Patents by Inventor Qin Long

Qin Long has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200125497
    Abstract: A disclosed example to protect memory from buffer overflow or underflow includes defining an implicit bound pointer based on an implicit bound pointer definition in a configuration file for a memory region; instrumenting object code with an implicit buffer bound check based on the implicit bound pointer; and generating hardened executable object code based on the object code, the implicit buffer bound check, and the implicit bound pointer, the implicit bound pointer located in the hardened executable object code during a compilation phase to facilitate loading the implicit bound pointer in a global bounds table during runtime for access by the implicit buffer bound check.
    Type: Application
    Filed: March 30, 2017
    Publication date: April 23, 2020
    Inventors: Junjing Shi, Qin Long, Liming Gao, Michael A. Rothman, Vincent J. Zimmer
  • Patent number: 9600671
    Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: March 21, 2017
    Assignee: Intel Corporation
    Inventors: Ting Ye, Qin Long, Vincent Zimmer
  • Publication number: 20160267276
    Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.
    Type: Application
    Filed: May 25, 2016
    Publication date: September 15, 2016
    Applicant: Intel Corporation
    Inventors: Ting Ye, Qin Long, Vincent Zimmer
  • Patent number: 9384352
    Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor including secure non-volatile storage that couples to a root index, having a fixed address, and comprises first and second variables referenced by the root index; and semiconductor integrated code (SIC) including embedded processor logic to initialize a processor and embedded memory logic to initialize a memory coupled to the processor; wherein (a) the SIC is to be executed responsive to resetting the processor and prior to providing control to boot code, and (b) the SIC is to perform pre-boot operations in response to accessing at least one of the first and second variables. Other embodiments are described herein.
    Type: Grant
    Filed: October 2, 2013
    Date of Patent: July 5, 2016
    Assignee: Intel Corporation
    Inventors: Jiewen Yao, Vincent J. Zimmer, Nicholas J. Adams, Willard M. Wiseman, Qin Long, Shihui Li
  • Patent number: 9378371
    Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: June 28, 2016
    Assignee: Intel Corporation
    Inventors: Ting Ye, Qin Long, Vincent Zimmer
  • Patent number: 9323541
    Abstract: Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code.
    Type: Grant
    Filed: February 25, 2013
    Date of Patent: April 26, 2016
    Assignee: Intel Corporation
    Inventors: Qin Long, Ting Ye, Vincent Zimmer, Jiewen Yao
  • Publication number: 20150095633
    Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor including secure non-volatile storage that couples to a root index, having a fixed address, and comprises first and second variables referenced by the root index; and semiconductor integrated code (SIC) including embedded processor logic to initialize a processor and embedded memory logic to initialize a memory coupled to the processor; wherein (a) the SIC is to be executed responsive to resetting the processor and prior to providing control to boot code, and (b) the SIC is to perform pre-boot operations in response to accessing at least one of the first and second variables. Other embodiments are described herein.
    Type: Application
    Filed: October 2, 2013
    Publication date: April 2, 2015
    Inventors: Jiewen Yao, Vincent J. Zimmer, Nicholas J. Adams, Willard M. Wiseman, Qin Long, Shihui Li
  • Publication number: 20140282969
    Abstract: Described herein is technology for restoring access to a user account. In particular, systems and methods for account recovery using a platform attestation credential are described. In some embodiments, the platform attestation credential is generated by an authentication device in a pre boot environment. A first copy of the platform attestation credential may be bound by an account management system to a user account. Access to the user account may subsequently be restored using a second copy of the platform attestation credential.
    Type: Application
    Filed: March 13, 2013
    Publication date: September 18, 2014
    Inventors: Ting Ye, Qin Long, Vincent Zimmer
  • Publication number: 20140250293
    Abstract: Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code.
    Type: Application
    Filed: February 25, 2013
    Publication date: September 4, 2014
    Inventors: Qin Long, Ting Ye, Vincent Zimmer, Jiewen Yao
  • Patent number: 8694761
    Abstract: In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 31, 2008
    Date of Patent: April 8, 2014
    Inventors: Vincent Zimmer, Mohan Kumar, Mahesh Natu, Jiewen Yao, Qin Long, Liang Cui
  • Patent number: 8327415
    Abstract: In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 30, 2008
    Date of Patent: December 4, 2012
    Assignee: Intel Corporation
    Inventors: Jiewen Yao, Liang Cui, Qin Long, Vincent J. Zimmer
  • Patent number: 8086839
    Abstract: Methods and systems to perform an authentication operation after resuming from a sleep state are presented. In one embodiment, a method includes starting a boot process from a sleep state. The method further includes providing platform services to support an authentication operation as part of the boot process and determining whether to complete the boot process based at least on results of the authentication operation.
