Abstract: A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Abstract: A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Abstract: A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Abstract: A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Abstract: A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Abstract: A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Abstract: In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed.

Abstract: A data processing system (DPS) uses platform protection technology (PPT) to protect some or all of the code and data belonging to certain software modules. The PPT may include a virtual machine monitor (VMM) to enable an untrusted application and a trusted application to run on top of a single operating system (OS), while preventing the untrusted application from accessing memory used by the trusted application. The VMM may use a first extended page table (EPT) to translate a guest physical address (GPA) into a first host physical address (HPA) for the untrusted application. The VMM may use a second EPT to translate the GPA into a second HPA for the trusted application. The first and second EPTs may map the same GPA to different HPAs. Other embodiments are described and claimed.

Abstract: In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed.

Abstract: In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed.

Abstract: Embodiments of an invention for repeatable application-specific encryption key derivation are disclosed. In one embodiment, a processor includes a root key, an encryption engine, and execution hardware. The encryption engine is to perform an encryption operation using the root key, wherein the root key is accessible only to the encryption engine. The execution hardware is to execute instructions to deterministically generate an application-specific encryption key using the encryption algorithm.

Abstract: Memory channel training parameters are function of electrical characteristics of memory devices, processor(s) and memory channel(s). Training steps can be skipped if the BIOS can determine that the memory devices, motherboard and processor have not changed since the last boot. Memory devices contain a serial number for tracking purposes and most motherboards contain a serial number. Many processors do not provide a mechanism by which the BIOS can track the processor. Described herein are techniques that allow the BIOS to track a processor and detect a swap without violating privacy/security requirements.

Abstract: In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed.

Abstract: Memory channel training parameters are function of electrical characteristics of memory devices, processor(s) and memory channel(s). Training steps can be skipped if the BIOS can determine that the memory devices, motherboard and processor have not changed since the last boot. Memory devices contain a serial number for tracking purposes and most motherboards contain a serial number. Many processors do not provide a mechanism by which the BIOS can track the processor. Described herein are techniques that allow the BIOS to track a processor and detect a swap without violating privacy/security requirements.

Abstract: Hardware attestation techniques are described. An apparatus may comprise a platform comprising a processor capable of operating in an isolated execution mode and persistent storage having entity information associated with an entity having control of a software application. The platform may include a security controller communicatively coupled to the platform, the security controller having a signature generator operative to generate a platform signature for the software application executing on the platform, the platform signature comprising a cryptographic hash of entity information, and an attest module operative to provide the platform signature to the software application with the platform signature to attest that that the platform is associated with the software application. Other embodiments are described and claimed.

Abstract: Actual power savings achieved by using a power savings mode in a communications device may be increased by analyzing the effects of the power savings mode on delays and using the analysis on which to base a decision as to whether or not to enter the power savings mode.

Abstract: Enhanced power management is achieved in a wireless communication system. In one aspect of the invention, power management profiles related to application type are used to achieve enhanced power management. In another aspect of the invention, the interval at which buffered broadcast and multicast traffic is transmitted to users in a network is adjusted during system operation based on a predetermined adjustment criterion to achieve enhanced power management.

Abstract: According to an embodiment of the invention, a physical location of a mobile device is determined, and a determination is made that a subject device is available for command via the mobile device based at least in part on the physical location of the mobile device. Information regarding voice recognition capability of the subject device is transferred to the mobile device. A voice command is received by the mobile device, the voice command is interpreted, and an instruction is provided to the subject device based at least in part on the voice command.

Abstract: A technique for automatically identifying and assigning devices to device proxies in a policy based network management system is described. Each device proxy registers a filter with the device discovery. The filter may identify one or more characteristics of devices and may also include a communications protocol to be used by the device discovery to communicate with devices. The device discovery, preferably using the specified protocol, obtains device specific information and then identifies devices in the network that match the filters. The device discovery notifies each device proxy of which devices match the proxy's filter. Each device proxy updates its list of devices that it can policy manage based on the notification from the device discovery. Control policies are distributed from a policy server to each of the device proxies. Each device proxy then sends a policy to one or more devices to be policy managed.

Abstract: Messages may be transmitted through a wireless network by forwarding the messages to intermediate, in-range recipients. Those intermediate, in-range recipients may then forward the message on to still other intermediate recipients, increasing the likelihood that one of the intermediate recipients may come in contact with the intended recipient. In some cases, the decision about whether to transfer the message to an intermediate recipient may depend on whether or not it is determined that it is sufficiently likely that that intermediate recipient will come in contact with the intended recipient. As a result, in some embodiments, both the likelihood that the message is delivered and the range of the network may be increased.