Patents by Inventor Vincent J. Zimmer

Vincent J. Zimmer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10140449
    Abstract: Systems and methods may provide for identifying a runtime behavioral pattern of an application and detecting an anomaly in the runtime behavioral pattern. In addition, a security event may be triggered in response to the anomaly. In one example, the anomaly is detected with regard to one or more of a library call count, a library call type, a library call argument configuration or a library call timing associated with a runtime operation of the application.
    Type: Grant
    Filed: August 24, 2017
    Date of Patent: November 27, 2018
    Assignee: Intel Corporation
    Inventors: Antonio C. Valles, Vincent J. Zimmer
  • Publication number: 20180335816
    Abstract: Apparatuses, methods and storage medium associated with streamlined physical reset are described herein. In embodiments, an apparatus for computing, including streamlined physical reset, may comprise one or more processor cores; memory having a plurality of memory locations; and a basic input/output system (BIOS) to provide basic input/output system services, wherein the BIOS stays within a range of memory locations during each initialization of the BIOS, including an initialization of the BIOS that is part of a physical reset of the apparatus, to streamline the physical reset. Other embodiments may be described and/or claimed.
    Type: Application
    Filed: May 17, 2017
    Publication date: November 22, 2018
    Inventors: Michael A. Rothman, Vincent J. Zimmer, Jiewen Yao
  • Publication number: 20180329729
    Abstract: A microservice infrastructure that securely maintains the currency of computing platform microservices implemented within a process virtual machine is provided. The computing platform microservices maintained by the infrastructure may include protected methods that provide and control access to components of the underlying computing environment. These components may include, for example, storage devices, peripherals, and network interfaces. By providing a software-defined microservice layer between these hardware components and workflows that specify high-level application logic, the embodiments disclosed herein have enhanced flexibility and scalability when compared to conventional technology.
    Type: Application
    Filed: May 9, 2017
    Publication date: November 15, 2018
    Applicant: INTEL CORPORATION
    Inventors: Mingqiu Sun, Noah Zentzis, Vincent J. Zimmer, Peggy J. Irelan, Timothy E. Abels, Gopinatth Selvaraje, Rajesh Poornachandran
  • Publication number: 20180322313
    Abstract: Embodiments are directed to securing system management mode (SMM) in a computer system. A CPU is configurable to execute first code in a normal mode, and second code in a SSM. A SMM control engine is operative to transition the CPU from the normal mode to the SMM in response to a SMM transition call, and to control access by the CPU in the SMM to data from an originator of the SMM transition call. The access is controlled based on an authorization state assigned to the SMM transition call. An authorization engine is operative to perform authentication of the originator of the SMM transition call and to assign the authorization state based on an authentication result. The CPU in the SMM is prevented from accessing the data in response to the authentication result being a failure of authentication.
    Type: Application
    Filed: January 14, 2016
    Publication date: November 8, 2018
    Inventors: Jiewen Jacques Yao, Vincent J. Zimmer, Bassam N. Coury
  • Patent number: 10114949
    Abstract: Various embodiments are generally directed to techniques for monitoring the integrity of an operating system (OS) security routine that checks the integrity of an OS and/or one or more application routines. An apparatus may include a first processor component to execute an operating system (OS) in a first operating environment within a processing device and to execute an OS security routine to recurringly verify an integrity of the OS; a challenge component within a second operating environment within the processing device that is isolated from the first operating environment to recurringly challenge the OS security routine to provide a measure of itself; and a response component within the second operating environment to analyze each measure provided by the OS security routine and an elapsed time to receive each measure from the OS security routine to verify an integrity of the OS security routine.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: October 30, 2018
    Assignee: McAfee, LLC
    Inventors: Mingqiu Sun, Rajesh Poornachandran, Ned M. Smith, Vincent J. Zimmer, Sven Schrecker, Gopinatth Selvaraje
  • Patent number: 10114952
    Abstract: In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: October 30, 2018
    Assignee: MCAFEE, LLC
    Inventors: Atul A. Khare, Karunakara Kotary, Rajesh Poornachandran, Vincent J. Zimmer, Sudeep Das
  • Publication number: 20180293080
    Abstract: A method for booting a data processing system (DPS) involves, during a boot process of the DPS, using a preliminary bootcode module from a low-speed nonvolatile memory (NVM) in the DPS to load a main bootcode module from a high-speed NVM in the DPS into a volatile random access memory (RAM) in the DPS, wherein the high-speed NVM supports a read speed that is faster than a maximum read speed of the low-speed NVM. The method also involves, during the boot process, after loading the main bootcode module from the high-speed NVM into the RAM, using the main bootcode module to boot the DPS to an operating system (OS). The method may also involve using the preliminary bootcode module to automatically determine whether the main bootcode module from the high-speed NVM has good integrity. Other embodiments are described and claimed.
