公开(公告)号：US20160110540A1

公开(公告)日：2016-04-21

申请号：US14517338

申请日：2014-10-17

Applicant: Intel Corporation

Inventor： ALPA NARENDRA TRIVEDI ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Prashant Dewan ,  Uday Savagaonkar ,  David Durham

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F2221/033

Abstract: Embodiments of an invention for an interface between a device and a secure processing environment are disclosed. In one embodiment, a system includes a processor, a device, and an interface plug-in. The processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to create a secure processing environment. The execution unit is to execute an application in the secure processing environment. The device is to execute a workload for the application. The interface plug-in is to provide an interface for the device to enter the secure processing environment to execute the workload.

Abstract translation: 公开了用于设备和安全处理环境之间的接口的发明的实施例。 在一个实施例中，系统包括处理器，设备和接口插件。 处理器包括指令单元和执行单元。 指令单元将接收创建安全处理环境的指令。 执行单元在安全处理环境中执行应用。 该设备将为应用程序执行工作负载。 接口插件是为设备提供一个接口，进入安全处理环境以执行工作负载。

公开(公告)号：US20170372063A1

公开(公告)日：2017-12-28

申请号：US15656992

申请日：2017-07-21

Applicant: Intel Corporation

Inventor： PRASHANT DEWAN ,  UTTAM SENGUPTA ,  SIDDHARTHA CHHABRA ,  DAVID DURHAM ,  XIAOZHU KANG ,  UDAY SAVAGAONKAR ,  ALPA NARENDRA TRIVEDI

IPC: G06F21/53 ,  G06F9/455 ,  G06F21/84 ,  H04L9/32

CPC classification number: G06F21/53 ,  G06F9/45504 ,  G06F9/45558 ,  G06F9/5011 ,  G06F9/5072 ,  G06F21/554 ,  G06F21/84 ,  G06F2009/45587 ,  G06F2213/0038 ,  H04L9/3247

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for virtualization-based intra-block workload isolation. The system may include a virtual machine manager (VMM) module to create a secure virtualization environment or sandbox. The system may also include a processor block to load data into a first region of the sandbox and to generate a workload package based on the data. The workload package is stored in a second region of the sandbox. The system may further include an operational block to fetch and execute instructions from the workload package.