Patent application number | Description | Published |
20080244598 | SYSTEM PARTITIONING TO PRESENT SOFTWARE AS PLATFORM LEVEL FUNCTIONALITY - Embodiments of apparatuses, methods for partitioning systems, and partitionable and partitioned systems are disclosed. In one embodiment, a system includes processors and a partition manager. The partition manager is to allocate a subset of the processors to a first partition and another subset of the processors to a second partition. The first partition is to execute first operating system level software and the second partition is to execute second operating system level software. The first operating system level software is to manage the processors in the first partition as resources individually accessible to the first operating system level software, and the second operating system level software is to manage the processors in the second partition as resources individually accessible to the second operating system level software. The partition manager is also to present the second partition, including the second operating system level software, to the first operating system level software as platform level functionality embedded in the system. | 10-02-2008 |
20090164770 | HYPERVISOR RUNTIME INTEGRITY SUPPORT - A method and system are disclosed. In one embodiment the method includes computing, during runtime, an active hash value of a hypervisor on a computer platform using an authenticated integrity agent. The method also includes comparing the active hash value to a registered hash reference value. The method also includes verifying the integrity of the hypervisor when the active hash value and the registered hash reference value match. | 06-25-2009 |
20090172698 | METHOD AND SYSTEM FOR PROVIDING KEYBOARD, VIDEO, AND MOUSE SWITCHING - A method and system for providing keyboard, video, and mouse switching includes establishing a basic input/output system (BIOS) agent and an operating system (OS) agent on a server of a plurality of servers. The basic input/output system agent routes input/output data between the server and a remote keyboard, remote video device, and/or remote mouse over a network during a pre-boot phase of the server. The operating system agent routes input/output data between the server and the remote keyboard, remote video device, and/or remote mouse over the network during a runtime phase of the server. The basic input/output agent may pass data to the operating system agent to indicate that a communication connection has been established between the server and the remote keyboard, remote video device, and/or remote mouse. | 07-02-2009 |
20100161956 | Method and Apparatus for Protected Code Execution on Clients - In one embodiment of the invention, a server may send encrypted material to a client. The client processor may decrypt and process the material, encrypt the results, and send the results back to the server. This sequence of events may occur while the execution or processing of the material is restricted to the client processor. Any material outside the client processor, such as material located in system memory, will be encrypted. | 06-24-2010 |
20100250797 | PLATFORM BASED VERIFICATION OF CONTENTS OF INPUT-OUTPUT DEVICES - A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions. | 09-30-2010 |
20100306177 | HOST OPERATING SYSTEM INDEPENDENT STORAGE-RELATED REMOTE ACCESS AND OPERATIONS - An embodiment may include circuitry that may be comprised in a host that may execute an operating system and/or in a server. The circuitry may generate, at least in part, and/or receive, at least in part, at least one request to initiate, at least in part, at least one operation at the host. The least one operation may facilitate, at least in part, examination remotely from the host of information stored at the host. The at least one operation may be performed independently from the operating system and also may be performed at least in part by the circuitry. The examination may facilitate, at least in part, remotely from the host, backup, recovery, and/or determination of corruption of mass storage data stored at the host. Of course, many variations, modifications, and alternatives are possible without departing from this embodiment. | 12-02-2010 |
20100306399 | Method and apparatus for operating system streaming - A method and apparatus for traversing a firewall between an Intranet and the Internet without the use of a proxy server is provided. Internet Small Computer Systems Interface (iSCSI) streaming over a firewall is provided by tunneling iSCSI over Hypertext Transport Protocol (Security) (HTTP(S)). | 12-02-2010 |
20110078799 | Computer system and method with anti-malware - In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service. | 03-31-2011 |
20110153725 | SECURE OUT-OF-BAND STORAGE CONTROL - Embodiments of the present disclosure provide methods and computing devices configured to establish secure out-of-band storage control. In various embodiments, a management module in a client device may be used to communicate with a server device independent of an operating system of the client device, to facilitate remote storage services. Other embodiments may be disclosed and claimed. | 06-23-2011 |
20110154316 | Providing Software Distribution and Update Services Regardless of the State or Physical Location of an End Point Machine - In accordance with some embodiments, software may be downloaded to an end point, even when that said end point is not fully functional. An indication that software is available for distribution may be stored in a dedicated location within a non-volatile memory. That location may be checked for software to download, for example, on each boot up. The software may then be downloaded and verified. Thereafter, the location is marked to indicate that the software has already been downloaded. | 06-23-2011 |
