-
公开(公告)号:US20140089651A1
公开(公告)日:2014-03-27
申请号:US13626772
申请日:2012-09-25
申请人: Jiewen Yao , Vincent J. Zimmer
发明人: Jiewen Yao , Vincent J. Zimmer
IPC分类号: G06F21/57
CPC分类号: G06F21/572 , G06F9/24 , G06F9/4401 , G06F9/4416 , G06F21/44 , G06F21/51 , G06F21/575 , G06F21/60 , G06F21/64 , G06F21/79 , H04L9/30 , H04L9/3247 , H04L63/0442 , H04L63/0853
摘要: Various embodiments are generally directed to authenticating a chain of components of boot software of a computing device. An apparatus comprises a processor circuit and storage storing an initial boot software component comprising instructions operative on the processor circuit to select a first set of boot software components of multiple sets of boot software components, each set of boot software components defines a pathway that branches from the initial boot software component and that rejoins at a latter boot software component; authenticate a first boot software component of the first set of boot software components; and execute a sequence of instructions of the first boot software component to authenticate a second boot software component of the first set of boot software components to form a chain of authentication through a first pathway defined by the first set of boot software components. Other embodiments are described and claimed herein.
摘要翻译: 各种实施例通常涉及认证计算设备的引导软件的组件链。 一种装置包括处理器电路和存储存储包括在处理器电路上操作的指令的初始引导软件组件的存储器,以选择多组引导软件组件的第一组引导软件组件,每组引导软件组件定义从 初始引导软件组件,并在后一个引导软件组件中重新加入; 验证第一组引导软件组件的第一引导软件组件; 以及执行所述第一引导软件组件的指令序列以验证所述第一组引导软件组件的第二引导软件组件,以通过由所述第一组引导软件组件定义的第一路径形成认证链。 在此描述和要求保护的其它实施例。
-
公开(公告)号:US08327415B2
公开(公告)日:2012-12-04
申请号:US12156223
申请日:2008-05-30
申请人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
发明人: Jiewen Yao , Liang Cui , Qin Long , Vincent J. Zimmer
IPC分类号: G06F21/00
CPC分类号: G06F12/145
摘要: In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed.
摘要翻译: 在一个实施例中,本发明包括一种用于设置可扩展策略机制的方法,以保护包括页表的根数据结构,解释字节代码解释器中的预引导驱动程序的字节码,以及控制对基于存储器位置的访问 关于可扩展的政策机制。 描述和要求保护其他实施例。
-
公开(公告)号:US08230237B2
公开(公告)日:2012-07-24
申请号:US11951396
申请日:2007-12-06
申请人: Jiewen Yao , Hua Shao
发明人: Jiewen Yao , Hua Shao
IPC分类号: G06F1/26
CPC分类号: G06F1/3203 , G06F9/4406
摘要: A pre-boot environment is disclosed that manages power of a computing device prior to an operating system runtime phase. The pre-boot environment may be implemented in a computing device having a storage device to store an operating system, a firmware device to store firmware having a boot loader to load and initiate execution of the operating system, and a processor to execute the firmware and the operating system. The firmware in response to being executed by the processor may result in the computing device monitoring operating conditions of the computing device, and initiating a power management response based upon the operating conditions of the computing device and a power management policy.
摘要翻译: 公开了一种在操作系统运行期之前管理计算设备的功率的预引导环境。 预引导环境可以在具有用于存储操作系统的存储设备的计算设备中实现,固件设备来存储具有引导加载程序的固件来加载和启动操作系统的执行,以及处理器来执行固件和 操作系统。 响应于由处理器执行的固件可以导致计算设备监视计算设备的操作条件,并且基于计算设备的操作条件和功率管理策略来发起功率管理响应。
-
公开(公告)号:US10169047B2
公开(公告)日:2019-01-01
申请号:US14776619
申请日:2014-06-24
发明人: Ulf R. Hanebutte , Jiewen Yao , Vincent J. Zimmer
IPC分类号: G06F1/00 , G06F9/4401 , G06F21/57 , G06F21/62
摘要: Computing devices, computer-readable storage media, and methods associated with providing an operating system (OS)-absent firmware sensor layer to support a boot process are disclosed. A computing device may include a processor and firmware to be operated on the processor. The firmware may include one or more modules and a sensor layer. The sensor layer may be configured to receive, in the OS-absent environment, sensor data produced by a plurality of sensors. The sensor layer may be further configured to selectively provide the sensor data to the one or more modules via an interface of the sensor layer that abstracts the plurality of sensors.
