| Patent application number | Description | Published |
|---|
| 20080244114 | Runtime integrity chain verification - A runtime integrity check may be implemented for a chain or execution path. When the chain or execution path calls other functions, the correctness of an entity called from the execution path is verified. As a result, attacks by malicious software that attempt to circumvent interrupt handlers can be combated. | 10-02-2008 |
| 20090006714 | METHOD FOR OPTIMIZING VIRTUALIZATION TECHNOLOGY AND MEMORY PROTECTIONS USING PROCESSOR-EXTENSIONS FOR PAGE TABLE AND PAGE DIRECTORY STRIPING - In a virtualized processor based system causing a transition to a virtual machine monitor executing on the processor based system in response to a modification of a page table of a guest executing in a virtual machine of the processor based system, and the virtual machine monitor responding to the transition by performing a verification action, and for each bit modified in the page table of the guest, reading a status indicator for the bit to determine if the bit is significant; and causing the transition only if the status indicator for any bit modified in the page table indicates that the bit is significant. | 01-01-2009 |
| 20090038017 | SECURE VAULT SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT - Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed. | 02-05-2009 |
| 20090070467 | Enabling access to remote entities in access controlled networks - In network access control networks, it may be difficult to provide certain remote accesses such as remote boot or remote storage access. An available network connection established through chipset firmware (e.g. active management technology (AMT)) may be utilized to establish a connection and to enable the remote access. Then as soon the completion of the activity is detected, such as remote booting, then the connection may be immediately terminated to prevent access by improper agents. | 03-12-2009 |
| 20090083844 | Synchronizing between host and management co-processor for network access control - In network access controlled networks, it is desirable to prevent access to the network by any non-authenticated entities. Access control may be established through a trusted agent that, in some embodiments, may be implemented with a management co-processor. In some cases, active management technology may establish a connection while a host is inactive. Then, after the host becomes active, the host can attempt to use the management co-processor connection without obtaining the necessary authentications. This may be prevented, in some embodiments, by scanning for an active host and, if such an active host is found, blocking the host from using a layer 2 authentication channel unless the host is properly authenticated and has a proper Internet Protocol address. | 03-26-2009 |
| 20090125885 | Method and system for whitelisting software components - A method and system for whitelisting software components is disclosed. In a first operating environment, runtime information may be collected about a first loaded and executing software component. The collected information may be communicated to a second software component operating in a second operating environment that is isolated from the first operating environment. The collect runtime information may be compared with a validated set of information about the first software component. Other embodiments are described and claimed. | 05-14-2009 |
| 20090172814 | DYNAMIC GENERATION OF INTEGRITY MANIFEST FOR RUN-TIME VERIFICATION OF SOFTWARE PROGRAM - A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered. | 07-02-2009 |
| 20090249481 | BOTNET SPAM DETECTION AND FILTRATION ON THE SOURCE MACHINE - A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value. | 10-01-2009 |
| 20090328164 | Method and system for a platform-based trust verifying service for multi-party verification - A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider. If the integrity manifest comparison indicates that the client platform posture is not good, then the client platform will send a failure notification to the service provider indicating that the client platform has been compromised. | 12-31-2009 |
| 20100162356 | Hierarchical Trust Based Posture Reporting and Policy Enforcement - A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies. | 06-24-2010 |
| 20110125990 | COMPUTING DEVICE AND METHOD FOR WIRELESS REMOTE BOOT IN A NETWORKED ENVIRONMENT - In some embodiments, a secure authenticated remote boot of computing device over a wireless network is performed in a pre-boot execution environment (PXE) using active management technology (AMT) for remote discovery. In these embodiments, a management engine (ME) may maintain full control of a wireless interface and a wireless connection as booting begins. The ME may relinquish control of the wireless interface after a PXE timeout, in response to a shutdown command, or once the device has booted. The ME controls the use of an operating system received from a remote location. | 05-26-2011 |
| 20110151854 | REMOTE MANAGEMENT OVER A WIRELESS WIDE-AREA NETWORK USING SHORT MESSAGE SERVICE - A method and device for remote management over a wireless wide-area network includes receiving a short message over a wireless wide-area network (WWAN) using an out-of-band (OOB) processor of a computing device. The OOB processor is capable of communicating over the WWAN irrespective of an operational state of an in-band processor of the computing device. The computing device executes at least one operation with the OOB processor in response to receiving the short message. | 06-23-2011 |
| 20110161145 | METHOD AND DEVICE FOR SECURELY DISPLAYING DIGITAL CONTENT ON A COMPUTING DEVICE - A method and device for securely displaying digital content, such as an advertisement, on a computing device includes establishing an advertisement enforcement module in a secured environment on the computing device. The computing device receives advertisements from a remote advertisement server, which are validated by the advertisement enforcement module. The advertisement enforcement module ensures that the advertisement is displayed on the computing device in a secure manner and monitors for tampering of the advertisement and advertisement service by the user of the device. | 06-30-2011 |
