Patents by Inventor Willard M. Wiseman

Willard M. Wiseman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10693851
    Abstract: One embodiment provides a client device. The client device includes a Trusted Platform Module (TPM). The TPM includes a secure controller to extend a secure hash digest with at least a portion of a data stream or a hash of the at least a portion of the data stream. Another embodiment provides a server system. The server system includes verifier logic. The verifier logic is to verify that an attestation identity key (AIK) public key associated with a received Trusted Platform Module (TPM) quote corresponds to an authenticated client device.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: June 23, 2020
    Assignee: Intel Corporation
    Inventors: Willard M. Wiseman, Philip B. Tricca
  • Patent number: 10218711
    Abstract: In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: February 26, 2019
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Simon P. Johnson, Steve Orrin, Willard M. Wiseman
  • Publication number: 20180343237
    Abstract: One embodiment provides a client device. The client device includes a Trusted Platform Module (TPM). The TPM includes a secure controller to extend a secure hash digest with at least a portion of a data stream or a hash of the at least a portion of the data stream. Another embodiment provides a server system. The server system includes verifier logic. The verifier logic is to verify that an attestation identity key (AIK) public key associated with a received Trusted Platform Module (TPM) quote corresponds to an authenticated client device.
    Type: Application
    Filed: July 16, 2018
    Publication date: November 29, 2018
    Applicant: Intel Corporation
    Inventors: Willard M. Wiseman, Philip B. Tricca
  • Patent number: 10057223
    Abstract: One embodiment provides a client device. The client device includes a Trusted Platform Module (TPM). The TPM includes a secure controller to extend a secure hash digest with at least a portion of a data stream or a hash of the at least a portion of the data stream. Another embodiment provides a server system. The server system includes verifier logic. The verifier logic is to verify that an attestation identity key (AIK) public key associated with a received Trusted Platform Module (TPM) quote corresponds to an authenticated client device.
    Type: Grant
    Filed: September 26, 2015
    Date of Patent: August 21, 2018
    Assignee: Intel Corporation
    Inventors: Willard M. Wiseman, Philip B. Tricca
  • Patent number: 9846787
    Abstract: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.
    Type: Grant
    Filed: February 27, 2015
    Date of Patent: December 19, 2017
    Assignee: Intel Corporation
    Inventors: Simon P. Johnson, Vincent R. Scarlata, Willard M. Wiseman
  • Patent number: 9779249
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Grant
    Filed: October 13, 2016
    Date of Patent: October 3, 2017
    Assignee: Intel Corporation
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Publication number: 20170098085
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Application
    Filed: October 13, 2016
    Publication date: April 6, 2017
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Patent number: 9612930
    Abstract: In an embodiment, a processor includes at least one core, a power management unit having a first test register including a first field to store a test patch identifier associated with a test patch and a second field to store a test mode indicator to request a core functionality test, and a microcode storage to store microcode to be executed by the at least one core. Responsive to the test patch identifier, the microcode may access a firmware interface table and obtain the test patch from a non-volatile storage according to an address obtained from the firmware interface table. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: April 4, 2017
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Eric Rasmussen, Deep K. Buch, Gordon McFadden, Kameswar Subramaniam, Amy L. Santoni, Willard M. Wiseman, Bret L. Toll
  • Publication number: 20170093800
    Abstract: One embodiment provides a client device. The client device includes a Trusted Platform Module (TPM). The TPM includes a secure controller to extend a secure hash digest with at least a portion of a data stream or a hash of the at least a portion of the data stream. Another embodiment provides a server system. The server system includes verifier logic. The verifier logic is to verify that an attestation identity key (AIK) public key associated with a received Trusted Platform Module (TPM) quote corresponds to an authenticated client device.
    Type: Application
    Filed: September 26, 2015
    Publication date: March 30, 2017
    Applicant: INTEL CORPORATION
    Inventors: WILLARD M. WISEMAN, PHILIP B. TRICCA
  • Publication number: 20160364308
    Abstract: In an embodiment, a processor includes at least one core, a power management unit having a first test register including a first field to store a test patch identifier associated with a test patch and a second field to store a test mode indicator to request a core functionality test, and a microcode storage to store microcode to be executed by the at least one core. Responsive to the test patch identifier, the microcode may access a firmware interface table and obtain the test patch from a non-volatile storage according to an address obtained from the firmware interface table. Other embodiments are described and claimed.
