Patents by Inventor Willard Wiseman
Willard Wiseman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11068276Abstract: The present disclosure is directed to controlled customization of silicon initialization. A device may comprise, for example, a boot module including a memory on which boot code is stored, the boot code including at least an initial boot block (IBB) module that is not customizable and a global platform database (GPD) module including customizable data. The IBB module may include a pointer indicating GPD module location. The customizable data may comprise configurable parameters and simple configuration language (SCL) to cause the device to execute at least one logical operation during execution of the boot code. The GPD module may further comprise a pointer indicating SCL location. The boot code may be executed upon activation of the device, which may cause the IBB module to load an interpreter for executing the SCL. The interpreter may also verify access request operations in the SCL are valid before executing the access request operations.Type: GrantFiled: June 4, 2019Date of Patent: July 20, 2021Assignee: Intel CorporationInventors: Jiewen Yao, Vincent Zimmer, Nicholas Adams, Willard Wiseman, Giri Mudusuru, Nuo Zhang
-
Publication number: 20190286450Abstract: The present disclosure is directed to controlled customization of silicon initialization. A device may comprise, for example, a boot module including a memory on which boot code is stored, the boot code including at least an initial boot block (IBB) module that is not customizable and a global platform database (GPD) module including customizable data. The IBB module may include a pointer indicating GPD module location. The customizable data may comprise configurable parameters and simple configuration language (SCL) to cause the device to execute at least one logical operation during execution of the boot code. The GPD module may further comprise a pointer indicating SCL location. The boot code may be executed upon activation of the device, which may cause the IBB module to load an interpreter for executing the SCL. The interpreter may also verify access request operations in the SCL are valid before executing the access request operations.Type: ApplicationFiled: June 4, 2019Publication date: September 19, 2019Applicant: Intel CorporationInventors: JIEWEN YAO, VINCENT ZIMMER, NICHOLAS ADAMS, WILLARD WISEMAN, GIRI MUDUSURU, NUO ZHANG
-
Patent number: 10310865Abstract: The present disclosure is directed to controlled customization of silicon initialization. A device may comprise, for example, a boot module including a memory on which boot code is stored, the boot code including at least an initial boot block (IBB) module that is not customizable and a global platform database (GPD) module including customizable data. The IBB module may include a pointer indicating GPD module location. The customizable data may comprise configurable parameters and simple configuration language (SCL) to cause the device to execute at least one logical operation during execution of the boot code. The GPD module may further comprise a pointer indicating SCL location. The boot code may be executed upon activation of the device, which may cause the IBB module to load an interpreter for executing the SCL. The interpreter may also verify access request operations in the SCL are valid before executing the access request operations.Type: GrantFiled: December 27, 2013Date of Patent: June 4, 2019Assignee: Intel CorporationInventors: Jiewen Yao, Vincent Zimmer, Nicholas Adams, Willard Wiseman, Giri Mudusuru, Nuo Zhang
-
Patent number: 10019556Abstract: Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.Type: GrantFiled: December 23, 2015Date of Patent: July 10, 2018Assignee: McAfee, LLCInventors: Ned Smith, Sven Schrecker, Willard Wiseman, David Clark, Jennifer Gilburg De Magnin, Howard Herbert
-
Publication number: 20170185814Abstract: Technologies for verification include storage with private keys, wherein each private key is associated with a group affiliation. The storage also includes characteristic information about an apparatus. The technologies also include a wireless interface configured to receive a request from a reader for verification of membership of the apparatus within a group affiliation. The technologies further include a controller with programmable logic for configuring the controller to determine whether to verify membership of the apparatus within a given group affiliation. The controller is also configured to verify membership of the apparatus within the given group affiliation by signing data with a private key associated with the given group affiliation. The signed data is sent to the reader. Membership within the given group affiliation conveys a subset of the characteristic information.Type: ApplicationFiled: December 23, 2015Publication date: June 29, 2017Inventors: Ned Smith, Sven Schrecker, Willard Wiseman, David Clark, Jennifer Gilburg De Magnin, Howard Herbert