20110161551 | VIRTUAL AND HIDDEN SERVICE PARTITION AND DYNAMIC ENHANCED THIRD PARTY DATA STORE - A system reserves and manages a hidden service partition through components of the hardware platform of a computing device. The hidden partition is not accessible by way of a host operating system on the computing device. A hardware platform controller provisions a portion of nonvolatile storage through configuration settings of the hardware platform controller. When the host system requests settings related to storage in the system, the request is routed through the interfaces of the hardware platform, and the hardware platform controller reports in accordance with the configuration settings, hiding the service partition. The hidden partition is dynamically modifiable through secure remote access to the hardware platform controller, not through the host system such as operating system or BIOS. | 06-30-2011 |
20110289146 | METHOD AND APPARATUS ALLOWING SCAN OF DATA STORAGE DEVICE FROM REMOTE SERVER - A method and device allowing a scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an out-of-band (OOB) configured to compute a first hash value for data stored in one or more sectors of a data storage device at a first time; receive, using communication circuitry, a request to transmit a portion of the data stored in the one or more sectors of the data storage device at a second time, the second time being subsequent to the first time; compute a second hash value for the data stored in the one or more sectors of the data storage device at the second time; and transmit, using the communication circuitry, the requested portion of the data, only if the second hash value does not match the first hash value. | 11-24-2011 |
20110289306 | METHOD AND APPARATUS FOR SECURE SCAN OF DATA STORAGE DEVICE FROM REMOTE SERVER - A method and device for providing a secure scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an in-band processor configured to execute an operating system and at least one host driver, communication circuitry configured to communicate with a remote server, and an out-of-band (OOB) processor capable of communicating with the remote server using the communication circuitry irrespective of the state of the operating system. The OOB processor may be configured to receive a block read request from the remote server, instruct the at least one host driver to send a storage command to a data storage device, receive data retrieved from the data storage device and authentication metadata generated by the data storage device, and transmit the data and the authentication metadata to the remote server. | 11-24-2011 |
20130283383 | PLATFORM BASED VERIFICATION OF CONTENTS OF INPUT-OUTPUT DEVICES - A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions. | 10-24-2013 |
20130290978 | System Partitioning To Present Software As Platform Level Functionality - Embodiments of apparatuses, methods for partitioning systems, and partitionable and partitioned systems are disclosed. In one embodiment, a system includes processors and a partition manager. The partition manager is to allocate a subset of the processors to a first partition and another subset of the processors to a second partition. The first partition is to execute first operating system level software and the second partition is to execute second operating system level software. The first operating system level software is to manage the processors in the first partition as resources individually accessible to the first operating system level software, and the second operating system level software is to manage the processors in the second partition as resources individually accessible to the second operating system level software. The partition manager is also to present the second partition, including the second operating system level software, to the first operating system level software as platform level functionality embedded in the system. | 10-31-2013 |
20140020121 | ALWAYS-AVAILABLE EMBEDDED THEFT REACTION SUBSYSTEM - A platform including a security system is described. The security system comprises, in one embodiment, a multi-state system having a plurality of modes, available whenever the platform has a source of power. The modes comprise an unarmed mode, in which the security system is not protecting the platform, an armed mode, in which the platform is protected, the armed mode reached from the unarmed mode, after an arming command, and a suspecting mode, in which the platform is suspecting theft, the suspecting mode reached from the armed mode, when a risk behavior is detected. | 01-16-2014 |
20140181504 | SECURE PROVISIONING OF COMPUTING DEVICES FOR ENTERPRISE CONNECTIVITY - Technologies for securely provisioning a personal computing device for enterprise connectivity includes a trusted computing device for wirelessly communicating with the personal computing device, generating a key pair for the personal computing device, generating a certificate signing request, sending the certificate signing request on behalf of the personal computing device, receiving an access certificate for enterprise connectivity, and securely exporting the access certificate and a private key of the key pair to the personal computing device. | 06-26-2014 |
20140281468 | Virtual Bus Device Using Management Engine - A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional. | 09-18-2014 |