Patents by Inventor Vincent J. Zimmer

Vincent J. Zimmer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10289425
    Abstract: The present application is directed to access isolation for multi-operating system devices. In general, a device may be configured using firmware to accommodate more than one operating system (OS) operating concurrently on the device or to transition from one OS to another. An access isolation module (AIM) in the firmware may determine a device equipment configuration and may partition the equipment for use by multiple operating systems. The AIM may disable OS-based equipment sensing and may allocate at least a portion of the equipment to each OS using customized tables. When transitioning between operating systems, the AIM may help to ensure that information from one OS is not accessible to others. For example, the AIM may detect when a foreground OS is to be replaced by a background OS, and may protect (e.g., lockout or encrypt) the files of the foreground OS prior to the background OS becoming active.
    Type: Grant
    Filed: March 19, 2014
    Date of Patent: May 14, 2019
    Assignee: Intel Corporation
    Inventors: Kevin Y. Li, Vincent J. Zimmer, Xiaohu Zhou, Ping Wu, Zijian You, Michael A. Rothman
  • Publication number: 20190138294
    Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.
    Type: Application
    Filed: December 28, 2018
    Publication date: May 9, 2019
    Inventors: Ned M. Smith, Kshitij Arun Doshi, John J. Browne, Vincent J. Zimmer, Francesc Guim Bernat, Kapil Sood
  • Patent number: 10275598
    Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.
    Type: Grant
    Filed: April 6, 2015
    Date of Patent: April 30, 2019
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Bryant E. Bigbee, Andrew J. Fish, Mark S. Doran
  • Patent number: 10262140
    Abstract: A device with support for blockchain-based boot tracking comprises at least one processor, non-volatile storage responsive to the processor, and at least one boot module in the non-volatile storage. The boot module, when executed by the processor, enables the device to generate a measurement of the boot module, generate an internal ledger transaction based on the measurement of the boot module, and send the internal ledger transaction to a remote device. In addition, the boot module enables the device to (a) receive an external ledger transaction from the remote device, wherein the external ledger transaction is based on a measurement for a boot module of the remote device; (b) in response to receiving the external ledger transaction, verify the external ledger transaction; and (c) in response to verifying the external ledger transaction, add the external ledger transaction to a boot audit blockchain. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: April 16, 2019
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Rajesh Poornachandran, Vincent J. Zimmer
  • Patent number: 10251060
    Abstract: In one example, a system for accessing services comprises a processor to detect a change in a topology of the system and request configuration data or a firmware image stored in secure storage of a wireless credential exchange or EEPROM, wherein the configuration data indicates an authorized stackable topology map for the system. The processor can also determine the change in the topology is allowed based on the authorized stackable topology map and execute an internet or local based service comprising a modification based on the change to the topology of the system, the service with the modification to be executed in response to a transmission of the change to the service.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: April 2, 2019
    Assignee: Intel Corporation
    Inventors: Kelly Steele, Rajesh Poornachandran, Vincent J. Zimmer
  • Publication number: 20190095623
    Abstract: A computing device that implements a secure and transparent firmware update process is provided. The computing device includes a secure memory area and a secure device that separately executes firmware updates in parallel with other processes executed by a CPU. The secure memory area may be allocated by the CPU and/or a memory controller using any of a variety of memory protection techniques. System software executed by the CPU receives update firmware requests from a trusted source, stores a firmware payload included in these requests in the secure memory area, and executes the next scheduled process. Firmware executed by the secure device retrieves the firmware payload from the secure memory area, authenticates the firmware payload, and applies the firmware payload to a firmware storage device. The secure device performs these acts transparently from the point of view of the CPU, these avoiding consumption of resources of the CPU.
    Type: Application
    Filed: September 26, 2017
    Publication date: March 28, 2019
    Applicant: INTEL CORPORATION
    Inventors: Krishnakumar Narasimhan, Sudhakar Otturu, Karunakara Kotary, Vincent J. Zimmer
  • Publication number: 20190095352
    Abstract: Techniques are provided for managing memory hot-add to a computing platform. A system implementing the techniques according to an embodiment includes a Field Programmable Gate Array (FPGA) memory controller (FMC) including a Memory Reference Code (MRC) Register Transfer Level (RTL) module to perform training of a memory module in response to receiving a memory hot-add event notification associated with the memory module. The MRC training includes memory timing adjustment based on configuration policies. The system also includes a management controller circuit to communicate with a remote administration server over a secure out-of-band network channel. The communication includes the configuration policies to be applied by the FMC circuit to the memory module.
