-
1.发明授权METHOD AND APPARATUS FOR MEMORY ENCRYPTION WITH INTEGRITY CHECK AND PROTECTION AGAINST REPLAY ATTACKS 有权具有完整性检查和防止重放攻击的保护的存储器加密方法和设备
公开(公告)号:EP2726991B1
公开(公告)日:2018-03-14
申请号:EP11868426.5
申请日:2011-06-29
申请人: Intel Corporation
发明人: GUERON, Shay , SAVAGAONKAR, Uday , MCKEEN, Francis X. , ROZAS, Carlos V. , DURHAM, David M. , DOWECK, Jacob , MULLA, Ofir , ANATI, Ittai , GREENFIELD, Zvika , MAOR, Moshe
CPC分类号: G06F21/72 , G06F12/1408 , G06F21/00 , G06F21/64 , H04L9/0637 , H04L9/3242
摘要: A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor.
-
2.发明公开A TWEAKABLE ENCRYPION MODE FOR MEMORY ENCRYPTION WITH PROTECTION AGAINST REPLAY ATTACKS 有权OPTIMIERBARERVERSCHLÜSSELUNGSMODUSFÜREINESPEICHERVERSCHLÜSSELUNGMIT SCHUTZ GEGEN REPLAY-ATTACKEN
公开(公告)号:EP2619705A2
公开(公告)日:2013-07-31
申请号:EP11827696.3
申请日:2011-09-24
申请人: Intel Corporation
发明人: GUERON, Shay , GERZON, Gideon , ANATI, Ittai , DOWECK, Jacob , MAOR, Moshe
CPC分类号: G06F12/1408 , G06F21/52 , G06F21/64
摘要: A method and apparatus for protecting against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a "time stamp" indicator. An incrementing mechanism using the "time stamp" indicator generates a tweak which separates different contexts over different times such that the effect of "Type 2 replay attacks" is mitigated.
摘要翻译: 提供了一种用于防止对系统存储器的硬件攻击的方法和装置。 用于块密码的操作模式增强了标准的XTS-AES操作模式,通过扩展调整以包括“时间戳”指示符来执行存储器加密。 使用“时间戳”指示符的递增机制产生了在不同时间分离不同上下文的调整,使得“类型2重放攻击”的效果得到缓解。
-
3.发明公开PROCESSORS, METHODS, SYSTEMS, AND INSTRUCTIONS TO SUPPORT LIVE MIGRATION OF PROTECTED CONTAINERS 审中-公开处理器,方法,系统和说明,以支持受保护的容器的实时迁移
公开(公告)号:EP3314853A1
公开(公告)日:2018-05-02
申请号:EP16814991.2
申请日:2016-05-27
申请人: Intel Corporation
发明人: ROZAS, Carlos V. , VIJ, Mona , LESLIE-HURD, Rebekah M. , ZMUDZINSKI, Krystof C. , CHAKRABARTI, Somnath , MCKEEN, Francis X. , SCARLATA, Vincent R. , JOHNSON, Simon P. , ALEXANDROVICH, Ilya , NEIGER, Gilbert , SHANBHOGUE, Vedvyas , ANATI, Ittai
CPC分类号: G06F12/1408 , G06F8/41 , G06F9/30145 , G06F9/45558 , G06F21/53 , G06F21/602 , G06F2009/4557 , G06F2009/45587 , G06F2212/1052
摘要: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
-
公开(公告)号:EP3314452A1
公开(公告)日:2018-05-02
申请号:EP16814937.5
申请日:2016-05-24
申请人: Intel Corporation
发明人: GENDLER, Alexander , BERKOVITS, Ariel , MISHAELI, Michael , SHULMAN, Nadav , DESAI, Sameer , REHANA, Shani , ANATI, Ittai , SHAFI, Hisham
CPC分类号: G06F1/3287 , G06F12/0804 , G06F12/0868 , G06F12/0888 , G06F12/1433 , G06F2212/1052 , G06F2212/311 , G06F2212/621
摘要: A method and apparatus for flushing and restoring core memory content to and from, respectively, external memory are described. In one embodiment, the apparatus is an integrated circuit comprising a plurality of processor cores, the plurality of process cores including one core having a first memory operable to store data of the one core, the one core to store data from the first memory to a second memory located externally to the processor in response to receipt of a first indication that the one core is to transition from a first low power idle state to a second low power idle state and receipt of a second indication generated externally from the one core indicating that the one core is to store the data from the first memory to the second memory, locations in the second memory at which the data is stored being accessible by the one core and inaccessible by other processor cores in the IC; and a power management controller coupled to the plurality of cores and located outside the plurality of cores.
