专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20210319118A1 System, Apparatus And Method For Configurable Trusted Input/Output Access From Authorized Software 有权
公开(公告)号：US20210319118A1
公开(公告)日：2021-10-14
申请号：US17304391
申请日：2021-06-21
申请人： Intel Corporation
发明人： Pradeep M. Pappachan , Siddhartha Chhabra , Bin Xing , Reshma Lal , Baruch Chaikin
IPC分类号： G06F21/60 , G06F21/62 , H04L9/08 , H04L9/32 , G06F21/53 , G06F21/57 , G06F21/82
摘要： In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.

2. 发明申请

US20170364707A1 TECHNOLOGIES FOR TRUSTED I/O WITH A CHANNEL IDENTIFIER FILTER AND PROCESSOR-BASED CRYPTOGRAPHIC ENGINE 审中-公开
公开(公告)号：US20170364707A1
公开(公告)日：2017-12-21
申请号：US15628008
申请日：2017-06-20
申请人： Intel Corporation
发明人： Reshma Lal , Gideon Gerzon , Baruch Chaikin , Siddhartha Chhabra , Pradeep M. Pappachan , Bin Xing
IPC分类号： G06F21/62 , G06F21/57 , G06F21/60 , G06F13/20 , G06F21/51
摘要： Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.

3. 发明申请

US20160171248A1 Using Trusted Execution Environments for Security of Code and Data 有权
标题翻译：使用可信执行环境来实现代码和数据的安全
公开(公告)号：US20160171248A1
公开(公告)日：2016-06-16
申请号：US14572060
申请日：2014-12-16
申请人： Intel Corporation
发明人： Nadav Nesher , Alex Berenzon , Baruch Chaikin
IPC分类号： G06F21/71 , G06F21/60
CPC分类号： G06F21/53 , G06F21/57 , G06F21/71 , H04L2209/127
摘要： An embodiment includes a processor coupled to memory to perform operations comprising: creating a first trusted execution environment (TXE), in protected non-privileged user address space of the memory, which makes a first measurement for at least one of first data and first executable code and which encrypts the first measurement with a persistent first hardware based encryption key while the first measurement is within the first TXE; creating a second TXE, in the non-privileged user address space, which makes a second measurement for at least one of second data and second executable code; creating a third TXE in the non-privileged user address space; creating a first secure communication channel between the first and third TXEs and a second secure communication channel between the second and third TXEs; and communicating the first measurement between the first and third TXEs via the first secure communication channel. Other embodiments are described herein.
摘要翻译：实施例包括耦合到存储器以执行操作的处理器，其包括：在存储器的受保护非特权用户地址空间中创建第一可信执行环境（TXE），其对第一数据和第一可执行文件中的至少一个进行第一测量代码，并且其在第一测量在第一TXE内时利用持久的基于硬件的第一硬件加密密钥对第一测量进行加密; 在非特权用户地址空间中创建第二TXE，其为第二数据和第二可执行代码中的至少一个进行第二测量; 在非特权用户地址空间中创建第三个TXE; 在第一和第三TXE之间创建第一安全通信信道，以及第二和第三TXE之间的第二安全通信信道; 以及经由所述第一安全通信信道在所述第一和第三TXE之间传送所述第一测量。本文描述了其它实施例。

4. 发明授权

US10705976B2 Scalable processor-assisted guest physical address translation 有权
公开(公告)号：US10705976B2
公开(公告)日：2020-07-07
申请号：US16023537
申请日：2018-06-29
申请人： Intel Corporation
发明人： Ravi Sahita , Barry E. Huntley , Vedvyas Shanbhogue , Dror Caspi , Baruch Chaikin , Gilbert Neiger , Arie Aharon , Arumugam Thiyagarajah
IPC分类号： G06F12/1036 , G06F12/14 , G06F9/455 , G06F12/109 , G06F21/53 , G06F21/78 , G06F12/1009 , G06F12/02
摘要： Examples include a processor including at least one untrusted extended page table (EPT), circuitry to execute a set of instructions of the instruction set architecture (ISA) of the processor to manage at least one secure extended page table (SEPT), and a physical address translation component to translate a guest physical address of a guest physical memory to a host physical address of a host physical memory using one of the at least one untrusted EPT and the at least one SEPT.

5. 发明授权

US10339327B2 Technologies for securely binding a platform manifest to a platform 有权
公开(公告)号：US10339327B2
公开(公告)日：2019-07-02
申请号：US15628012
申请日：2017-06-20
申请人： Intel Corporation
发明人： Pradeep M. Pappachan , Reshma Lal , Siddhartha Chhabra , Gideon Gerzon , Baruch Chaikin , Bin Xing , William A. Stevens, Jr.
IPC分类号： G06F21/76 , G06F21/60 , H04L29/06 , G06F21/57 , G06F13/28 , H04L9/32 , G06F13/20 , G06F21/62 , G06F21/85 , G09C1/00 , G06F21/70 , G06F21/51 , H04L9/06
摘要： Technologies for securely binding a manifest to a platform include a computing device having a security engine and a field-programmable fuse. The computing device receives a platform manifest indicative of a hardware configuration of the computing device and a manifest hash. The security engine of the computing device blows a bit of a field programmable fuse and then stores the manifest hash and a counter value of the field-programmable fuse in integrity-protected non-volatile storage. In response to a platform reset, the security engine verifies the stored manifest hash and counter value and then determines whether the stored counter value matches the field-programmable fuse. If verified and current, trusted software may calculate a hash of the platform manifest and compare the calculated hash to the stored manifest hash. If matching, the platform manifest may be used to discover platform hardware. Other embodiments are described and claimed.

