number: 20190042780Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.Type: ApplicationFiled: March 30, 2018Publication date: February 7, 2019Applicant: INTEL CORPORATIONInventors: KIRK D. BRANNOCK, BARRY E. HUNTLEY
-
Publication number: 20190042117Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for determining a region of the memory for which to store information, inserting the information into the region of the memory, and applying one or more characteristics to the region of the memory via an instruction set architecture (ISA) operation, the one or more characteristics comprising an immutable characteristic to prevent modification of the information in the region of the memory.Type: ApplicationFiled: August 6, 2018Publication date: February 7, 2019Applicant: INTEL CORPORATIONInventors: KIRK D. BRANNOCK, BARRY E. HUNTLEY
-
Patent number: 10193858Abstract: A custody transfer of a device can include sending a start of transfer request to an attestation device over a short range wireless communication channel, a nonce is received from the attestation device in association with the start of transfer request, and the nonce is signed at the particular gateway device. The signed nonce is sent to the attestation device, a transfer confirmation message is received from the attestation device, and a transfer message is sent to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device.Type: GrantFiled: December 22, 2015Date of Patent: January 29, 2019Assignee: McAfee, LLCInventors: Jesse Randall Walker, Howard C. Herbert, Kirk D. Brannock, Geoffrey H. Cooper, David A. deVries, David M. Amols, Sven Schrecker, Stephen H. Price
-
Patent number: 10192054Abstract: Methods and systems may provide for receiving at a secure element of a system, during a boot process of the system, a first pairing authentication value from a pairing agent. In addition, a pairing key may be received from the pairing agent, wherein the first pairing authentication value and the pairing key may be used to establish a trusted channel between the secure element and an input output (IO) device coupled to the system. In one example, the first pairing authentication value is accepted only if the first pairing authentication value is received prior to a predetermined stage of the boot process.Type: GrantFiled: September 13, 2013Date of Patent: January 29, 2019Assignee: Intel CorporationInventors: Shanwei Cen, Kirk D. Brannock
-
Patent number: 10146657Abstract: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.Type: GrantFiled: March 26, 2014Date of Patent: December 4, 2018Assignee: Intel CorporationInventors: Robert C. Swanson, C. Brendan Traw, Vincent J. Zimmer, Mallik Bulusu, John R. Lindsley, Mahesh S. Natu, Dimitrios Ziakas, Robert W. Cone, Madhusudhan Rangarajan, Babak Nikjou, Kirk D. Brannock, Russell J. Wunderlich, Miles F. Schwartz, Stephen S. Pawlowski
-
Publication number: 20180285562Abstract: Technology for a computing system is described. The computing system can include memory, a controller, and a security management module. The controller can receive a block erase command for erasing data stored in a block of memory. The controller can store information associated with the block erase command in a store, wherein the information includes a block address associated with the data to be erased based on the block erase command. The security management module can read block addresses from the store, update a block erase count array over a defined interval to include block addresses read from the store, compare the block erase count array to a defined threshold, identify block addresses for which the block erase count array is above the defined threshold, and deny subsequent block erase commands for the identified block addresses.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Applicant: Intel CorporationInventors: Sivakumar Radhakrishnan, Mahesh S. Natu, Pawel Szymanski, Zhenyu Zhu, Malay Trivedi, Kirk D. Brannock, Geoffrey S. Strongin
-
Patent number: 10044696Abstract: An apparatus is provided that includes at least one processor device, an energy storage module to power the apparatus, memory to store a secret such that powering down and restarting the apparatus causes the secret to be lost, logic executable by the at least one processor device to generate attestation data using the secret that data abstracts the secret, and a communications interface to send the attestation data to another device.Type: GrantFiled: December 22, 2015Date of Patent: August 7, 2018Assignee: McAfee, LLCInventors: Jesse Randall Walker, Howard C. Herbert, Kirk D. Brannock, Stephen H. Price, Geoffrey H. Cooper, David A. deVries, David M. Amols, Sven Schrecker
-
Patent number: 10042571Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for determining a region of the memory for which to store information, inserting the information into the region of the memory, and applying one or more characteristics to the region of the memory via an instruction set architecture (ISA) operation, the one or more characteristics comprising an immutable characteristic to prevent modification of the information in the region of the memory.Type: GrantFiled: March 31, 2016Date of Patent: August 7, 2018Assignee: INTEL CORPORATIONInventors: Kirk D. Brannock, Barry E. Huntley
-
Patent number: 9946875Abstract: In one embodiment, a processor includes at least one execution unit and Return Oriented Programming (ROP) detection logic. The ROP detection logic may determine a ROP metric based on a plurality of control transfer events. The ROP detection logic may also determine whether the ROP metric exceeds a threshold. The ROP detection logic may also, in response to a determination that the ROP metric exceeds the threshold, provide a ROP attack notification.Type: GrantFiled: January 5, 2017Date of Patent: April 17, 2018Assignee: Intel CorporationInventors: Stephen A. Fischer, Kevin C. Gotze, Yuriy Bulygin, Kirk D. Brannock
-
Publication number: 20170286318Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for allocating a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM, generating a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and setting one or more page table attributes for the page table to prevent a malicious code attack on the SMM.Type: ApplicationFiled: April 1, 2016Publication date: October 5, 2017Applicant: INTEL CORPORATIONInventors: KIRK D. BRANNOCK, BARRY E. HUNTLEY, VINCENT J. ZIMMER
-
Publication number: 20170285987Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for determining a region of the memory for which to store information, inserting the information into the region of the memory, and applying one or more characteristics to the region of the memory via an instruction set architecture (ISA) operation, the one or more characteristics comprising an immutable characteristic to prevent modification of the information in the region of the memory.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Applicant: INTEL CORPORATIONInventors: KIRK D. BRANNOCK, BARRY E. HUNTLEY
-
Publication number: 20170180341Abstract: An apparatus is provided that includes at least one processor device, an energy storage module to power the apparatus, memory to store a secret such that powering down and restarting the apparatus causes the secret to be lost, logic executable by the at least one processor device to generate attestation data using the secret that data abstracts the secret, and a communications interface to send the attestation data to another device.Type: ApplicationFiled: December 22, 2015Publication date: June 22, 2017Applicant: McAfee, Inc.Inventors: Jesse Randall Walker, Howard C. Herbert, Kirk D. Brannock, Stephen H. Price, Geoffrey H. Cooper, David A. deVries, David M. Amols, Sven Schrecker
-
Publication number: 20170180314Abstract: A custody transfer of a device can include sending a start of transfer request to an attestation device over a short range wireless communication channel, a nonce is received from the attestation device in association with the start of transfer request, and the nonce is signed at the particular gateway device. The signed nonce is sent to the attestation device, a transfer confirmation message is received from the attestation device, and a transfer message is sent to a management system to report a transfer in custody of the attestation device involving the particular gateway device and another gateway device.Type: ApplicationFiled: December 22, 2015Publication date: June 22, 2017Inventors: Jesse Randall Walker, Howard C. Herbert, Kirk D. Brannock, Geoffrey H. Cooper, David A. deVries, David M. Amols, Sven Schrecker, Stephen H. Price