| Patent application number | Description | Published |
|---|
| 20080244758 | SYSTEMS AND METHODS FOR SECURE ASSOCIATION OF HARDWARD DEVICES - An apparatus to protect one or more hardware devices from unauthorized software access is described herein and comprises, in one embodiment, a virtual machine manager, a memory protection module and an integrity measurement manager. In a further embodiment, a method of providing secure access to one or more hardware devices may include, modifying a page table, verifying the integrity of a device driver, and providing memory protection to the device driver if the device driver is verified. | 10-02-2008 |
| 20100223457 | GENERATION AND/OR RECEPTION, AT LEAST IN PART, OF PACKET INCLUDING ENCRYPTED PAYLOAD - An embodiment may include circuitry to generate, at least in part, and/or receive, at least in part, a packet. The packet may include at least one field and an encrypted payload. The at least one field may include, at least in part, a first key and/or at least one value. The first key and at least one value, as included in the at least one field, may be encrypted by a second key. The encrypted payload may be capable of being decrypted, at least in part, based, at least in part, upon the first key and/or the at least one value to yield an unencrypted payload. The unencrypted payload may include at least a portion of application layer data that is to be communicated in a secure session. | 09-02-2010 |
| 20110078799 | Computer system and method with anti-malware - In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service. | 03-31-2011 |
| 20110099591 | SECURE WIRELESS PAIRING OF DIGITAL TV SHORT-RANGE TRANSMITTER AND RECEIVER - Embodiments of wireless display of digital content include transmission using a television transmission standard, such as a set of standards defined by the Advanced Television Systems Committee (ATSC) for digital television (TV) transmissions. The digital content is transmitted in a short range wireless network. In some embodiments, an encryption technique is applied to add security allowing decryption by a digital television using a firmware update, allowing retrofitting of security to devices currently deployed. | 04-28-2011 |
| 20110107355 | SYSTEMS AND METHODS FOR SECURE HOST RESOURCE MANAGEMENT - Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules. | 05-05-2011 |
| 20110107423 | PROVIDING AUTHENTICATED ANTI-VIRUS AGENTS A DIRECT ACCESS TO SCAN MEMORY - A computer platform may support anti-virus agents that may be provided access to directly scan the memory. The computer platform may comprise a platform control hub, which may comprise a manageability engine and a virtualizer engine, wherein the manageability engine may allow the anti-virus agents to be downloaded to a platform hardware space that is isolated from an operating system. The manageability engine may authenticate the anti-virus agents and provide an access for the anti-virus agents to directly scan a memory or a storage device coupled to the platform hardware. | 05-05-2011 |
| 20120159137 | SECURE LOCAL BOOT USING THIRD PARTY DATA STORE (3PDS) BASED ISO IMAGE - In some embodiments, the invention involves a method and apparatus for secure/authenticated local boot of a host operating system on a computing platform using active management technology (AMT) with a third party data store (3PDS)-based ISO firmware image. A portion of non-volatile memory is hardware secured against access by the host processor and OS, and accessible only to the AMT. The AMT comprises an AT/ATAPI protocol emulator to access an ISO boot image from secured memory, while appearing to the host processor as a communication with an AT/ATAPI device. Other embodiments are described and claimed. | 06-21-2012 |
| 20120255015 | METHOD AND APPARATUS FOR TRANSPARENTLY INSTRUMENTING AN APPLICATION PROGRAM - Generally, this disclosure describes systems and methods for transparently instrumenting a computer process. The systems and methods are configured to allow instrumenting executable code while permitting legacy memory scanning tools to monitor corresponding uninstrumented executable code stored in memory. | 10-04-2012 |
| 20130067228 | METHOD AND DEVICE FOR SECURELY SHARING IMAGES ACROSS UNTRUSTED CHANNELS - A method and device for securely sharing images across untrusted channels includes downloading an encrypted image from a remote server to a computing device. The encrypted image may be encrypted at the time of uploading by another user. The current user of the computing device is authenticated using a facial recognition procedure. If the current user is authenticated and is determined to be authorized to view the decrypted image, the encrypted image is decrypted and displayed to the user. If the user becomes unauthenticated (e.g., the user leaves the computing device or another user replaces the current user), the encrypted image is displayed in place of the encrypted image such that the decrypted image is displayed only for authorized persons physically present at the computing device. | 03-14-2013 |
| 20130174147 | Low Latency Virtual Machine Page Table Management - Various embodiments of this disclosure may describe method, apparatus and system for reducing system latency caused by switching memory page permission views between programs while still protecting critical regions of the memory from attacks of malwares. Other embodiments may be disclosed and claimed. | 07-04-2013 |
