公开(公告)号：US11829299B2

公开(公告)日：2023-11-28

申请号：US17819418

申请日：2022-08-12

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay ,  Men Long

IPC: G06F12/00 ,  G06F12/1027 ,  G06F12/14 ,  G06F9/30 ,  G06F12/1045 ,  G06F12/1081

CPC classification number: G06F12/1027 ,  G06F9/3005 ,  G06F12/1408 ,  G06F12/1475 ,  G06F12/1045 ,  G06F12/1081 ,  G06F2212/402 ,  G06F2212/50 ,  G06F2212/65 ,  G06F2212/652 ,  G06F2212/657 ,  Y02D10/00

Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.

公开(公告)号：US10108557B2

公开(公告)日：2018-10-23

申请号：US14750664

申请日：2015-06-25

Applicant: Intel Corporation

Inventor： David M. Durham ,  Siddhartha Chhabra ,  Men Long ,  Eugene M. Kishinevsky

IPC: G06F11/30 ,  G06F12/14 ,  G06F12/0864 ,  H04L9/32

Abstract: Technologies for memory encryption include a computing device to generate a keyed hash of a data line based on a statistical counter value and a memory address to which to write the data line and to store the keyed hash to a cache line. The statistical counter value has a reference probability of incrementing at each write operation. The cache line includes a plurality of keyed hashes and each of the keyed hashes corresponds with a different data line. The computing device further encrypts the data line based on the keyed hash, the memory address, and the statistical counter value.

公开(公告)号：US10079813B2

公开(公告)日：2018-09-18

申请号：US15085114

申请日：2016-03-30

Applicant: Intel Corporation

Inventor： Karanvir Grewal ,  Men Long ,  Prashant Dewan

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/083 ,  H04L9/321 ,  H04L9/3247 ,  H04L63/061

Abstract: Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.

公开(公告)号：US20150074419A1

公开(公告)日：2015-03-12

申请号：US14323076

申请日：2014-07-03

Applicant: Intel Corporation

Inventor： David M. Durham ,  Hormuzd M. Khosravi ,  Uri Blumenthal ,  Men Long

IPC: G06F21/52

CPC classification number: G06F21/6209 ,  G06F12/1408 ,  G06F12/1466 ,  G06F12/1475 ,  G06F21/52 ,  G06F21/53

Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

公开(公告)号：US20230376637A1

公开(公告)日：2023-11-23

申请号：US18363176

申请日：2023-08-01

Applicant: Intel Corporation

Inventor： Manoj R. Sastry ,  Alpa Narendra Trivedi ,  Men Long

IPC: G06F21/72 ,  G09C1/00 ,  G06F21/85 ,  H04L9/06 ,  H04L9/08

CPC classification number: G06F21/72 ,  G09C1/00 ,  G06F21/85 ,  H04L9/0643 ,  H04L9/0897 ,  H04L2209/76 ,  G06F2213/0038 ,  G06F2207/7219 ,  G06F2211/008

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

公开(公告)号：US11768964B2

公开(公告)日：2023-09-26

申请号：US17679009

申请日：2022-02-23

Applicant: Intel Corporation

Inventor： Manoj R. Sastry ,  Alpa Narendra Trivedi ,  Men Long

IPC: G06F21/72 ,  G09C1/00 ,  G06F21/85 ,  H04L9/06 ,  H04L9/08

CPC classification number: G06F21/72 ,  G06F21/85 ,  G09C1/00 ,  H04L9/0643 ,  H04L9/0897 ,  G06F2207/7219 ,  G06F2211/008 ,  G06F2213/0038 ,  H04L2209/76

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

公开(公告)号：US11316661B2

公开(公告)日：2022-04-26

申请号：US16733685

申请日：2020-01-03

Applicant: Intel Corporation

Inventor： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: H04L9/12 ,  H04L9/22 ,  H04L9/06 ,  G06F12/14 ,  G09C1/00 ,  G06F21/85 ,  G06F21/60 ,  H04L9/14

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

公开(公告)号：US20210349999A1

公开(公告)日：2021-11-11

申请号：US17384279

申请日：2021-07-23

Applicant: Intel Corporation

Inventor： Michael LeMay ,  David M. Durham ,  Men Long

IPC: G06F21/56 ,  G06F12/0802 ,  G06F12/1009

Abstract: An example apparatus includes a scan manager to add a portion of a page of physical memory from a first sequence of mappings to a second sequence of mappings in response to determining the second sequence includes an address corresponding to the portion of the page of physical memory, and a scanner to scan the first sequence and the second sequence to determine whether at least one of first data in the first sequence or second data in the second sequence includes a pattern indicative of malware.

公开(公告)号：US09852301B2

公开(公告)日：2017-12-26

申请号：US14582797

申请日：2014-12-24

Applicant: Intel Corporation

Inventor： Alpa Narendra Trivedi ,  Siddhartha Chhabra ,  Uday Savagaonkar ,  Men Long

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08

CPC classification number: G06F21/606 ,  G06F21/6218 ,  H04L9/0822 ,  H04L9/0861

Abstract: Embodiments of an invention for establishing secure channels between a protected execution environment and fixed-function endpoints are disclosed. In one embodiment, and system includes an architecturally protected memory, a processing core communicatively coupled to the architecturally protected memory, and a key distribution engine. The processing core is to implement an architecturally-protected execution environment by performing at least one of executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory. The key distribution engine is to provide a secure channel between an application executing within the architecturally-protected execution environment and a fixed-function endpoint by generating a decrypted content encryption key by decrypting an encrypted content encryption key using a key wrapping key shared between the processing core and the key distribution engine and providing the decrypted content encryption key to the fixed-function endpoint.

公开(公告)号：US09805194B2

公开(公告)日：2017-10-31

申请号：US14671764

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Michael LeMay ,  David M. Durham ,  Men Long

IPC: G06F11/00 ,  G06F21/56 ,  G06F12/0802 ,  G06F12/1009

CPC classification number: G06F21/567 ,  G06F12/0802 ,  G06F12/1009 ,  G06F21/564

Abstract: Memory scanning methods and apparatus are disclosed. An example apparatus includes a walker to traverse a paging structure of an address translation system; a bit analyzer to determine whether a bit associated with an entry of the paging structure is indicative of the entry being recently accessed; an address identifier to, when the bit analyzer determines that the bit associated with the entry of the paging structure is indicative of the entry being recently accessed, determine an address associated with the entry; and an outputter to provide the determined address to a memory scanner.