Patents by Inventor Vincent J. Zimmer

Vincent J. Zimmer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11049039
    Abstract: Disclosed herein are cloud-based machine learning systems and methods for monitoring networked devices to identify and classify characteristics, to infer typical or atypical behavior and assign reputation profiles across various networked devices, and to make remediation recommendations. In some embodiments, a cloud-based machine learning system may learn the typical operation and interfacing of a plurality of reputable devices that are known to be free from malicious software and other threats. In some embodiments, a cloud-based machine learning system may learn the typical operation and interfacing of a device, and may identify atypical operations or interfaces associated with that device by comparing the operations and interfaces to those of a plurality of networked devices or to those of a defined standard reference device.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: June 29, 2021
    Assignee: McAfee, LLC
    Inventors: Vincent J. Zimmer, Joel R. Spurlock, Ramnath Venugopalan, Ned M. Smith, Igor G. Muttik, Rajesh Poornachandran
  • Publication number: 20210168176
    Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein. An example apparatus includes at least one memory, and at least one processor to execute instructions to at least identify one or more non-sensitive parameters of a plurality of policy parameters and one or more sensitive parameters of the plurality of the policy parameters, the plurality of the policy parameters obtained from a computing device in response to a request from a cloud analytics server for the plurality of the policy parameters, encrypt the one or more sensitive parameters to generate encrypted parameter data in response to the identification of the one or more sensitive parameters, and transmit the encrypted parameter data to the cloud analytics server, the cloud analytics server to curry a security policy function based on one or more of the plurality of the policy parameters.
    Type: Application
    Filed: January 20, 2021
    Publication date: June 3, 2021
    Inventors: Sudeep Das, Rajesh Poornachandran, Ned M. Smith, Vincent J. Zimmer, Pramod Sharma, Arthur Zeigler, Sumant Vashisth, Simon Hunt
  • Publication number: 20210124829
    Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.
    Type: Application
    Filed: January 4, 2021
    Publication date: April 29, 2021
    Inventors: Jiewen Yao, Rangasai V. Chaganty, Xiang Ma, Ravi Poovalur Rangarajan, Rajesh Poornachandran, Nivedita Aggarwal, Giri P. Mudusuru, Vincent J. Zimmer, Satya P. Yarlagadda, Amy Chan, Sudeep Das
  • Publication number: 20210039781
    Abstract: Disclosed herein is a charging drone. The charging drone can comprise a flight mechanism, a charging transmitter, a processor, and a memory. The processor can be in electrical communication with the flight mechanism and the charging transmitter. The memory can store instructions that, when executed by the processor, can cause the processor to perform operations. The operations can comprise receiving a charge request signal; transmitting a navigation signal to the flight mechanism; verifying credentials from an in-flight drone; and activing the charging transmitter. The charge request signal can include data associated with the in-flight drone. The navigation signal can include guidance data for guiding the charging drone to the in-flight drone. The credentials can be verified when the charging drone is proximate the in-flight drone. The charging transmitter can be activated upon verification of the credentials.
    Type: Application
    Filed: May 21, 2018
    Publication date: February 11, 2021
    Inventors: Jiewen Jacques Yao, Vincent J. Zimmer, Rajesh Poornachandran
  • Patent number: 10911496
    Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein.
    Type: Grant
    Filed: August 12, 2019
    Date of Patent: February 2, 2021
    Assignee: MCAFEE, LLC
    Inventors: Sudeep Das, Rajesh Poornachandran, Ned M. Smith, Vincent J. Zimmer, Pramod Sharma, Arthur Zeigler, Sumant Vashisth, Simon Hunt
  • Patent number: 10885199
    Abstract: A pre-boot initialization technique for a computing system allows for encrypting both a manufacturer and original equipment manufacturer firmware routines, as well as handing off data between the manufacturer and original equipment manufacturer firmware routines encrypted with a key provisioned in field programmable fuses with an original equipment manufacturer key. By encrypting the firmware routines and handoff data, security of the pre-boot initialization process is enhanced. Original equipment manufacturer updatable product data may also be encrypted with the original equipment manufacturer key. Additional security may be provided by using trusted input/output capabilities of a trusted execution environment to display information to and receive information from a user. Furthermore, multiple secure phases of configuration may be achieved using wireless credentials exchange components.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: January 5, 2021
    Assignee: McAfee, LLC
    Inventors: Jiewen Yao, Rangasai V. Chaganty, Xiang Ma, Ravi Poovalur Rangarajan, Rajesh Poornachandran, Nivedita Aggarwal, Giri P. Mudusuru, Vincent J. Zimmer, Satya P. Yarlagadda, Amy Chan, Sudeep Das
  • Publication number: 20200387611
    Abstract: Malicious attacks have moved from higher level virus attacks on software and data files operating on a device, to subverting the firmware underlying the device, where the firmware will compromise operation of the device even after attempts to remove the virus, unwanted programs, or other activity due to the subversion. If the firmware is compromised then even a clean reinstall of all software and/or services on the device may only result in a clean device that is then subsequently compromised again. Although device manufacturers may update a firmware to remove the vulnerability, there remains a problem in getting users to actually perform the update. To facilitate device security, a database or databases of firmware may be maintained where their status of vulnerable (bad) or not (good) is maintained and various options are presented for scanning firmware for vulnerabilities, out of band or manually, and pulling/pushing updates as desired to automatically update a device or prompt a user for updating.