-
公开(公告)号:EP3025268A1
公开(公告)日:2016-06-01
申请号:EP14829860.7
申请日:2014-07-15
申请人: Intel Corporation
发明人: SCARLATA, Vincent R. , ROZAS, Carlos V. , JOHNSON, Simon P. , SAVAGAONKAR, Uday R. , ANATI, Ittai , MCKEEN, Francis X. , GOLDSMITH, Michael A.
CPC分类号: H04L9/3213 , G06F21/12 , G06F21/53 , H04L9/3263
摘要: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.
-
公开(公告)号:EP3025266B1
公开(公告)日:2019-09-11
申请号:EP14829313.7
申请日:2014-07-15
申请人: Intel Corporation
-
公开(公告)号:EP3520010A1
公开(公告)日:2019-08-07
申请号:EP17857145.1
申请日:2017-08-30
申请人: Intel Corporation
-
公开(公告)号:EP3049992A1
公开(公告)日:2016-08-03
申请号:EP14849831.4
申请日:2014-09-16
申请人: Intel Corporation
发明人: CHHABRA, Siddhartha , SAVAGAONKAR, Uday R. , GOLDSMITH, Michael A. , JOHNSON, Simon P. , LESLIE-HURD, Rebekah M. , MCKEEN, Francis X. , NEIGER, Gilbert , MAKARAM, Raghunandan , ROZAS, Carlos V. , SANTONI, Amy L. , SCARLATA, Vincent R. , SHANBHOGUE, Vedvyas , SMITH, Wesley H. , ANATI, Ittai , ALEXANDROVICH, Ilya
CPC分类号: G06F12/1408 , G06F9/45558 , G06F12/0808 , G06F12/0897 , G06F12/1027 , G06F2009/45587 , G06F2212/1032 , G06F2212/1048 , G06F2212/152
摘要: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section that is convertible in response to a section conversion instruction.
-
公开(公告)号:EP3025266A1
公开(公告)日:2016-06-01
申请号:EP14829313.7
申请日:2014-07-15
申请人: Intel Corporation
发明人: ROZAS, Carlos V. , ANATI, Ittai , GERZON, Gideon , GUERON, Shay , JOHNSON, Simon P. , MCKEEN, Francis X. , SAVAGAONKAR, Uday R. , SCARLATA, Vincent R.
CPC分类号: H04L9/3239 , G06F9/3004 , G06F12/1441 , G06F21/71 , G06F2221/2111
摘要: Embodiments of an invention for measuring a secure enclave are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first, a second, and a third instruction. The execution unit is to execute the first, the second, and the third instruction. Execution of the first instruction includes initializing a measurement field in a control structure of a secure enclave with an initial value. Execution of the second instruction includes adding a region to the secure enclave. Execution of the third instruction includes measuring a subregion of the region.
摘要翻译: 公开了用于测量安全飞地的发明的实施例。 在一个实施例中,处理器包括指令单元和执行单元。 指令单元将接收第一,第二和第三指令。 执行单元执行第一条,第二条和第三条指令。 第一指令的执行包括用初始值初始化安全区域的控制结构中的测量字段。 第二条指令的执行包括向安全飞地增加一个区域。 第三条指令的执行包括测量该地区的一个子地区。
-
10.发明公开METHOD AND APPARATUS FOR MEMORY ENCRYPTION WITH INTEGRITY CHECK AND PROTECTION AGAINST REPLAY ATTACKS 有权方法和设备用于加密一个程序完整性测试和保护免受攻击PLAY
公开(公告)号:EP2726991A1
公开(公告)日:2014-05-07
申请号:EP11868426.5
申请日:2011-06-29
申请人: Intel Corporation
发明人: GUERON, Shay , SAVAGAONKAR, Uday , MCKEEN, Francis X. , ROZAS, Carlos V. , DURHAM, David M. , DOWECK, Jacob , MULLA, Ofir , ANATI, Ittai , GREENFIELD, Zvika , MAOR, Moshe
IPC分类号: G06F12/14
CPC分类号: G06F21/72 , G06F12/1408 , G06F21/00 , G06F21/64 , H04L9/0637 , H04L9/3242
摘要: A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a "time stamp" indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a "time stamp" indicator associated with the cache line. The "time stamp indicator" is stored in a processor.
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.008 秒)