    Type: Application
    Filed: September 28, 2017
    Publication date: March 28, 2019
    Applicant: INTEL CORPORATION
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Ned M. Smith, Nadhiya Chandramohan
  • Patent number: 10228954
    Abstract: Technologies for broadcasting management information include a management server and a number of client devices. The management server encodes management data such as a certificate revocation list into a number of message fragments using a fountain code encoding algorithm and broadcasts the message fragments continually over a network. Each client device analyzes the network during a boot process to receive the broadcast message fragments. Each client device decodes the message fragments using a fountain code decoding algorithm and determines whether the message is complete. If the message is complete, the client device parses the message to retrieve the management data and may install the management data on the client device. If the message is incomplete, the client device may store the message fragments in nonvolatile storage for processing during future boot events. The client device may perform those operations in a pre-boot firmware environment. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: March 12, 2019
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Michael A. Rothman
  • Patent number: 10223187
    Abstract: A processor includes an instruction decoder to receive an instruction to perform a machine check operation, the instruction having a first operand and a second operand. The processor further includes a machine check logic coupled to the instruction decoder to determine that the instruction is to determine a type of a machine check bank based on a command value stored in a first storage location indicated by the first operand, to determine a type of a machine check bank identified by a machine check bank identifier (ID) stored in a second storage location indicated by the second operand, and to store the determined type of the machine check bank in the first storage location indicated by the first operand.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: March 5, 2019
    Assignee: INTEL CORPORATION
    Inventors: Ashok Raj, Narayan Ranganathan, Mohan J. Kumar, Vincent J. Zimmer
  • Patent number: 10218508
    Abstract: Methods and apparatus to provide isolated execution environments are disclosed. An example apparatus includes a machine status register to determine whether excess micro operations are available during an instruction cycle to execute a pico-application in response to a request for computing provided by a host application. The pico-application is a fragment of microcode. The microcode comprises a plurality of micro operations. The machine status register is also to determine whether space is available in a memory to load the pico-application. The example apparatus also includes a loader to load a virtual machine and the pico-application into the memory in response to the excess micro operations and the space in the memory being available. The virtual machine validates the pico-application and loads the pico-application into the memory. The example apparatus also includes a processor to execute the pico-application via the excess micro operations.
    Type: Grant
    Filed: March 9, 2018
    Date of Patent: February 26, 2019
    Assignee: INTEL CORPORATION
    Inventors: Vincent J. Zimmer, Rajesh Poornachandran, Mingqiu Sun, Gopinatth Selvaraje
  • Patent number: 10205750
    Abstract: A system, device, and method for providing policy-based secure cloud booting include a mobile computing device and a web server. The mobile computing device determines a remote boot address specifying the location of a boot resource on the web server. The mobile computing device opens a secure connection to the web server and maps the boot resource to a local firmware protocol. The mobile computing device executes the boot resource as a firmware image using the local firmware protocol. The boot resource may be a compact disc or DVD image mapped through a block I/O protocol. The boot resource may be a remote file system mapped through a file system protocol. The remote boot address may be configured using a manageability engine capable of out-of-band communication. The remote boot address may be determined based on the context of the mobile computing device, including location. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: February 12, 2019
    Assignee: Intel Corporation
    Inventors: Brian Cockrell, Jacob J. Gauthier, Jiewen Yao, Vincent J. Zimmer, Elmer A. Amaya
  • Patent number: 10185547
    Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: January 22, 2019
    Assignee: INTEL CORPORATION
    Inventors: Mingqiu Sun, Rajesh Poornachandran, Vincent J. Zimmer, Ned M. Smith, Gopinatth Selvaraje
  • Patent number: 10180800
    Abstract: Systems, apparatuses and methods may include technology that detects a migration request and conducts a first transfer, via a trusted execution environment (TEE), of storage context information from a first removable storage device to a secure memory region of a system in response to the data migration request. Additionally, the technology may conduct a second transfer, via the TEE, of the storage context information from the secure memory region to a second removable storage device, wherein the storage context information includes factory data, security data and boot firmware.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: January 15, 2019
    Assignee: Intel Corporation
    Inventors: Karunakara Kotary, Krishna Kumar Ganesan, Vincent J. Zimmer
  • Publication number: 20190014113
    Abstract: The present disclosure is directed to secure sensor data transport and processing. End-to-end security may prevent attackers from altering data during the sensor-based security procedure. For example, following sensor data capture execution in a device may be temporarily suspended. During the suspension of execution, sensor interface circuitry in the device may copy the sensor data from a memory location associated with the sensor to a trusted execution environment (TEE) within the device. The TEE may provide a secure location in which the sensor data may be processed and a determination may be made as to whether to grant access to the secure resources. The TEE may comprise, for example, match circuitry to compare the sensor data to previously captured sensor data for users that are allowed to access the secured resources and output circuitry to grant access to the secured resources or to perform activities associated with a security exception.
    Type: Application
    Filed: August 29, 2018
    Publication date: January 10, 2019
    Applicant: INTEL CORPORATION
    Inventors: HORMUZD M. KHOSRAVI, BASSAM N. COURY, VINCENT J. ZIMMER
  • Publication number: 20190004825
    Abstract: Technologies for optimization of a memory controller include a computing device having a memory manager, a memory trainer, and a platform firmware. The memory manager reserves a space in memory of the computing device that is inaccessible to an operating system of the computing device. The memory trainer utilizes the reserved space to perform a memory training to determine configuration settings of the memory controller. After the configuration settings of the memory controller have been determined, the platform firmware configures the memory controller with the determined configuration settings.