    Type: Application
    Filed: April 11, 2017
    Publication date: October 11, 2018
    Applicant: Intel Corporation
    Inventors: Michael A. Rothman, Vincent J. Zimmer, Giri P. Mudusuru, Jiewen Yao, Jie Lin
  • Publication number: 20180288097
    Abstract: Techniques related to preventing unauthorized access to a computing device are disclosed. The techniques include a machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a device to identify a host hardware configuration, obtain a policy based on the host hardware configuration, monitor two or more memory transactions based on the policy, identify, based on the memory transactions, a memory transaction pattern, wherein the memory transaction pattern is associated with an attempt to obtain unauthorized access to the device, and take one or more actions to interfere with attempts to obtain unauthorized access to the device based on the policy.
    Type: Application
    Filed: March 31, 2017
    Publication date: October 4, 2018
    Inventors: RAJESH POORNACHANDRAN, VINCENT J. ZIMMER, NED M. SMITH, NADHIYA CHANDRAMOHAN
  • Publication number: 20180262479
    Abstract: Technologies for verifying authorized operation includes an administration server to query a dual-headed identification device of a server for identification data indicative of an identity of the server. The dual-headed identification device includes a wired communication circuit, a wireless communication circuit, and a memory having the identification data stored therein. The administration server further obtains the identification data from the dual-headed identification device of the server, determines a context of the server, and determines whether boot of the server is authorized based on the context of the server, the identification data of the server, and a security policy of the server.
    Type: Application
    Filed: May 10, 2018
    Publication date: September 13, 2018
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Shahrok Shahidzadeh, Mohan J. Kumar, Sergiu D. Ghetie
  • Publication number: 20180253238
    Abstract: Systems, apparatuses and methods may include technology that detects a migration request and conducts a first transfer, via a trusted execution environment (TEE), of storage context information from a first removable storage device to a secure memory region of a system in response to the data migration request. Additionally, the technology may conduct a second transfer, via the TEE, of the storage context information from the secure memory region to a second removable storage device, wherein the storage context information includes factory data, security data and boot firmware.