-
Publication number: 20170003976Abstract: The present disclosure is directed to controlled customization of silicon initialization. A device may comprise, for example, a boot module including a memory on which boot code is stored, the boot code including at least an initial boot block (IBB) module that is not customizable and a global platform database (GPD) module including customizable data. The IBB module may include a pointer indicating GPD module location. The customizable data may comprise configurable parameters and simple configuration language (SCL) to cause the device to execute at least one logical operation during execution of the boot code. The GPD module may further comprise a pointer indicating SCL location. The boot code may be executed upon activation of the device, which may cause the IBB module to load an interpreter for executing the SCL. The interpreter may also verify access request operations in the SCL are valid before executing the access request operations.Type: ApplicationFiled: December 27, 2013Publication date: January 5, 2017Applicant: INTEL CORPORATIONInventors: JIEWEN YAO, VINCENT ZIMMER, NICHOLAS ADAMS, WILLARD WISEMAN, GIRI MUDUSURU, NUO ZHANG
-
Patent number: 8874916Abstract: Systems and methods may provide introducing a first root of trust on a platform to a second root of trust on the same platform. In one example, the method may include using an authenticated code module to transfer a first encryption key from a first root of trust on a platform to a second root of trust on the platform, receiving a challenge response from the first root of trust at the second root of trust, and using the first encryption key to verify the challenge response.Type: GrantFiled: September 28, 2012Date of Patent: October 28, 2014Assignee: Intel CorporationInventors: Ned Smith, Sharon Smith, Willard Wiseman
-
Publication number: 20140095876Abstract: Systems and methods may provide introducing a first root of trust on a platform to a second root of trust on the same platform.Type: ApplicationFiled: September 28, 2012Publication date: April 3, 2014Inventors: Ned Smith, Sharon Smith, Willard Wiseman
-
Patent number: 8032942Abstract: Systems, methods and machine readable media for configuring virtual platform modules are disclosed. One method includes launching a virtual machine monitor, and determining, with the virtual machine monitor, whether a configuration policy that defines a configuration for a virtual trusted platform module is trusted. The method further includes configuring the virtual trusted platform module per the configuration policy in response to the virtual machine monitor determining that the configuration policy is trusted. The method also includes launching, via the virtual machine monitor, a virtual machine associated with the virtual trusted platform module.Type: GrantFiled: December 31, 2007Date of Patent: October 4, 2011Assignee: Intel CorporationInventors: Ned Smith, Willard Wiseman, Alok Kumar, Tasneem Brutch, Vincent Scarlata, Faraz Siddiqi
-
Publication number: 20080109636Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.Type: ApplicationFiled: December 27, 2007Publication date: May 8, 2008Inventors: John Wilson, Ioannis Schoinas, Mazin Yousif, Linda Rankin, David Grawrock, Robert Greiner, James Sutton, Kushagra Vaid, Willard Wiseman
-
Publication number: 20080109655Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.Type: ApplicationFiled: December 27, 2007Publication date: May 8, 2008Inventors: John Wilson, Ioannis Schoinas, Mazin Yousif, Linda Rankin, David Grawrock, Robert Greiner, James Sutton, Kushagra Vaid, Willard Wiseman
-
Publication number: 20080109638Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.Type: ApplicationFiled: December 27, 2007Publication date: May 8, 2008Inventors: John Wilson, Ioannis Schoinas, Mazin Yousif, Linda Rankin, David Grawrock, Robert Greiner, James Sutton, Kushagra Vaid, Willard Wiseman
-
Publication number: 20070003064Abstract: A method and apparatus for group session key and establishment using a certified migration key are described. In one embodiment, the method includes exporting of a protected certified migration key (CMK) to a target platform. In one embodiment, exporting of the protected CMK requires that the target platform is authorized for participation in a group and has a storage key, including attributes that comply with the group security policy. Once the protected CMK is exported, in one embodiment, a group master key is encrypted with a public portion of the CMK to form a protected group master key. Subsequently, the protected group master key is transmitted to the target platform. In one embodiment, possession of the group master key enables the target platform to participate in a secure group communication session. Other embodiments are described and claimed.Type: ApplicationFiled: June 30, 2005Publication date: January 4, 2007Inventors: Willard Wiseman, Brett McKown