| 20130191577 | INCREASING VIRTUAL-MEMORY EFFICIENCIES - Embodiments of techniques and systems for increasing efficiencies in computing systems using virtual memory are described. In embodiments, instructions which are located in two memory pages in a virtual memory system, such that one of the pages does not permit execution of the instructions located therein, are identified and then executed under temporary permissions that permit execution of the identified instructions. In various embodiments, the temporary permissions may come from modified virtual memory page tables, temporary virtual memory page tables which allow for execution, and/or emulators which have root access. In embodiments, per-core virtual memory page tables may be provided to allow two cores of a computer processor to operate in accordance with different memory access permissions. in embodiments, a physical page permission table may be utilized to provide for maintenance and tracking of per-physical-page memory access permissions. Other embodiments may be described and claimed. | 07-25-2013 |
| 20130279690 | PRESERVING IMAGE PRIVACY WHEN MANIPULATED BY CLOUD SERVICES - An apparatus and method for preserving image privacy when manipulated by cloud services includes middleware for receiving an original image, splitting the original image into two sub-images, where the RGB pixel values of the sub-images have a bit value that is less than RGB pixel values of the original image. The sub-images are encrypted by adding a keystream to the RGB pixel values of the sub-images. The sub-image data is transmitted to a cloud service such as a social network or photo-sharing site, which manipulate the images by resizing, cropping, filtering, or the like. The sub-image data is received by the middleware and is successfully decrypted irrespective of the manipulations performed by the cloud services. In an alternative embodiment, the blocks of the original image are permutated when encrypted, and then reverse-permutated when decrypted. | 10-24-2013 |
| 20130304986 | SYSTEMS AND METHODS FOR SECURE HOST RESOURCE MANAGEMENT - Systems and methods are described herein to provide for secure host resource management on a computing device. Other embodiments include apparatus and system for management of one or more host device drivers from an isolated execution environment. Further embodiments include methods for querying and receiving event data from manageable resources on a host device. Further embodiments include data structures for the reporting of event data from one or more host device drivers to one or more capability modules. | 11-14-2013 |
| 20140032924 | MEDIA ENCRYPTION BASED ON BIOMETRIC DATA - Embodiments of techniques and systems for biometric-data-based media encryption are described. In embodiments, an encryption key may be created for a recipient user based at least in part on biometric data of the recipient user. This encryption key may be maintained on a key maintenance component and used by a sharing user to encrypt a media file for access by the recipient user. One or more access policies associated with recipient user may be encrypted in the encrypted media file as well. In embodiments, the media file may be encrypted for use by multiple recipient users. When a recipient user desires to access the encrypted media file, a decryption key may be generated in real time based on contemporaneously captured biometric data and used to provide access to the encrypted media file. Other embodiments may be described and claimed. | 01-30-2014 |
| 20140040632 | LOW-OVERHEAD CRYPTOGRAPHIC METHOD AND APPARATUS FOR PROVIDING MEMORY CONFIDENTIALITY, INTEGRITY AND REPLAY PROTECTION - A method and system to provide a low-overhead cryptographic scheme that affords memory confidentiality, integrity and replay-protection by removing the critical read-after-write dependency between the various levels of the cryptographic tree. In one embodiment of the invention, the cryptographic processing of a child node can be pipelined with that of the parent nodes. This parallelization provided by the invention results in an efficient utilization of the cryptographic pipeline, enabling significantly lower performance overheads. | 02-06-2014 |
| 20140041033 | HARDWARE ENFORCED MEMORY ACCESS PERMISSIONS - Embodiments of apparatuses and methods for hardware enforced memory access permissions are disclosed. In one embodiment, a processor includes address translation hardware and memory access hardware. The address translation hardware is to support translation of a first address, used by software to access a memory, to a second address, used by the processor to access the memory. The memory access hardware is to detect an access permission violation. | 02-06-2014 |
| 20140095870 | DEVICE, METHOD, AND SYSTEM FOR CONTROLLING ACCESS TO WEB OBJECTS OF A WEBPAGE OR WEB-BROWSER APPLICATION - A method and device for securely displaying web content with secure web objects across untrusted channels includes downloading web content from a web server. The web content includes tags that a web browser uses to authenticate the current user and identify encrypted web objects packaged in the web content. The computing device authenticates the current user using a biometric recognition procedure. If the current user is authenticated and determined to be authorized to view the decrypted web object, the encrypted web object is decrypted and displayed to the user. If the user is unauthenticated, the encrypted web object is displayed in place of the encrypted web object such that the decrypted web object is displayed for only authorized persons physically present at the computing device. The biometric recognition procedure and web object decryption processes are protected through secure media path circuitry and secure memory. | 04-03-2014 |