    Type: Application
    Filed: March 2, 2017
    Publication date: September 6, 2018
    Applicant: Intel Corporation
    Inventors: Karunakara Kotary, Krishna Kumar Ganesan, Vincent J. Zimmer
  • Patent number: 10069826
    Abstract: The present disclosure is directed to secure sensor data transport and processing. End-to-end security may prevent attackers from altering data during the sensor-based security procedure. For example, following sensor data capture execution in a device may be temporarily suspended. During the suspension of execution, sensor interface circuitry in the device may copy the sensor data from a memory location associated with the sensor to a trusted execution environment (TEE) within the device. The TEE may provide a secure location in which the sensor data may be processed and a determination may be made as to whether to grant access to the secure resources. The TEE may comprise, for example, match circuitry to compare the sensor data to previously captured sensor data for users that are allowed to access the secured resources and output circuitry to grant access to the secured resources or to perform activities associated with a security exception.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: September 4, 2018
    Assignee: Intel Corporation
    Inventors: Hormuzd M. Khosravi, Bassam N. Coury, Vincent J. Zimmer
  • Patent number: 10067805
    Abstract: Technologies for transferring offloading or on-loading data or tasks between a processor and a coprocessor include a computing device having a processor and a sensor hub that includes a coprocessor. The coprocessor receives sensor data associated with one or more sensors and detects events associated with the sensor data. The coprocessor determines frequency, resource usage cost, and power state transition cost for the events. In response to an offloaded task request from the processor, the coprocessor determines an aggregate load value based on the frequency, resource usage cost, and power state transition cost, and determines whether to accept the offloaded task request based on the aggregate load value. The aggregate load value may be determined as an exponential moving average. The coprocessor may determine whether to accept the offloaded task request based on a principal component analysis of the events. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: September 4, 2018
    Assignee: Intel Corporation
    Inventors: Mingqiu Sun, Rajesh Poornachandran, Vincent J. Zimmer, Gopinatth Selvaraje, Uttam K. Sengupta
  • Patent number: 10061424
    Abstract: Technologies for dynamic display include a mobile compute device that comprises a display transformable between at least two different physical topologies. The mobile compute device determines a current physical topology of the display and retrieves a policy based on the determined current physical topology. The policy identifies a corresponding action to occur in response to each of one or more user inputs to the mobile compute device while the display has the current physical topology. The mobile compute device processes a user input based on the retrieved policy.
    Type: Grant
    Filed: December 26, 2015
    Date of Patent: August 28, 2018
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Nicholas J. Adams, Nithyananda S. Jeganathan, Gunner D. Danneels
  • Publication number: 20180227391
    Abstract: An automated method for distributed and redundant firmware evaluation involves using a first interface that is provided by system firmware of a client device to obtain, at an evaluation server, a first firmware resource table (FRT) from the client device. The evaluation server also uses a second interface that is provided by a component of the client device other than the system firmware to obtain a second FRT from the client device. The evaluation server automatically uses the first and second FRTs to identify a trustworthy FRT among the first and second FRTs. The evaluation server automatically uses the trustworthy FRT to determine whether the client device should be updated. For instance, the evaluation server may automatically use the trustworthy FRT to determine whether firmware in the client device should be updated. Other embodiments are described and claimed.
    Type: Application
    Filed: February 9, 2017
    Publication date: August 9, 2018
    Applicant: Intel Corporation
    Inventors: Vincent J. Zimmer, Rajesh Poornachandran, Ned M. Smith, Mingqiu Sun, Gopinatth Selvaraje
  • Patent number: 10031993
    Abstract: A computing device, computer-readable medium, and method are provided to dynamically configure an FPGA of a computing device at runtime without rebooting the computing device. At least one upgradable capability of the FPGA is displayed to a user. The user selects an upgradable capability of the FPGA and accepts a license to enable the selected upgradable capability. An update to a reconfigurable FPGA image associated with the FPGA is obtained in response to issuance of the license. The update to the reconfigurable FPGA image is installed on the FPGA to enable the selected upgradable capability of the FPGA. An operating system of the computing device is notified of the update to the reconfigurable FPGA image at runtime, and the operating system exposes the selected upgradable capability of the FPGA to at least one component of a software stack managed by the operating system.
    Type: Grant
    Filed: June 12, 2017
    Date of Patent: July 24, 2018
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Ned M. Smith, Vincent J. Zimmer, Niveditha Sundaram
  • Publication number: 20180198622
    Abstract: Methods and apparatus to provide isolated execution environments are disclosed. An example apparatus includes a machine status register to determine whether excess micro operations are available during an instruction cycle to execute a pico-application in response to a request for computing provided by a host application. The pico-application is a fragment of microcode. The microcode comprises a plurality of micro operations. The machine status register is also to determine whether space is available in a memory to load the pico-application. The example apparatus also includes a loader to load a virtual machine and the pico-application into the memory in response to the excess micro operations and the space in the memory being available. The virtual machine validates the pico-application and loads the pico-application into the memory. The example apparatus also includes a processor to execute the pico-application via the excess micro operations.