    Type: Application
    Filed: June 30, 2017
    Publication date: January 3, 2019
    Inventors: Ravi Poovalur Rangarajan, Xiang Ma, Vincent J. Zimmer
  • Patent number: 10169047
    Abstract: Computing devices, computer-readable storage media, and methods associated with providing an operating system (OS)-absent firmware sensor layer to support a boot process are disclosed. A computing device may include a processor and firmware to be operated on the processor. The firmware may include one or more modules and a sensor layer. The sensor layer may be configured to receive, in the OS-absent environment, sensor data produced by a plurality of sensors. The sensor layer may be further configured to selectively provide the sensor data to the one or more modules via an interface of the sensor layer that abstracts the plurality of sensors.
    Type: Grant
    Filed: June 24, 2014
    Date of Patent: January 1, 2019
    Assignee: Intel Corporation
    Inventors: Ulf R. Hanebutte, Jiewen Yao, Vincent J. Zimmer
  • Patent number: 10158671
    Abstract: Apparatuses, methods and storage medium associated with reverse DRM geo-fencing are disclosed. In embodiments, an UAV may comprise sensors to provide sensor data for aerial operation over or near a geographic area, and collect sensor data of a target within the geographic area, and a reverse DRM geo-fence policy enforcement manager to enforce reverse DRM geo-fence policies on operation of the sensors while the UAV operates over/near the geographic area. In other embodiments, a base station may include a reverse DRM geo-fence policy generator to instruct an UAV to enforce reverse DRM geo-fence policies on operation of sensors of the UAV on collecting sensor data of the target within the geographic area while the UAV operates over or near the geographic area. Other embodiments may be disclosed or claimed.
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: December 18, 2018
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Ned M. Smith, Vincent J. Zimmer
  • Publication number: 20180349631
    Abstract: Systems, apparatuses and methods may provide for a memory apparatus that includes a client-side address space dedicated to an accessor of obfuscated multi-tenant data, wherein an executable view generation library is stored to the client-side address space. In one example, the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with the executable view generation library and generate a single-tenant view based on the deobfuscated multi-tenant data.
    Type: Application
    Filed: December 22, 2015
    Publication date: December 6, 2018
    Applicant: Intel Corporation
    Inventors: Ajith K. ILLENDULA, Kshitij A. DOSHI, Vincent J. ZIMMER
  • Patent number: 10146657
    Abstract: Platform controller, computer-readable storage media, and methods associated with initialization of a computing device. In embodiments, a platform controller may comprise a boot controller and one or more non-volatile memory modules, coupled with the boot controller. In embodiments, the one or more non-volatile memory modules may have first instructions and second instructions stored thereon. The first instructions may, when executed by a processor of a computing device hosting the platform controller, cause initialization of the computing device. The second instructions, when executed by the boot controller, may cause the boot controller to monitor at least a portion of the execution of the first instructions by the computing device and may generate a trace of the monitored portion of the execution of the first instructions. In embodiments, the trace may be stored in the one or more non-volatile memory modules. Other embodiments may be described and/or claimed.
    Type: Grant
    Filed: March 26, 2014
    Date of Patent: December 4, 2018
    Assignee: Intel Corporation
    Inventors: Robert C. Swanson, C. Brendan Traw, Vincent J. Zimmer, Mallik Bulusu, John R. Lindsley, Mahesh S. Natu, Dimitrios Ziakas, Robert W. Cone, Madhusudhan Rangarajan, Babak Nikjou, Kirk D. Brannock, Russell J. Wunderlich, Miles F. Schwartz, Stephen S. Pawlowski
  • Publication number: 20180341774
    Abstract: Techniques for providing and maintaining protection of firmware routines that form part of a chain of trust through successive processing environments. An apparatus may include a first processor component (550); a volatile storage (562) coupled to the first processor component; an enclave component to, in a pre-OS operating environment, generate a secure enclave within a portion of the volatile storage to restrict access to a secured firmware loaded into the secure enclave; a first firmware driver (646) to, in the pre-OS operating environment, provide a first API to enable unsecured firmware to call a support routine of the secured firmware from outside the secure enclave; and a second firmware driver (647) to, in an OS operating environment that replaces the pre-OS operating environment, provide a second API to enable an OS of the OS operating environment to call the support routine from outside the secure enclave.
    Type: Application
    Filed: December 24, 2015
    Publication date: November 29, 2018
    Applicant: INTEL CORPORATION
    Inventors: Jiewen YAO, Vincent J. ZIMMER, Wei LI, Rajesh POORNACHANDRAN, Giri P. MUDUSURU