6. 发明申请

US20230128711A1 TECHNOLOGIES FOR TRUSTED I/O WITH A CHANNEL IDENTIFIER FILTER AND PROCESSOR-BASED CRYPTOGRAPHIC ENGINE 有权
公开(公告)号：US20230128711A1
公开(公告)日：2023-04-27
申请号：US18062957
申请日：2022-12-07
申请人： Intel Corporation
发明人： Reshma Lal , Gideon Gerzon , Baruch Chaikin , Siddhartha Chhabra , Pradeep M. Pappachan , Bin Xing
IPC分类号： G06F21/60 , H04L9/40 , G06F21/57 , G06F13/28 , H04L9/32 , G06F21/62 , G06F21/85 , G09C1/00 , G06F13/20
摘要： Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.

7. 发明授权

US11630904B2 System, apparatus and method for configurable trusted input/output access from authorized software 有权
公开(公告)号：US11630904B2
公开(公告)日：2023-04-18
申请号：US17304391
申请日：2021-06-21
申请人： Intel Corporation
发明人： Pradeep M. Pappachan , Siddhartha Chhabra , Bin Xing , Reshma Lal , Baruch Chaikin
IPC分类号： G06F21/00 , G06F21/60 , G06F21/62 , H04L9/08 , H04L9/32 , G06F21/53 , G06F21/57 , G06F21/82
摘要： In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.

8. 发明授权

US11126733B2 System, apparatus and method for configurable trusted input/output access from authorized software 有权
公开(公告)号：US11126733B2
公开(公告)日：2021-09-21
申请号：US16113013
申请日：2018-08-27
申请人： Intel Corporation
发明人： Pradeep M. Pappachan , Siddhartha Chhabra , Bin Xing , Reshma Lal , Baruch Chaikin
IPC分类号： G06F21/00 , G06F21/60 , G06F21/62 , H04L9/08 , H04L9/32 , G06F21/53 , G06F21/57 , G06F21/82
摘要： In one embodiment, an apparatus includes: a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave. Other embodiments are described and claimed.

9. 发明授权

US10789371B2 Technologies for trusted I/O with a channel identifier filter and processor-based cryptographic engine 有权
公开(公告)号：US10789371B2
公开(公告)日：2020-09-29
申请号：US15628008
申请日：2017-06-20
申请人： Intel Corporation
发明人： Reshma Lal , Gideon Gerzon , Baruch Chaikin , Siddhartha Chhabra , Pradeep M. Pappachan , Bin Xing
IPC分类号： G06F21/00 , G06F21/60 , H04L29/06 , G06F21/57 , G06F13/28 , H04L9/32 , G06F21/62 , G06F21/85 , G09C1/00 , G06F13/20 , H04L9/06 , G06F21/51
摘要： Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.

10. 发明申请

US20170364689A1 TECHNOLOGIES FOR SECURELY BINDING A PLATFORM MANIFEST TO A PLATFORM 审中-公开
公开(公告)号：US20170364689A1
公开(公告)日：2017-12-21
申请号：US15628012
申请日：2017-06-20
申请人： Intel Corporation
发明人： Pradeep M. Pappachan , Reshma Lal , Siddhartha Chhabra , Gideon Gerzon , Baruch Chaikin , Bin Xing , William A. Stevens, JR.
IPC分类号： G06F21/60 , G06F21/57 , H04L9/32
CPC分类号： G06F21/602 , G06F13/20 , G06F13/28 , G06F21/51 , G06F21/57 , G06F21/6218 , G06F21/6281 , G06F21/85 , G09C1/00 , H04L9/0637 , H04L9/32 , H04L9/3242 , H04L63/12 , H04L63/126
摘要： Technologies for securely binding a manifest to a platform include a computing device having a security engine and a field-programmable fuse. The computing device receives a platform manifest indicative of a hardware configuration of the computing device and a manifest hash. The security engine of the computing device blows a bit of a field programmable fuse and then stores the manifest hash and a counter value of the field-programmable fuse in integrity-protected non-volatile storage. In response to a platform reset, the security engine verifies the stored manifest hash and counter value and then determines whether the stored counter value matches the field-programmable fuse. If verified and current, trusted software may calculate a hash of the platform manifest and compare the calculated hash to the stored manifest hash. If matching, the platform manifest may be used to discover platform hardware. Other embodiments are described and claimed.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式