    Type: Application
    Filed: March 9, 2018
    Publication date: July 12, 2018
    Inventors: Vincent J. Zimmer, Rajesh Poornachandran, Mingqiu Sun, Gopinatth Selvaraje
  • Publication number: 20180191780
    Abstract: Technologies for privacy-safe security policy evaluation include a cloud analytics server, a trusted data access mediator (TDAM) device, and one or more client devices. The cloud analytics server curries a security policy function to generate a privacy-safe curried function set. The cloud analytics server requests parameter data from the TDAM device, which collects the parameter data, identifies sensitive parameter data, encrypts the sensitive parameter data, and transmits the encrypted sensitive parameter data to the cloud analytics server. The cloud analytics server evaluates one or more curried functions using non-sensitive parameters to generate one or more sensitive functions that each take a sensitive parameter. The cloud analytics server transmits the sensitive functions and the encrypted sensitive parameters to a client computing device, which decrypts the encrypted sensitive parameters and evaluates the sensitive functions with the sensitive parameters to return a security policy.
    Type: Application
    Filed: December 29, 2016
    Publication date: July 5, 2018
    Inventors: Sudeep Das, Rajesh Poornachandran, Ned M. Smith, Vincent J. Zimmer, Pramod Sharma, Arthur Zeigler, Sumant Vashisth, Simon Hunt
  • Publication number: 20180181762
    Abstract: Techniques and computing devices for persistent firmware transfer monitoring and, more specifically, but not exclusively, to a resource filter within a firmware resource monitor configured to persistently store resource information after a boot operation. In one embodiment, for example, an apparatus for persistent firmware transfer monitoring in a computer system comprises at least one memory, at least one processor, and a resource filter comprising logic, at least a portion of the logic comprised in hardware and executed by the processor. The logic to may be configured to receive a list of required resources during a boot operation and receive a list of excluded resources. The resource filter may be further configured to persistently store the list of required resources and the list of excluded resources after the boot operation has completed.
    Type: Application
    Filed: December 28, 2016
    Publication date: June 28, 2018
    Applicant: INTEL CORPORATION
    Inventors: RAJESH POORNACHANDRAN, NED M. SMITH, VINCENT J. ZIMMER, ATUL A. KHARE, KARUNAKARA KOTARY
  • Publication number: 20180181411
    Abstract: A disclosed example method to suspend and resume a device includes: after detecting a low-power suspend mode request, determining a storage performance of the device to store suspend state data; based on the storage performance of the device, setting a suspend flag to indicate a low-power suspend mode to a processor platform; when resuming from the low-power suspend mode, confirming a setting of a resume flag from the processor platform, the resume flag to notify an operating system to resume from the low-power suspend mode; and when the resume flag is set, restoring state data corresponding to an operating system context from a non-volatile dual-purpose system and storage memory.
    Type: Application
    Filed: December 22, 2016
    Publication date: June 28, 2018
    Inventors: Michael A. Rothman, Vincent J. Zimmer, Glenn J. Hinton, Barnes Cooper, Leena K. Puthiyedath
  • Patent number: 10002002
    Abstract: Various embodiments are directed to creating multiple device blocks associated with hardware devices, arranging the device blocks in an order indicative of positions of the hardware devices in a hierarchy of buses and bridges, and enabling access to the multiple device blocks from an operating system. An apparatus comprises a processor circuit and storage storing instructions operative on the processor circuit to create a device table comprising multiple device blocks, each device block corresponding to one of multiple hardware devices accessible to the processor circuit, the device blocks arranged in an order indicative of relative positions of the hardware devices in a hierarchy of buses and at least one bridge device; enable access to the device table by an operating system; and execute a second sequence of instructions of the operating system operative on the processor circuit to access the device table. Other embodiments are described and claimed herein.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: June 19, 2018
    Assignee: INTEL CORPORATION
    Inventors: David C. Estrada, Vincent J. Zimmer, Palsamy Sakthikumar