    Type: Application
    Filed: December 22, 2017
    Publication date: December 10, 2020
    Inventors: Jiewen YAO, Vincent J. ZIMMER
  • Patent number: 10831934
    Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: November 10, 2020
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Nicholas J. Adams, Giri P. Mudusuru, Lee G. Rosenbaum, Michael A. Rothman
  • Patent number: 10776283
    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for allocating a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM, generating a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and setting one or more page table attributes for the page table to prevent a malicious code attack on the SMM.
    Type: Grant
    Filed: April 1, 2016
    Date of Patent: September 15, 2020
    Assignee: INTEL CORPORATION
    Inventors: Kirk D. Brannock, Barry E. Huntley, Vincent J. Zimmer
  • Patent number: 10776524
    Abstract: Embodiments are directed to securing system management mode (SMM) in a computer system. A CPU is configurable to execute first code in a normal mode, and second code in a SMM. A SMM control engine is operative to transition the CPU from the normal mode to the SMM in response to a SMM transition call, and to control access by the CPU in the SMM to data from an originator of the SMM transition call. The access is controlled based on an authorization state assigned to the SMM transition call. An authorization engine is operative to perform authentication of the originator of the SMM transition call and to assign the authorization state based on an authentication result. The CPU in the SMM is prevented from accessing the data in response to the authentication result being a failure of authentication.
    Type: Grant
    Filed: January 14, 2016
    Date of Patent: September 15, 2020
    Assignee: Intel Corporation
    Inventors: Jiewen Jacques Yao, Vincent J. Zimmer, Bassam N. Coury
  • Patent number: 10768863
    Abstract: Techniques related to preventing unauthorized access to a computing device are disclosed. The techniques include a machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a device to identify a host hardware configuration, obtain a policy based on the host hardware configuration, monitor two or more memory transactions based on the policy, identify, based on the memory transactions, a memory transaction pattern, wherein the memory transaction pattern is associated with an attempt to obtain unauthorized access to the device, and take one or more actions to interfere with attempts to obtain unauthorized access to the device based on the policy.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: September 8, 2020
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Ned M. Smith, Nadhiya Chandramohan
  • Patent number: 10762216
    Abstract: Methods, systems and storage media are disclosed for enhanced system boot processing that authenticates boot code based on biometric information of the user before loading the boot code to system memory. For at least some embodiments, the bio-metric authentication augments authentication of boot code based on a unique platform identifier. The enhanced boot code authentication occurs before loading of the operating system, and may be performed during a Unified Extensible Firmware Interface (UEFI) boot sequence. Other embodiments are described and claimed.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: September 1, 2020
    Assignee: Intel Corporation
    Inventors: Qian Ouyang, Jian J. Wang, Vincent J. Zimmer, Michael A. Rothman, Chao B. Zhang
  • Patent number: 10747884
    Abstract: Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments. An apparatus may include a first processor component (550); a volatile storage (562) coupled to the first processor component; an enclave component to, in a pre-OS operating environment, generate a secure enclave within a portion of the volatile storage to restrict access to a secured firmware loaded into the secure enclave; a first firmware driver (646) to, in the pre-OS operating environment, provide a first API to enable unsecured firmware to call a support routine of the secured firmware from outside the secure enclave; and a second firmware driver (647) to, in an OS operating environment that replaces the pre-OS operating environment, provide a second API to enable an OS of the OS operating environment to call the support routine from outside the secure enclave.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: August 18, 2020
    Assignee: INTEL CORPORATION
    Inventors: Jiewen Yao, Vincent J. Zimmer, Wei Li, Rajesh Poornachandran, Giri P. Mudusuru
  • Patent number: 10684865
    Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: June 16, 2020
    Assignee: Intel Corporation
    Inventors: Kevin Y. Li, Vincent J. Zimmer, Xiaohu Zhou, Ping Wu, Zijian You, Michael A. Rothman
  • Patent number: 10664573
