Patents by Inventor Vincent J. Zimmer

Vincent J. Zimmer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10474473
    Abstract: A method for booting a data processing system (DPS) involves, during a boot process of the DPS, using a preliminary bootcode module from a low-speed nonvolatile memory (NVM) in the DPS to load a main bootcode module from a high-speed NVM in the DPS into a volatile random access memory (RAM) in the DPS, wherein the high-speed NVM supports a read speed that is faster than a maximum read speed of the low-speed NVM. The method also involves, during the boot process, after loading the main bootcode module from the high-speed NVM into the RAM, using the main bootcode module to boot the DPS to an operating system (OS). The method may also involve using the preliminary bootcode module to automatically determine whether the main bootcode module from the high-speed NVM has good integrity. Other embodiments are described and claimed.
    Type: Grant
    Filed: April 11, 2017
    Date of Patent: November 12, 2019
    Assignee: Intel Corporation
    Inventors: Michael A. Rothman, Vincent J. Zimmer, Giri P. Mudusuru, Jiewen Yao, Jie Lin
  • Patent number: 10445154
    Abstract: This disclosure is directed to firmware-related event notification. A device may comprise an operating system (OS) configured to operate on a platform. During initialization of the device a firmware module in the platform may load at least one globally unique identifier (GUID) into a firmware configuration table. When the platform notifies the OS, the firmware module may load at least one GUID into a platform notification table and may set a platform notification bit in a platform notification table status field. Upon detecting the notification, an OS management module may establish a source of the notification by querying the platform notification table. The platform notification bit may cause the OS management module to compare GUIDs in the platform notification table and the firmware configuration table. Services may be called based on any matching GUIDs. If no GUIDs match, the services may be called based on firmware variables in the device.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: October 15, 2019
    Assignee: INTEL CORPORATION
    Inventors: Sarathy Jayakumar, Mohan J. Kumar, Vincent J. Zimmer, Rajesh Poornachandran
  • Publication number: 20190303250
    Abstract: Disclosed herein are distributed ledger systems and methods for efficiently creating and updating a query optimized distributed ledger. In particular, the present disclosure introduces methods and apparatuses for efficiently updating indexes when new blocks are added to the distributed ledger by using snapshots of data and appending new snapshot tables and indexes to previous snapshot tables and indexes.
    Type: Application
    Filed: June 18, 2019
    Publication date: October 3, 2019
    Applicant: McAfee, LLC
    Inventors: Ned M. Smith, Vincent J. Zimmer, Rajesh Poornachandran, Cedric Cochin, Igor G. Muttik
  • Patent number: 10432627
    Abstract: The present disclosure is directed to secure sensor data transport and processing. End-to-end security may prevent attackers from altering data during the sensor-based security procedure. For example, following sensor data capture execution in a device may be temporarily suspended. During the suspension of execution, sensor interface circuitry in the device may copy the sensor data from a memory location associated with the sensor to a trusted execution environment (TEE) within the device. The TEE may provide a secure location in which the sensor data may be processed and a determination may be made as to whether to grant access to the secure resources. The TEE may comprise, for example, match circuitry to compare the sensor data to previously captured sensor data for users that are allowed to access the secured resources and output circuitry to grant access to the secured resources or to perform activities associated with a security exception.
    Type: Grant
    Filed: August 29, 2018
    Date of Patent: October 1, 2019
    Assignee: Intel Corporation
    Inventors: Hormuzd M. Khosravi, Bassam N. Coury, Vincent J. Zimmer
  • Patent number: 10430589
    Abstract: A dynamic firmware module loader loads one of a plurality of a firmware contexts or modules as needed in a containerized environment for secure isolated execution. The modules, called applets, may be loaded and unloaded in a firmware context. The loader may use a hardware inter process communication channel (IPC) to communicate with the secure engine. The modules may be designed to implement specific features desired by basic input/output system vendors, without the use of a system management mode. Designed modules may provide necessary storage and I/O access driver capabilities to be run in trusted execution environment containers.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: October 1, 2019
    Assignee: Intel Corporation
    Inventors: Karunakara Kotary, Vincent J. Zimmer, Scott D. Brenden, Jose Benchimol, Panner Kumar, Rajesh Poornachandran
  • Publication number: 20190278611
    Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.
