Patent application number | Description | Published |
20090006690 | PROVIDING UNIVERSAL SERIAL BUS DEVICE VIRTUALIZATION WITH A SCHEDULE MERGE FROM MULTIPLE VIRTUAL MACHINES - An apparatus, system, and method are disclosed. In one embodiment, the apparatus includes a virtualization engine on a computer platform. The virtualization engine can intercept multiple data transfer schedules from multiple virtual machines fetched from a memory by a physical Universal Serial Bus (USB) host controller on the computer platform. The virtualization engine also can merge the multiple fetched data transfer schedules into a merged data transfer schedule. The virtualization engine also can send the merged data transfer schedule to the physical USB host controller. | 01-01-2009 |
20090006702 | SHARING UNIVERSAL SERIAL BUS ISOCHRONOUS BANDWIDTH BETWEEN MULTIPLE VIRTUAL MACHINES - A method and computer readable medium are disclosed. In one embodiment, the method includes enumerating multiple Universal Serial Bus (USB) devices on a computer platform running a multiple virtual machines (VMs). The method also includes assigning each of the USB devices to a VM, wherein each USB device may be assigned to a different VM. The method also includes making each USB device visible only to the VM it is assigned to. The method also includes limiting the bandwidth each of the VMs can schedule its assigned devices within a USB data transfer frame. This will allow all of the VMs to have access to the bandwidth of the frame by avoiding the problem of over-subscription when the schedule is merged. | 01-01-2009 |
20090245521 | METHOD AND APPARATUS FOR PROVIDING A SECURE DISPLAY WINDOW INSIDE THE PRIMARY DISPLAY - In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed. | 10-01-2009 |
20090323961 | DATA ENCRYPTION AND/OR DECRYPTION BY INTEGRATED CIRCUIT - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment. | 12-31-2009 |
20130124876 | DATA ENCRYPTION AND/OR DECRYPTION BY INTEGRATED CIRCUIT - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment. | 05-16-2013 |
20140095855 | SECURE SYSTEM FLASH SHARING - Systems and methods may provide for securely transferring data from a flash component. In one example, the method may include receiving a download request from an embedded controller chip, obtaining information from the flash component in response to the download request, and transferring the information to the embedded controller chip. | 04-03-2014 |
Patent application number | Description | Published |
20090171677 | AUDIO SUBSYSTEM SHARING IN A VIRTUALIZED ENVIRONMENT - A device, method, and system are disclosed. In one embodiment the device includes a first virtual machine to directly access a physical audio codec. The device also includes a virtual audio codec that is managed by the first virtual machine. The virtual audio codec can provide a custom interface to the physical audio codec for one or more additional virtual machines apart from the first virtual machine. | 07-02-2009 |
20130007466 | PROTECTING KEYSTROKES RECEIVED FROM A KEYBOARD IN A PLATFORM CONTAINING EMBEDDED CONTROLLERS - Systems and methods of managing keystroke data in embedded keyboard environments may involve transferring a mode request from a management controller to an embedded controller of a keyboard via a dedicated communication channel. Keystroke activity can be detected at the keyboard, and keystroke data may be transferred from the embedded controller to the management controller via the dedicated communication channel in response to the keystroke activity and the mode request. In addition, the management controller may be used to encrypt the keystroke data, wherein the encrypted keystroke data can be transmitted from the management controller to an off-platform service via a network controller. | 01-03-2013 |
20130159727 | SECURE REPLAY PROTECTED STORAGE - Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks. | 06-20-2013 |
20140053262 | Secure Display for Secure Transactions - A platform may use a central processing unit to run an operating system. Independently of the operating system, in the central processing unit, a hardware controller, such as a manageability engine, may be used to control which window is on the top of the Z-order and thereby control which window is displayed to the user. As a result, in some embodiments, the hardware controller can prevent an interloper or malware from interjecting an illegitimate window over a legitimate window that the user actually desired to access. In addition, a hardware indicator may be provided to assure the user when an accessed website is legitimate. | 02-20-2014 |
20140297922 | METHOD AND APPARATUS FOR MANAGING SERIAL PERIPHERAL INTERFACE (SPI) FLASH - A system for communicating with a flash device includes: a controller configured for communicating with the flash device, the controller including logic for classifying a command to the flash device as one of safe and unsafe and communicating each safe command. Methods and a computer program product and a computing system are disclosed. | 10-02-2014 |
20150277930 | IN-SYSTEM PROVISIONING OF FIRMWARE FOR A HARDWARE PLATFORM - A hardware platform includes a nonvolatile storage device that can store system firmware as well as code for the primary operating system for the hardware platform. The hardware platform includes a controller that determines the hardware platform lacks functional firmware to boot the primary operating system from the storage device. The controller accesses a firmware image from an external interface that interfaces a device external to the hardware platform, where the external device is a firmware image source. The controller provisions the firmware from the external device to the storage device and initiates a boot sequence from the provisioned firmware. | 10-01-2015 |
20150278003 | PROTECTING A MEMORY DEVICE FROM BECOMING UNUSABLE - In an embodiment, a computing device may include a memory device that may be rendered unusable after a certain number of operations are performed on the memory device. The computing device may incorporate one or more techniques for protecting the memory device. Processing logic contained in the computing device may be configured to implement the techniques. The techniques may include, for example, acquiring a request to write or erase information stored in a memory device contained in a first computing device, saving the request for execution after a user visible event has been generated on the first computing device, generating the user visible event on the first computing device, and executing the saved request after the user visible event has been generated. In addition, the techniques may include reporting the request. The request may be reported to, for example, an anti-malware agent. | 10-01-2015 |