公开(公告)号：US20230342459A1

公开(公告)日：2023-10-26

申请号：US18339571

申请日：2023-06-22

Applicant: Intel Corporation

Inventor： Michael Berger ,  Xiaoyu Ruan ,  Purushottam Goel ,  Mahesh Natu ,  Bharat Pillilli

IPC: G06F21/55 ,  G06F21/57

CPC classification number: G06F21/556 ,  G06F21/554 ,  G06F21/572

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

公开(公告)号：US20170178743A1

公开(公告)日：2017-06-22

申请号：US15443624

申请日：2017-02-27

Applicant: Intel Corporation

Inventor： Michael Berger

IPC: G11C17/18 ,  G06F3/06 ,  G11C17/16

CPC classification number: G11C17/18 ,  G06F3/0619 ,  G06F3/0655 ,  G06F3/0679 ,  G11C17/16

Abstract: Various systems and methods for implementing fuse-based integrity protection are described herein. A system for validating a read-only memory (ROM), the system comprising a ROM reader logic, implemented at least partly in hardware, to: access a read-only memory (ROM) having a plurality of permanently programmable electric couplings (PPECs), the PPECs having been programmed; survey a number of permanently altered PPECs in the set of PPECs to produce a counter value; read a binary representation of the counter value from PPEC values stored as a PPEC signature; and read a binary representation of the binary complement of the counter value from PPEC values in the PPEC signature; and a ROM validation logic, implemented at least partly, in hardware, to verify the integrity of the ROM using a combination of at least two of: the counter value, the binary representation of the counter value, and the binary representation of the binary complement of the counter value.

公开(公告)号：US20140223586A1

公开(公告)日：2014-08-07

申请号：US13992725

申请日：2011-12-22

Applicant: INTEL CORPORATION

Inventor： Michael Berger ,  Mark Segal ,  Dan Horovitz

IPC: G06F21/88

CPC classification number: G06F21/88 ,  G06F21/81 ,  H04W12/12

Abstract: A system comprising a platform protected by an always-on always-available security system is described. In one embodiment, the system includes a risk behavior logic to detect a potential problem, a core logic component to provide logic to analyze the potential problem and to move the platform to a suspecting mode when the potential problem indicates a theft suspicion, and the security action logic, to send periodic alerts to a security server when the platform is in the suspecting mode, the alert including movement related data, such that the security server can take an action to protect the platform.

Abstract translation: 描述了包括由永远在线的始终可用的安全系统保护的平台的系统。 在一个实施例中，系统包括检测潜在问题的风险行为逻辑，提供逻辑以分析潜在问题的核心逻辑组件，并且当潜在问题指示盗窃嫌疑时将该平台移动到可疑模式，并且安全性 动作逻辑，当平台处于可疑模式时向安全服务器发送定期警报，该警报包括运动相关数据，使得安全服务器可以采取行动保护平台。

公开(公告)号：US20210312044A1

公开(公告)日：2021-10-07

申请号：US17354125

申请日：2021-06-22

Applicant: Intel Corporation

Inventor： Michael Berger ,  Xiaoyu Ruan ,  Purushottam Goel ,  Mahesh Natu ,  Bharat Pillilli

IPC: G06F21/55 ,  G06F21/57

Abstract: An apparatus comprising a computer platform, including a central processing unit (CPU) comprising a first security engine to perform security operations at the CPU and a chipset comprising a second security engine to perform security operations at the chipset, wherein the first security engine and the second security engine establish a secure channel session between the CPU and the chipset to secure data transmitted between the CPU and the chipset.

公开(公告)号：US20200226260A1

公开(公告)日：2020-07-16

申请号：US16832147

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Nivedita Aggarwal ,  Anoop Mukker ,  Michael Berger ,  Karunakara Kotary ,  Arijit Chattopadhyay ,  Rajesh Poornachandran

IPC: G06F21/57 ,  G06F21/56 ,  G06F11/14

Abstract: An apparatus to facilitate firmware resiliency in a computer system platform is disclosed. The apparatus comprises a first non-volatile memory to store primary firmware for a computer system platform, a second non-volatile memory to store a firmware copy of the primary firmware and a resiliency hardware, coupled to the first non-volatile memory via the system fabric, to detect unauthorized access to the primary firmware and restore the primary firmware stored in the first non-volatile memory with the firmware copy.

公开(公告)号：US09875806B2

公开(公告)日：2018-01-23

申请号：US15443624

申请日：2017-02-27

Applicant: Intel Corporation

Inventor： Michael Berger

IPC: G11C17/00 ,  G11C17/18 ,  G11C17/16 ,  G06F3/06

CPC classification number: G11C17/18 ,  G06F3/0619 ,  G06F3/0655 ,  G06F3/0679 ,  G11C17/16

Abstract: Various systems and methods for implementing fuse-based integrity protection are described herein. A system for validating a read-only memory (ROM), the system comprising a ROM reader logic, implemented at least partly in hardware, to: access a read-only memory (ROM) having a plurality of permanently programmable electric couplings (PPECs), the PPECs having been programmed; survey a number of permanently altered PPECs in the set of PPECs to produce a counter value; read a binary representation of the counter value from PPEC values stored as a PPEC signature; and read a binary representation of the binary complement of the counter value from PPEC values in the PPEC signature; and a ROM validation logic, implemented at least partly, in hardware, to verify the integrity of the ROM using a combination of at least two of: the counter value, the binary representation of the counter value, and the binary representation of the binary complement of the counter value.