    Type: Application
    Filed: June 12, 2015
    Publication date: December 15, 2016
    Inventors: Vedvyas Shanbhogue, Eric Rasmussen, Deep K. Buch, Gordon McFadden, Kameswar Subramaniam, Amy L. Santoni, Willard M. Wiseman, Bret L. Toll
  • Patent number: 9507952
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: November 29, 2016
    Assignee: Intel Corporation
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Patent number: 9461994
    Abstract: In an embodiment, at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 26, 2014
    Date of Patent: October 4, 2016
    Assignee: Intel Corporation
    Inventors: Mark E. Scott-Nash, Annapurna Dasari, Willard M. Wiseman
  • Publication number: 20160255097
    Abstract: In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.
    Type: Application
    Filed: May 12, 2016
    Publication date: September 1, 2016
    Inventors: Ned M. Smith, Simon P. Johnson, Steve Orrin, Willard M. Wiseman
  • Patent number: 9384352
    Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor including secure non-volatile storage that couples to a root index, having a fixed address, and comprises first and second variables referenced by the root index; and semiconductor integrated code (SIC) including embedded processor logic to initialize a processor and embedded memory logic to initialize a memory coupled to the processor; wherein (a) the SIC is to be executed responsive to resetting the processor and prior to providing control to boot code, and (b) the SIC is to perform pre-boot operations in response to accessing at least one of the first and second variables. Other embodiments are described herein.
    Type: Grant
    Filed: October 2, 2013
    Date of Patent: July 5, 2016
    Assignee: Intel Corporation
    Inventors: Jiewen Yao, Vincent J. Zimmer, Nicholas J. Adams, Willard M. Wiseman, Qin Long, Shihui Li
  • Patent number: 9367688
    Abstract: In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 22, 2012
    Date of Patent: June 14, 2016
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Simon P. Johnson, Steve Orrin, Willard M. Wiseman
  • Publication number: 20160149912
    Abstract: In an embodiment, at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed.
    Type: Application
    Filed: November 26, 2014
    Publication date: May 26, 2016
    Inventors: Mark E. Scott-Nash, Annapurna Dasari, Willard M. Wiseman
  • Publication number: 20160085969
    Abstract: Embodiments of apparatuses and methods for using a trusted platform module for boot policy and secure firmware are disclosed. In one embodiment, a trusted platform module includes a non-volatile memory, a port, and a mapping structure. The port is to receive an input/output transaction from a serial bus. The transaction includes a system memory address in the address space of a processor. The mapping structure is to map the system memory address to a first location in non-volatile memory.
    Type: Application
    Filed: December 2, 2015
    Publication date: March 24, 2016
    Applicant: Intel Corporation
    Inventor: Willard M. Wiseman
  • Publication number: 20160063261
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Application
    Filed: November 11, 2015
    Publication date: March 3, 2016
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Patent number: 9245106
    Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 21, 2014
    Date of Patent: January 26, 2016
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Vedvyas Shanbhogue, Geoffrey S. Strongin, Willard M. Wiseman, David W. Grawrock
  • Patent number: 9223982
    Abstract: This disclosure is directed to continuation of trust for platform boot firmware. A device may comprise a processing module and a memory module including read-only memory (ROM) on which is stored platform boot firmware. On activation, the processing module may load the platform boot firmware. The platform boot firmware may cause the processing module to first load a trusted pre-verifier file to load and verify the signature of a hash table loaded from the platform boot firmware. The processing module may then load firmware program files from the platform boot firmware, calculate a hash for each file, and verify whether each program hash is in the hash table. Firmware program files with hashes in the hash table may be allowed to execute. If any firmware program file hash is not in the hash table, the processing module may perform platform specific security actions to prevent the device from being compromised.
    Type: Grant
    Filed: March 1, 2013
    Date of Patent: December 29, 2015
    Assignee: Intel Corporation
    Inventors: Nicholas J. Adams, Willard M. Wiseman