    Type: Grant
    Filed: December 30, 2008
    Date of Patent: December 27, 2011
    Assignee: Intel Corporation
    Inventors: Jiewen Yao, Ned McArthur Smith, Vincent J. Zimmer, Qin Long
  • Patent number: 7984286
    Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
    Type: Grant
    Filed: June 25, 2008
    Date of Patent: July 19, 2011
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Mohan Kumar, Mahesh Natu, Qin Long, Liang Cui, Jiewen Yao
  • Patent number: 7827371
    Abstract: In one embodiment, the present invention includes a method for determining if an isolation driver is present and a processor supports virtualization, launching the isolation driver in a first privilege level different than a system privilege level and user privilege level, creating a 1:1 virtual mapping between a virtual address and a physical address, using the isolation driver, and controlling access to a memory page using the isolation driver. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 30, 2007
    Date of Patent: November 2, 2010
    Assignee: Intel Corporation
    Inventors: Jiewen Yao, Vincent J. Zimmer, Qin Long, Liang Cui
  • Publication number: 20100169631
    Abstract: Methods and systems to perform an authentication operation after resuming from a sleep state are presented. In one embodiment, a method includes starting a boot process from a sleep state. The method further includes providing platform services to support an authentication operation as part of the boot process and determining whether to complete the boot process based at least on results of the authentication operation.
    Type: Application
    Filed: December 30, 2008
    Publication date: July 1, 2010
    Inventors: Jiewen Yao, Ned McArthur Smith, Vincent J. Zimmer, Qin Long
  • Publication number: 20100169633
    Abstract: In some embodiments, the invention involves using a policy engine during boot, in the driver execution environment (DXE) phases to authenticate that drivers and executable images to be loaded are authenticated. Images to be authenticated include the operating system (OS) loader. The policy engine utilizes a certificate database to hold valid certificates for third party images, according to platform policy. Images that are not authenticated are not loaded at boot time. Other embodiments are described and claimed.
    Type: Application
    Filed: December 31, 2008
    Publication date: July 1, 2010
    Inventors: Vincent Zimmer, Mohan Kumar, Mahesh Natu, Jiewen Yao, Qin Long, Liang Cui
  • Publication number: 20100079472
    Abstract: Methods and systems to display platform graphics during initialization of an computer system, including to interrupt initialization of an operating system and to update a video frame buffer with platform graphics data when the initialization of the operating system is interrupted, and to merge platform graphics data with graphics generated by operating system initialization logic. The methods and systems include virtualization methods and systems and system management mode methods and systems.
    Type: Application
    Filed: September 30, 2008
    Publication date: April 1, 2010
    Inventors: Sean Shang, Hua Fang, Jiewen Yao, Vincent J. Zimmer, Qin Long, Jiong Gong, Ruiyu Ni, Michael A. Rothman
  • Publication number: 20100083002
    Abstract: A method and computing device for secure booting of unified extensible firmware interface executables includes generating a platform private key, signing a third party credential, storing the signed third party credential in a database located in a trusted platform module, and executing a unified extensible firmware interface executable only if an associated signed third party credential is stored in the trusted platform module.
    Type: Application
    Filed: September 30, 2008
    Publication date: April 1, 2010
    Inventors: Liang Cui, Qin LONG, Vincent J. Zimmer, Jiewen Yao
  • Patent number: 7689817
    Abstract: A data processing system supports a virtualization enabled (VE) operating mode. An operating system (OS) is launched during a boot process. However, a trap agent is launched before the OS is launched. The trap agent may intercept an attempt to transition the data processing system to virtual machine (VM) operating mode. In response to intercepting the attempt to transition the data processing system to VM operating mode, the trap agent may automatically determine whether the program that requested the transition is an authorized program. If the program is not authorized, the trap agent may prevent the program from transitioning the data processing system to VM operating mode. In one embodiment, the trap agent is launched before the data processing system selects a boot device. In another embodiment, the trap agent is launched before executing any code from any third-party option ROMs. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 16, 2006
    Date of Patent: March 30, 2010
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Qin Long
  • Publication number: 20090327684
    Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
    Type: Application
    Filed: June 25, 2008
    Publication date: December 31, 2009
    Inventors: Vincent J. Zimmer, Mohan Kumar, Mahesh Natu, Qin Long, Liang Cui, Jiewen Yao