-
公开(公告)号:US20150095633A1
公开(公告)日:2015-04-02
申请号:US14127211
申请日:2013-10-02
申请人: Jiewen Yao , Vincent J. Zimmer , Nicholas J. Adams , Willard M. Wiseman , Qin Long , Shihui Li
发明人: Jiewen Yao , Vincent J. Zimmer , Nicholas J. Adams , Willard M. Wiseman , Qin Long , Shihui Li
CPC分类号: G06F21/575 , G06F9/4403 , G06F21/72
摘要: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor including secure non-volatile storage that couples to a root index, having a fixed address, and comprises first and second variables referenced by the root index; and semiconductor integrated code (SIC) including embedded processor logic to initialize a processor and embedded memory logic to initialize a memory coupled to the processor; wherein (a) the SIC is to be executed responsive to resetting the processor and prior to providing control to boot code, and (b) the SIC is to perform pre-boot operations in response to accessing at least one of the first and second variables. Other embodiments are described herein.
摘要翻译: 实施例包括一种装置,包括:带外密码处理器,包括耦合到具有固定地址的根索引的安全非易失性存储器,并且包括由根索引引用的第一和第二变量; 以及包括用于初始化处理器和嵌入式存储器逻辑的嵌入式处理器逻辑以初始化耦合到所述处理器的存储器的半导体集成代码(SIC); 其中(a)响应于重置所述处理器并且在向引导代码提供控制之前响应于所述SIC执行所述SIC,以及(b)所述SIC响应于访问所述第一和第二变量中的至少一个来执行预引导操作 。 本文描述了其它实施例。
-
公开(公告)号:US20140282815A1
公开(公告)日:2014-09-18
申请号:US13799294
申请日:2013-03-13
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , G06F9/4408 , G06F9/4416 , G06F21/575 , H04L63/0823 , H04L67/02 , H04L67/125
摘要: A system, device, and method for providing policy-based secure cloud booting include a mobile computing device and a web server. The mobile computing device determines a remote boot address specifying the location of a boot resource on the web server. The mobile computing device opens a secure connection to the web server and maps the boot resource to a local firmware protocol. The mobile computing device executes the boot resource as a firmware image using the local firmware protocol. The boot resource may be a compact disc or DVD image mapped through a block I/O protocol. The boot resource may be a remote file system mapped through a file system protocol. The remote boot address may be configured using a manageability engine capable of out-of-band communication. The remote boot address may be determined based on the context of the mobile computing device, including location. Other embodiments are described and claimed.
摘要翻译: 用于提供基于策略的安全云引导的系统,设备和方法包括移动计算设备和web服务器。 移动计算设备确定指定web服务器上的引导资源的位置的远程引导地址。 移动计算设备打开与Web服务器的安全连接,并将引导资源映射到本地固件协议。 移动计算设备使用本地固件协议来执行作为固件映像的引导资源。 引导资源可以是通过块I / O协议映射的光盘或DVD映像。 引导资源可以是通过文件系统协议映射的远程文件系统。 可以使用能够进行带外通信的可管理引擎来配置远程引导地址。 可以基于移动计算设备的上下文(包括位置)来确定远程启动地址。 描述和要求保护其他实施例。
-
7.发明申请METHOD, APPARATUS, SYSTEM, AND MACHINE READABLE STORAGE MEDIUM FOR PROVIDING SOFTWARE SECURITY 有权方法,设备,系统和机器可读存储介质提供软件安全公开(公告)号:US20140250293A1
公开(公告)日:2014-09-04
申请号:US13976504
申请日:2013-02-25
申请人: Qin Long , Ting Ye , Vincent Zimmer , Jiewen Yao
发明人: Qin Long , Ting Ye , Vincent Zimmer , Jiewen Yao
IPC分类号: G06F9/44
CPC分类号: G06F9/4401 , G06F9/445 , G06F21/51 , G06F21/575
摘要: Technologies are provided in example embodiments for determining that a module is to be loaded, the module being associated with module code, determining that the module is a frozen module, the frozen module being associated with frozen module code, determining that a module fingerprint of the module fails to correspond with a frozen module fingerprint of the frozen module, and causing loading of the frozen module code instead of the module code.