| 20140096068 | DEVICE AND METHOD FOR SECURE USER INTERFACE GESTURE PROCESSING USING PROCESSOR GRAPHICS - A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment. | 04-03-2014 |
| 20140101461 | PARALLELIZED COUNTER TREE WALK FOR LOW OVERHEAD MEMORY REPLAY PROTECTION - A processor includes a memory encryption engine that provides replay and confidentiality protections to a memory region. The memory encryption engine performs low-overhead parallelized tree walks along a counter tree structure. The memory encryption engine upon receiving an incoming read request for the protected memory region, performs a dependency check operation to identify dependency between the incoming read request and an in-process request and to remove the dependency when the in-process request is a read request that is not currently suspended. | 04-10-2014 |
| 20140130187 | Protecting Systems from Unauthorized Access to System Resources Using Browser Independent Web Page Technology - In some embodiments, a filter may filter web graphics library code executing on the graphics processing unit. As a result the web graphics library code may be prevented from accessing memory or other resources that are not allocated specifically for the web graphics library module. Likewise web graphics library code may not access any shared resources that have been explicitly assigned to the process specific web graphics library module. | 05-08-2014 |
| 20140157410 | Secure Environment for Graphics Processing Units - In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments. | 06-05-2014 |
| 20140208109 | METHOD AND SYSTEM FOR PROTECTING MEMORY INFORMATION IN A PLATFORM - A method and system to provide an effective, scalable and yet low-cost solution for Confidentiality, Integrity and Replay protection for sensitive information stored in a memory and prevent an attacker from observing and/or modifying the state of the system. In one embodiment of the invention, the system has strong hardware protection for its memory contents via XTS-tweak mode of encryption where the tweak is derived based on “Global and Local Counters”. This scheme offers to enable die-area efficient Replay protection for any sized memory by allowing multiple counter levels and facilitates using small counter-sizes to derive the “tweak” used in the XTS encryption without sacrificing cryptographic strength. | 07-24-2014 |
| 20140215602 | RANGE BASED USER IDENTIFICATION AND PROFILE DETERMINATION - An embodiment includes a main compute node that detects the physical presence of a first user and subsequently loads a profile for the first user. The main compute node may detect the first user's presence based on detecting a first compute node corresponding to the first user. For example, the main compute node may be a desktop computer that detects the presence of the first user's Smart phone, which is nearby the first user. The main compute node may unload the first user's profile when the main compute node no longer detects the first user's presence. Upon detecting a second user's presence, the main computer may load a profile for the second user. The profile may include cookies and/or other identifiers for the second user. The profile may facilitate the second user's navigation of a computing environment (e.g. web pages). Other embodiments are addressed herein. | 07-31-2014 |
| 20140223197 | METHOD AND APPARATUS FOR MEMORY ENCRYPTION WITH INTEGRITY CHECK AND PROTECTION AGAINST REPLAY ATTACKS - A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor. | 08-07-2014 |
| 20140267049 | LAYERED AND SPLIT KEYBOARD FOR FULL 3D INTERACTION ON MOBILE DEVICES - Systems and methods may provide for displaying a plurality of keyboards in a three-dimensional (3D) environment via a screen of a mobile device and identifying a selected keyboard in the plurality of keyboards based at least in part on a first user interaction with an area behind the mobile device. Additionally, an appearance of the selected keyboard may be modified. In one example, a selected key in the selected keyboard is identified based at least in part on a second user interaction and the mobile device is notified of the selected key. | 09-18-2014 |
| 20140267332 | Secure Rendering of Display Surfaces - A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks. | 09-18-2014 |
| 20140283056 | Linear Address Mapping Protection - Technologies for securing an electronic device include determining addresses of one or more memory pages, injecting for each memory page a portion of identifier data into the memory page, storing an indication of the identifier data injected into each of the memory pages, determining an attempt to access at least one of the memory pages, determining any of the identifier data present on a memory page associated with the attempt, comparing the indication of the identifier data with the determined identifier data present on the memory page, and, based on the comparison, determining whether to allow the access. | 09-18-2014 |
| 20140337983 | Entry/Exit Architecture for Protected Device Modules - The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment. | 11-13-2014 |
| 20140380009 | PROTECTED MEMORY VIEW FOR NESTED PAGE TABLE ACCESS BY VIRTUAL MACHINE GUESTS - Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure. | 12-25-2014 |
| 20150074419 | SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT - Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed. | 03-12-2015 |
| 20150086012 | SECURE VIDEO OUPUT PATH - Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key. | 03-26-2015 |