-
Publication number: 20060256107Abstract: A virtual manufacturer authority is launched in a protected portion of a processing system. A key for the virtual manufacturer authority is created. The key is protected by a security coprocessor of the processing system, such as a trusted platform module (TPM). Also, the key is bound to a current state of the virtual manufacturer authority. A virtual security coprocessor is created in the processing system. A delegation request is transmitted from the processing system to an external processing system, such as a certificate authority (CA). After transmission of the delegation request, the key is used to attest to trustworthiness of the virtual security coprocessor. Other embodiments are described and claimed.Type: ApplicationFiled: June 29, 2005Publication date: November 16, 2006Inventors: Vincent Scarlata, Willard Wiseman
-
Publication number: 20060074600Abstract: According to one embodiment of the invention, a method comprises conducting a first integrity measurement to produce a first integrity measurement event. Thereafter, an integrity time stamp associated with the first integrity measurement event is created. The integrity time stamp is used to identify the actual time when the first integrity measurement event was produced.Type: ApplicationFiled: September 15, 2004Publication date: April 6, 2006Inventors: Manoj Sastry, Willard Wiseman
-
Publication number: 20060020785Abstract: A system and method for secure distribution of a video card public key. The method provides for loading an authentication code module into a processor, authenticating the authentication code module, and executing the authentication code module. Executing the authentication module causes the authentication code module to assert a hardware indicator to access at least one address in a special protected page on a chipset. Receipt of the hardware indicator by the chipset causes a specific reference to be sent via a dedicated port to a circuit card to retrieve a public key from the circuit card.Type: ApplicationFiled: June 30, 2004Publication date: January 26, 2006Inventors: David Grawrock, Willard Wiseman, James Sutton, Clifford Hall, Ned Smith
-
Publication number: 20050273602Abstract: In one embodiment of the present invention, a method includes verifying an initiating logical processor of a system; validating a trusted agent with the initiating logical processor if the initiating logical processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.Type: ApplicationFiled: June 3, 2004Publication date: December 8, 2005Inventors: John Wilson, Ioannis Schoinas, Mazin Yousif, Linda Rankin, David Grawrock, Robert Greiner, James Sutton, Kushagra Vaid, Willard Wiseman
-
Publication number: 20050262571Abstract: A system and method to support platform firmware as a trusted process. Measurement of a trusted portion of original firmware are measured by a core root of trust measurement (CRTM). The measurement is stored in a secure manner during pre-boot. During operating system (OS)-runtime, requests are made to access an unqualified current version of firmware corresponding to a secure execution mode. A portion of the current firmware analogous to the trusted portion is measured. The measurements of the trusted original portion and unqualified current portion are compared to verify they match. If they match, it indicates that the current portion and the trusted portion are one in the same. Thus, the current portion of firmware is trustworthy. Accordingly, the firmware may be executed as a trusted process. Embodiments employ locality to enforce the trusted process. The use of locality prevents unqualified users (i.e., software) from accessing data stored by trusted firmware.Type: ApplicationFiled: February 25, 2004Publication date: November 24, 2005Inventors: Vincent Zimmer, Willard Wiseman, Jing Li
-
Publication number: 20050149722Abstract: According to an embodiment of the invention, a method and apparatus for session key exchange are described. An embodiment of a method comprises requesting a service for a platform; certifying the use of the service for one or more acceptable configurations of the platform; and receiving a session key for a session of the service, the service being limited to the one or more acceptable configurations of the platform.Type: ApplicationFiled: December 30, 2003Publication date: July 7, 2005Inventors: Willard Wiseman, David Grawrock, Ernie Brickell, Matthew Wood, Joseph Cihula