摘要翻译: 在示例实施例中提供技术,用于确定要加载模块,模块与模块代码相关联,确定模块是冻结模块,冻结模块与冻结的模块代码相关联,确定模块的模块指纹 模块不能对应于冻结模块的冻结模块指纹,并导致加载冻结模块代码而不是模块代码。
-
8.发明授权Method and system for securing application program interfaces in unified extensible firmware interface 有权在统一的可扩展固件接口中保护应用程序接口的方法和系统公开(公告)号:US08635664B2
公开(公告)日:2014-01-21
申请号:US11966140
申请日:2007-12-28
申请人: Jiewen Yao , Vincent J. Zimmer
发明人: Jiewen Yao , Vincent J. Zimmer
IPC分类号: H04L29/06
CPC分类号: G06F21/604
摘要: A method and system for securing an unified extensible firmware interface application program interface includes establishing a software hook for the application program interface during a pre-boot phase of a computing device and granting or denying access to the application program interface based on a comparison of a user token, which identifies the user, and an access control entry of an access control list associated with the application program interface.
摘要翻译: 一种用于保护统一的可扩展固件接口应用程序接口的方法和系统包括:在计算设备的预引导阶段期间建立用于应用程序接口的软件钩子,并且基于对应于所述应用程序接口的比较来授予或拒绝对所述应用程序接口的访问 识别用户的用户令牌以及与应用程序接口相关联的访问控制列表的访问控制条目。
-
公开(公告)号:US20120159028A1
公开(公告)日:2012-06-21
申请号:US13408284
申请日:2012-02-29
申请人: Vincent J. Zimmer , Jiewen Yao
发明人: Vincent J. Zimmer , Jiewen Yao
IPC分类号: G06F13/24
CPC分类号: G06F9/4812
摘要: A method, processor, and system are disclosed. In one embodiment method includes a first processor core among several processor cores entering into a system management mode. At least one of the other additional processor cores apart from the first processor core remain operational and do not enter the system management mode. Then, once in the system management mode, the first processor core responds to an inter-processor interrupt.
摘要翻译: 公开了一种方法,处理器和系统。 在一个实施例中,方法包括进入系统管理模式的几个处理器核心中的第一处理器核心。 除了第一处理器核心之外的其他另外的处理器核心中的至少一个保持可操作并且不进入系统管理模式。 然后,一旦处于系统管理模式,第一个处理器核心就响应一个处理器间的中断。
-
公开(公告)号:US07984286B2
公开(公告)日:2011-07-19
申请号:US12215071
申请日:2008-06-25
申请人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
发明人: Vincent J. Zimmer , Mohan Kumar , Mahesh Natu , Qin Long , Liang Cui , Jiewen Yao
IPC分类号: G06F15/177 , H04L9/32
CPC分类号: G06F21/575
摘要: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a boot block stored at a first memory location, a capsule update stored at a second memory location, a startup authenticated code module to ensure the integrity of the boot block upon a restart of the processor-based system, code which is executable by the processor-based system to cause the processor-based system to validate the boot block with the startup authenticated code module upon the restart of the processor-based system, and, if the boot block is successfully validated, to validate the capsule update for the processor-based system with the startup authenticated code module. Other embodiments are disclosed and claimed.
摘要翻译: 在一些实施例中,基于处理器的系统可以包括至少一个处理器,耦合到至少一个处理器的至少一个存储器,存储在第一存储器位置的引导块,存储在第二存储器位置的封装更新,启动 认证代码模块,以确保在基于处理器的系统重新启动时引导块的完整性,该代码可由基于处理器的系统执行,以使基于处理器的系统使用启动认证代码模块来验证引导块 重新启动基于处理器的系统,并且如果启动块被成功验证,则使用启动认证代码模块验证基于处理器的系统的胶囊更新。 公开和要求保护其他实施例。
-
-
-
-
-
-
-
-
-
搜索结果
39 条记录 (耗时 0.021 秒)