    Type: Application
    Filed: May 13, 2019
    Publication date: September 12, 2019
    Applicant: Intel Corporation
    Inventors: KEVIN Y. LI, VINCENT J. ZIMMER, XIAOHU ZHOU, PING WU, ZIJIAN YOU, MICHAEL A. ROTHMAN
  • Patent number: 10394295
    Abstract: Apparatuses, methods and storage medium associated with streamlined physical reset are described herein. In embodiments, an apparatus for computing, including streamlined physical reset, may comprise one or more processor cores; memory having a plurality of memory locations; and a basic input/output system (BIOS) to provide basic input/output system services, wherein the BIOS stays within a range of memory locations during each initialization of the BIOS, including an initialization of the BIOS that is part of a physical reset of the apparatus, to streamline the physical reset. Other embodiments may be described and/or claimed.
    Type: Grant
    Filed: May 17, 2017
    Date of Patent: August 27, 2019
    Assignee: Intel Corporation
    Inventors: Michael A. Rothman, Vincent J. Zimmer, Jiewen Yao
  • Patent number: 10389788
    Abstract: Technologies for adaptive real-time media streaming include a computing device to determine, by a trusted execution environment of the computing device, a current workload of the computing device based on at least one activity counter. The at least one activity counter is to record counter data associated with performance of the computing device. Further, the computing device determines a residual workload capable of being supported by the computing device based on the determined current workload and a new content playback characteristics for streaming media content based on the determined residual workload. The computing device streams media content received from a trusted server based on the determined new content playback characteristics.
    Type: Grant
    Filed: December 27, 2014
    Date of Patent: August 20, 2019
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Ned M. Smith, Michael D. Rosenzweig, Vincent J. Zimmer, Qixiong J. Bian
  • Patent number: 10382489
    Abstract: Technologies for privacy-safe security policy evaluation include a cloud analytics server, a trusted data access mediator (TDAM) device, and one or more client devices. The cloud analytics server curries a security policy function to generate a privacy-safe curried function set. The cloud analytics server requests parameter data from the TDAM device, which collects the parameter data, identifies sensitive parameter data, encrypts the sensitive parameter data, and transmits the encrypted sensitive parameter data to the cloud analytics server. The cloud analytics server evaluates one or more curried functions using non-sensitive parameters to generate one or more sensitive functions that each take a sensitive parameter. The cloud analytics server transmits the sensitive functions and the encrypted sensitive parameters to a client computing device, which decrypts the encrypted sensitive parameters and evaluates the sensitive functions with the sensitive parameters to return a security policy.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: August 13, 2019
    Assignee: Mcafee, LLC
    Inventors: Sudeep Das, Rajesh Poornachandran, Ned M. Smith, Vincent J. Zimmer, Pramod Sharma, Arthur Zeigler, Sumant Vashisth, Simon Hunt
  • Publication number: 20190243620
    Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.
    Type: Application
    Filed: December 26, 2018
    Publication date: August 8, 2019
    Applicant: INTEL CORPORATION
    Inventors: Mingqiu SUN, Rajesh Poornachandran, Vincent J. Zimmer, Ned M. Smith, Gopinatth Selvaraje
  • Patent number: 10372491
    Abstract: Methods, apparatuses and storage medium associated with migration between processors by a computing device are disclosed. In various embodiments, a portable electronic device having an internal processor and internal memory may be attached to a dock. The dock may include another processor as well other memory. The attachment of the dock to the portable electronic device may cause an interrupt. In response to this interrupt, a state associated with the internal processor may be copied to the other memory of the dock. Instructions for the computing device may then be executed using the other processor of the dock. Other embodiments may be disclosed or claimed.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: August 6, 2019
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Jiewen Yao, Sarathy Jayakumar, Robert C. Swanson, Rajesh Poornachandran, Gopinatth Selvaraje, Mingqiu Sun, John S. Howard, Eugene Gorbatov
  • Patent number: 10366237
    Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: July 30, 2019
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Peter J. Barry, Rajesh Poornachandran, Arjan Van De Ven, Peter A. Dice, Gopinatth Selvaraje, Julien Carreno, Lee G. Rosenbaum
  • Patent number: 10339014
    Abstract: Disclosed herein are distributed ledger systems and methods for efficiently creating and updating a query optimized distributed ledger. In particular, the present disclosure introduces methods and apparatuses for efficiently updating indexes when new blocks are added to the distributed ledger by using snapshots of data and appending new snapshot tables and indexes to previous snapshot tables and indexes.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: July 2, 2019
    Assignee: McAfee, LLC
    Inventors: Ned M. Smith, Vincent J. Zimmer, Rajesh Poornachandran, Cedric Cochin, Igor G. Muttik
  • Patent number: 10331453
    Abstract: Various embodiments are generally directed to establishing trust in system management mode. An operating system management mode driver can invoke a system management mode and provide a signature to the system management mode to authenticate the driver with. Additionally, a hash value of the driver can be used to determine whether the driver is authorized to invoke system management mode or particular operations or features of system management mode.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: June 25, 2019
    Assignee: INTEL CORPORATION
    Inventors: Nicholas J. Adams, Vincent J. Zimmer, Lee G. Rosenbaum, Giri P. Mudusuru
  • Patent number: 10289425
    Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.