    Abstract: Apparatuses, methods and storage media associated with managing a computing platform in view of an expiration date are described herein. In embodiments, an apparatus may include a computing platform that includes one or more processors to execute applications; and a trusted execution environment that includes a tamper-proof storage to store an expiration date of the computing platform, and a firmware module to be operated in a secure system management mode to regulate operation of the computing platform in view of at least whether a current date is earlier than the expiration date. Other embodiments may be described or claimed.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: May 26, 2020
    Assignee: Intel Corporation
    Inventors: Jiewen Yao, Vincent J. Zimmer, Rajesh Poornachandran
  • Patent number: 10649918
    Abstract: Techniques are provided for managing memory hot-add to a computing platform. A system implementing the techniques according to an embodiment includes a Field Programmable Gate Array (FPGA) memory controller (FMC) including a Memory Reference Code (MRC) Register Transfer Level (RTL) module to perform training of a memory module in response to receiving a memory hot-add event notification associated with the memory module. The MRC training includes memory timing adjustment based on configuration policies. The system also includes a management controller circuit to communicate with a remote administration server over a secure out-of-band network channel. The communication includes the configuration policies to be applied by the FMC circuit to the memory module.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: May 12, 2020
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Ned M. Smith, Nadhiya Chandramohan
  • Publication number: 20200125497
    Abstract: A disclosed example to protect memory from buffer overflow or underflow includes defining an implicit bound pointer based on an implicit bound pointer definition in a configuration file for a memory region; instrumenting object code with an implicit buffer bound check based on the implicit bound pointer; and generating hardened executable object code based on the object code, the implicit buffer bound check, and the implicit bound pointer, the implicit bound pointer located in the hardened executable object code during a compilation phase to facilitate loading the implicit bound pointer in a global bounds table during runtime for access by the implicit buffer bound check.
    Type: Application
    Filed: March 30, 2017
    Publication date: April 23, 2020
    Inventors: Junjing Shi, Qin Long, Liming Gao, Michael A. Rothman, Vincent J. Zimmer
  • Patent number: 10601955
    Abstract: An automated method for distributed and redundant firmware evaluation involves using a first interface that is provided by system firmware of a client device to obtain, at an evaluation server, a first firmware resource table (FRT) from the client device. The evaluation server also uses a second interface that is provided by a component of the client device other than the system firmware to obtain a second FRT from the client device. The evaluation server automatically uses the first and second FRTs to identify a trustworthy FRT among the first and second FRTs. The evaluation server automatically uses the trustworthy FRT to determine whether the client device should be updated. For instance, the evaluation server may automatically use the trustworthy FRT to determine whether firmware in the client device should be updated. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 9, 2017
    Date of Patent: March 24, 2020
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Rajesh Poornachandran, Ned M. Smith, Mingqiu Sun, Gopinatth Selvaraje
  • Patent number: 10592254
    Abstract: Technologies for fast low-power startup include a computing device with a processor having a power management integrated circuit. The computing device initializes platform components into a low-power state and determines, in a pre-boot firmware environment, the battery state of the computing device. The computing device determines a minimum-power startup (MPS) configuration that identifies platform components to be energized and determines whether the battery state is sufficient for the MPS configuration. If sufficient, the computing device energizes the platform components of the MPS configuration and boots into an MPS boot mode. In the MPS boot mode, the computing device may execute one or more user-configured application(s). If the battery state is sufficient for normal operation, the computing device may boot into a normal mode. In the normal mode, the user may configure the MPS configuration by selecting features for the future MPS boot mode. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Karunakara Kotary, Venkatesh Ramamurthy, Pralhad M. Madhavi
  • Patent number: 10592670
    Abstract: Technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Mingqiu Sun, Gopinatth Selvaraje