公开(公告)号：EP3326104B1

公开(公告)日：2019-10-09

申请号：EP16828189.7

申请日：2016-06-20

申请人： Intel Corporation

发明人： XING, Bin ,  PAPPACHAN, Pradeep M. ,  CHHABRA, Siddhartha ,  LAL, Reshma ,  MCGOWAN, Steven B.

IPC分类号： G06F21/60 ,  G06F13/28 ,  G06F21/57

公开(公告)号：EP3326105B1

公开(公告)日：2019-08-14

申请号：EP16828191.3

申请日：2016-06-20

申请人： Intel Corporation

发明人： CHHABRA, Siddhartha ,  GERZON, Gideon ,  LAL, Reshma ,  XING, Bin ,  PAPPACHAN, Pradeep M. ,  MCGOWAN, Steven B.

IPC分类号： G06F21/57 ,  G06F21/72 ,  H04L9/08 ,  H04L9/32

公开(公告)号：EP3326105A1

公开(公告)日：2018-05-30

申请号：EP16828191.3

申请日：2016-06-20

申请人： Intel Corporation

发明人： CHHABRA, Siddhartha ,  GERZON, Gideon ,  LAL, Reshma ,  XING, Bin ,  PAPPACHAN, Pradeep M. ,  MCGOWAN, Steven B.

IPC分类号： G06F21/60

CPC分类号： G06F21/72 ,  G06F21/57 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/3242

摘要： Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes, an invoking secure enclave using secure enclave support of a processor. The invoking enclave configures channel programming information, including a channel key, and invokes a processor instruction with the channel programming information as a parameter. The processor generates wrapped programming information including an encrypted channel key and a message authentication code. The encrypted channel key is protected with a key known only to the processor. The invoking enclave provides the wrapped programming information to untrusted software, which invokes a processor instruction with the wrapped programming information as a parameter. The processor unwraps and verifies the wrapped programming information and then programs the cryptographic engine. The processor generates an authenticated response that may be verified by the invoking enclave. Other embodiments are described and claimed.

公开(公告)号：EP3198780B1

公开(公告)日：2020-03-25

申请号：EP15843644.4

申请日：2015-09-22

申请人： Intel Corporation

发明人： PAPPACHAN, Pradeep M. ,  LAL, Reshma ,  UGHREJA, Rakesh A. ,  DWARAKANATH, Kumar N. ,  MOORE, Victoria C.

IPC分类号： H04L9/08 ,  H04L9/32 ,  G06F21/84 ,  G06F21/44 ,  G06F9/54 ,  G06F21/57 ,  G06F21/60 ,  H04L29/06 ,  G06F21/83

公开(公告)号：EP3198782A1

公开(公告)日：2017-08-02

申请号：EP15844878.7

申请日：2015-09-22

申请人： Intel Corporation

发明人： LAL, Reshma ,  PAPPACHAN, Pradeep M.

IPC分类号： H04L9/08 ,  H04L9/32

CPC分类号： G06F21/44 ,  G06F21/32 ,  G06F21/602 ,  G06F21/606 ,  G06F21/6218 ,  H04L9/0816 ,  H04L9/083 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/10 ,  H04L2209/127

摘要： Systems and methods include establishing a secure communication between an application module and a sensor module. The application module is executing on an information-handling machine, and the sensor module is coupled to the information-handling machine. The establishment of the secure communication is at least partially facilitated by a mutually trusted module.

摘要翻译： 系统和方法包括在应用模块和传感器模块之间建立安全通信。 应用程序模块在信息处理机上执行，传感器模块与信息处理机相连。 至少部分地通过互相信任的模块来促进安全通信的建立。

公开(公告)号：EP3805968A1

公开(公告)日：2021-04-14

申请号：EP20211698.4

申请日：2016-06-20

申请人： INTEL Corporation

发明人： PAPPACHAN, Pradeep M. ,  LAL, Reshma ,  XING, Bin ,  CHHABRA, Siddhartha ,  SCARLATA, Vincent R. ,  MCGOWAN, Steven B.

IPC分类号： G06F21/57 ,  G06F21/60 ,  G06F13/28

摘要： Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information. The computing device may collect application attestation information for a trusted application that uses the trusted I/O usage and verify the application attestation information. Other embodiments are described and claimed.

公开(公告)号：EP3326102A1

公开(公告)日：2018-05-30

申请号：EP16828187.1

申请日：2016-06-20

申请人： Intel Corporation

发明人： LAL, Reshma ,  MCGOWAN, Steven B. ,  CHHABRA, Siddhartha ,  GERZON, Gideon ,  XING, Bin ,  PAPPACHAN, Pradeep M. ,  ELBAZ, Reouven

IPC分类号： G06F21/60 ,  G06F13/28

CPC分类号： H04L9/0631 ,  G06F13/28 ,  H04L9/0618 ,  H04L9/0822 ,  H04L9/3242

摘要： Technologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.

公开(公告)号：EP3326099A1

公开(公告)日：2018-05-30

申请号：EP16828190.5

申请日：2016-06-20

申请人： Intel Corporation

发明人： PAPPACHAN, Pradeep M. ,  LAL, Reshma ,  XING, Bin ,  CHHABRA, Siddhartha ,  SCARLATA, Vincent R. ,  MCGOWAN, Steven B.

IPC分类号： G06F21/44 ,  G06F21/50 ,  G06F21/60

摘要： Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information. The computing device may collect application attestation information for a trusted application that uses the trusted I/O usage and verify the application attestation information. Other embodiments are described and claimed.

公开(公告)号：EP3198780A1

公开(公告)日：2017-08-02

申请号：EP15843644.4

申请日：2015-09-22

申请人： Intel Corporation

发明人： PAPPACHAN, Pradeep M. ,  LA, Reshma ,  UGHREJA, Rakesh A. ,  DWARAKANATH, Kumar N. ,  MOORE, Victoria C.

IPC分类号： H04L9/08 ,  H04L9/32

CPC分类号： H04L9/00 ,  G06F9/54 ,  G06F21/445 ,  G06F21/57 ,  G06F21/606 ,  G06F21/83 ,  G06F21/84 ,  G06F2221/033 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/145

摘要： Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.

摘要翻译： 系统和方法包括在应用模块和音频模块之间建立密码安全通信。 应用模块被配置为在信息处理机器上执行，并且音频模块被耦合到信息处理机器。 密码安全通信的建立可以至少部分地由互相信任的模块来促进。

公开(公告)号：EP3582129A1

公开(公告)日：2019-12-18

申请号：EP19189777.6

申请日：2016-06-20

申请人： INTEL Corporation

发明人： PAPPACHAN, Pradeep M. ,  LAL, Reshma ,  XING, Bin ,  CHHABRA, Siddhartha ,  SCARLATA, Vincent R. ,  MCGOWAN, Steven B.

IPC分类号： G06F21/57 ,  G06F21/60 ,  G06F13/28

摘要： Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information. The computing device may collect application attestation information for a trusted application that uses the trusted I/O usage and verify the application attestation information. Other embodiments are described and claimed.