    Type: Grant
    Filed: March 19, 2014
    Date of Patent: May 14, 2019
    Assignee: Intel Corporation
    Inventors: Kevin Y. Li, Vincent J. Zimmer, Xiaohu Zhou, Ping Wu, Zijian You, Michael A. Rothman
  • Publication number: 20190138294
    Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.
    Type: Application
    Filed: December 28, 2018
    Publication date: May 9, 2019
    Inventors: Ned M. Smith, Kshitij Arun Doshi, John J. Browne, Vincent J. Zimmer, Francesc Guim Bernat, Kapil Sood
  • Patent number: 10275598
    Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.
    Type: Grant
    Filed: April 6, 2015
    Date of Patent: April 30, 2019
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Bryant E. Bigbee, Andrew J. Fish, Mark S. Doran
  • Patent number: 10262140
    Abstract: A device with support for blockchain-based boot tracking comprises at least one processor, non-volatile storage responsive to the processor, and at least one boot module in the non-volatile storage. The boot module, when executed by the processor, enables the device to generate a measurement of the boot module, generate an internal ledger transaction based on the measurement of the boot module, and send the internal ledger transaction to a remote device. In addition, the boot module enables the device to (a) receive an external ledger transaction from the remote device, wherein the external ledger transaction is based on a measurement for a boot module of the remote device; (b) in response to receiving the external ledger transaction, verify the external ledger transaction; and (c) in response to verifying the external ledger transaction, add the external ledger transaction to a boot audit blockchain. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: April 16, 2019
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Rajesh Poornachandran, Vincent J. Zimmer
  • Patent number: 10251060
    Abstract: In one example, a system for accessing services comprises a processor to detect a change in a topology of the system and request configuration data or a firmware image stored in secure storage of a wireless credential exchange or EEPROM, wherein the configuration data indicates an authorized stackable topology map for the system. The processor can also determine the change in the topology is allowed based on the authorized stackable topology map and execute an internet or local based service comprising a modification based on the change to the topology of the system, the service with the modification to be executed in response to a transmission of the change to the service.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: April 2, 2019
    Assignee: Intel Corporation
    Inventors: Kelly Steele, Rajesh Poornachandran, Vincent J. Zimmer
  • Publication number: 20190095352
    Abstract: Techniques are provided for managing memory hot-add to a computing platform. A system implementing the techniques according to an embodiment includes a Field Programmable Gate Array (FPGA) memory controller (FMC) including a Memory Reference Code (MRC) Register Transfer Level (RTL) module to perform training of a memory module in response to receiving a memory hot-add event notification associated with the memory module. The MRC training includes memory timing adjustment based on configuration policies. The system also includes a management controller circuit to communicate with a remote administration server over a secure out-of-band network channel. The communication includes the configuration policies to be applied by the FMC circuit to the memory module.
    Type: Application
    Filed: September 28, 2017
    Publication date: March 28, 2019
    Applicant: INTEL CORPORATION
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Ned M. Smith, Nadhiya Chandramohan