公开(公告)号：US09583210B1

公开(公告)日：2017-02-28

申请号：US14978698

申请日：2015-12-22

Applicant: Intel Corporation

Inventor： Michael Berger

IPC: G11C17/00 ,  G11C17/16 ,  G11C17/18

CPC classification number: G11C17/18 ,  G06F3/0619 ,  G06F3/0655 ,  G06F3/0679 ,  G11C17/16

Abstract: Various systems and methods for implementing fuse-based integrity protection are described herein. A system for validating a read-only memory (ROM), the system comprising a ROM reader logic, implemented at least partly in hardware, to: access a read-only memory (ROM) having a plurality of permanently programmable electric couplings (PPECs), the PPECs having been programmed; survey a number of permanently altered PPECs in the set of PPECs to produce a counter value; read a binary representation of the counter value from PPEC values stored as a PPEC signature; and read a binary representation of the binary complement of the counter value from PPEC values in the PPEC signature; and a ROM validation logic, implemented at least partly in hardware, to verify the integrity of the ROM using a combination of at least two of: the counter value, the binary representation of the counter value, and the binary representation of the binary complement of the counter value.

Abstract translation: 本文描述了用于实现基于熔丝的完整性保护的各种系统和方法。 一种用于验证只读存储器（ROM）的系统，所述系统包括至少部分地在硬件中实现的ROM读取器逻辑，以便：访问具有多个永久可编程电耦合（PPEC）的只读存储器（ROM） ，PPEC已被编程; 在一组PPEC中调查一些永久改变的PPECs以产生计数器值; 从存储为PPEC签名的PPEC值读取计数器值的二进制表示; 并从PPEC签名中的PPEC值读取计数器值的二进制补码的二进制表示; 以及至少部分地在硬件中实现的ROM验证逻辑，以使用以下组合中的至少两个来验证ROM的完整性：计数器值，计数器值的二进制表示和二进制补码的二进制表示 计数器值。

公开(公告)号：US20210110043A1

公开(公告)日：2021-04-15

申请号：US17132188

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Michael Berger ,  Anoop Mukker ,  Karunakara Kotary ,  Nivedita Aggarwal ,  Udy Hershkovitz ,  Arijit Chattopadhyay ,  Jabeena B. Gaibusab ,  Christopher J. Lake

IPC: G06F21/57 ,  G06F21/55 ,  G06F21/79 ,  G06F21/31 ,  G06F12/1081

Abstract: An apparatus to facilitate a computer system platform boot is disclosed. The apparatus comprises a system on chip (SOC), including a cache memory, a storage device to store platform firmware including boot code, a security controller to load the boot code into the cache during a platform reset and a processor to execute the boot code from the cache memory to initiate the SOC.

公开(公告)号：US09678808B2

公开(公告)日：2017-06-13

申请号：US14576019

申请日：2014-12-18

Applicant: Intel Corporation

Inventor： Michael Berger ,  Khee Wooi Lee ,  Mukesh Kataria

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F9/52 ,  G06F15/17 ,  G06F15/173 ,  G06F11/00

CPC classification number: G06F9/52 ,  G06F9/4403 ,  G06F11/00 ,  G06F15/17 ,  G06F15/17325 ,  G06F15/17337

Abstract: A method and apparatus is disclosed herein for performing write-only inter processor reset synchronization. In one embodiment, the processing unit comprises: a communication unit to transmit information to the second processing unit; memory to store reset synchronization information and message information; and processing logic to perform write-only reset synchronization between itself and the second processing unit based on bit indications set in the memory.

公开(公告)号：US08938610B2

公开(公告)日：2015-01-20

申请号：US14060289

申请日：2013-10-22

Applicant: Intel Corporation

Inventor： Hormuzd M. Khosravi ,  Venkat R Gokulrangan ,  Michael Berger ,  Izoslav Tchigevsky ,  Gary Joe Calhoun

IPC: G06F9/00 ,  G06F15/177 ,  G06F9/44 ,  H04W99/00

CPC classification number: G06F9/4416 ,  H04W99/00

Abstract: In some embodiments, a secure authenticated remote boot of computing device over a wireless network is performed in a pre-boot execution environment (PXE) using active management technology (AMT) for remote discovery. In these embodiments, a management engine (ME) may maintain full control of a wireless interface and a wireless connection as booting begins. The ME may relinquish control of the wireless interface after a PXE timeout, in response to a shutdown command, or once the device has booted. The ME controls the use of an operating system received from a remote location.

Abstract translation: 在一些实施例中，通过使用用于远程发现的主动管理技术（AMT）在预引导执行环境（PXE）中执行无线网络上的计算设备的安全认证的远程启动。 在这些实施例中，当引导开始时，管理引擎（ME）可以保持对无线接口和无线连接的完全控制。 在PXE超时之后，ME可以放弃对无线接口的控制，以响应关机命令，或者一旦设备启动。 ME控制从远程位置接收的操作系统的使用。