公开(公告)号：US11343090B2

公开(公告)日：2022-05-24

申请号：US16454476

申请日：2019-06-27

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: H04L9/08 ,  G06F21/85 ,  G06F21/78

Abstract: There is disclosed in one example a computing system, including: a processor; a memory; and a memory encryption engine (MEE) including circuitry and logic to: allocate a protected isolated memory region (IMR); encrypt the protected IMR; set an access control policy to allow access to the IMR by a device identified by a device identifier; and upon receiving a memory access request directed to the IMR, enforce the access control policy.

公开(公告)号：US20220038505A1

公开(公告)日：2022-02-03

申请号：US17502787

申请日：2021-10-15

Applicant: INTEL CORPORATION

Inventor： SIDDHARTHA CHHABRA ,  Prashant Dewan

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/30 ,  G06F21/57 ,  G06F21/62 ,  G06F21/74

Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack. In several such embodiments, a second ISA instruction implemented by microcode may enable untrusted software to verify the validity of the wrapped blobs and program registers associated with the platform resource with policy information provided via the wrapped blobs.

公开(公告)号：US11205003B2

公开(公告)日：2021-12-21

申请号：US16832138

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401 ,  G06F21/71 ,  G06F21/79

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20210319138A1

公开(公告)日：2021-10-14

申请号：US17358287

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel ,  Siddhartha Chhabra ,  Ofir Shwartz ,  Kumar Dwarakanath

IPC: G06F21/72 ,  G06F21/79 ,  G06F21/73 ,  G06F21/60 ,  G06F15/78 ,  G06F7/58

Abstract: Methods and apparatus relating to utilization of logic and a serial number to provide persistent unique platform secret for generation of System on Chip (SOC or SoC) root keys are described. In an embodiment, stepping logic circuitry generates a stepping identifier in response to a first signal. Unique identifier logic circuitry generates a unique identifier in response to a second signal. Secret generation logic circuitry generates a key based at least in part on the stepping identifier and the unique identifier. The unique identifier is stored in persistent memory. Other embodiments are also disclosed and claimed.

公开(公告)号：US20210110042A1

公开(公告)日：2021-04-15

申请号：US17131959

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Nivedita Aggarwal

IPC: G06F21/57 ,  H04L9/08

Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.

公开(公告)号：US10885202B2

公开(公告)日：2021-01-05

申请号：US16123593

申请日：2018-09-06

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US10819507B2

公开(公告)日：2020-10-27

申请号：US15856609

申请日：2017-12-28

Applicant: Intel Corporation

Inventor： Prashant Dewan

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/60 ,  G06F21/85

Abstract: Technologies disclosed herein provide an apparatus comprising a sensor including a first processor configured to execute first instructions to identify, based on an index, a first encrypted key of a first set of encrypted keys, identify, based on the index, a second encrypted key of a second set of encrypted keys, and extract a first trusted symmetric key from the first encrypted key using a first decryption algorithm and a first decryption key. The apparatus further comprises a computing platform coupled to the sensor and including a memory element and a processor configured to execute second instructions stored in the memory element to receive the second encrypted key from the sensor and extract a second trusted symmetric key from the second encrypted key using a second decryption algorithm and a second decryption key, where the first trusted symmetric key matches the second trusted symmetric key.

公开(公告)号：US10691627B2

公开(公告)日：2020-06-23

申请号：US15089280

申请日：2016-04-01

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  David M. Durham ,  Prashant Dewan

IPC: G06F12/14 ,  G06F13/28

Abstract: This disclosure is directed to avoiding redundant memory encryption in a cryptographic protection system. Data stored in a device may be protected using different encryption systems. Data associated with at least one trusted execution environment (TEE) may be encrypted using a first encryption system. Main memory in the device may comprise data important to maintaining the integrity of an operating system (OS), etc. and may be encrypted using a second encryption system. Data may also be placed into a memory location via direct memory access (DMA) and may be protected utilizing a third encryption system. Redundant encryption may be avoided by encryption circuitry capable of determining when data is already protected by encryption provided by another system. For example, the encryption circuitry may comprise encryption control circuitry that monitors indicators set at different points during data handling, and may bypass certain data encryption or decryption operations based on the indicator settings.

公开(公告)号：US10666430B2

公开(公告)日：2020-05-26

申请号：US15721352

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/06

Abstract: Embodiments detailed herein relate to techniques which enable the creation of secure point-to-point interconnect communication channels between hardware components which may be independently manufactured and arbitrarily paired with one another in a computer system. Also detailed herein is instruction support for dynamically enabling and disabling the security of a point-to-point interconnect link.

公开(公告)号：US10592435B2

公开(公告)日：2020-03-17

申请号：US15209955

申请日：2016-07-14

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  David M. Durham ,  Karanvir S. Grewal ,  Alpa T. Narendra Trivedi

IPC: G06F12/14 ,  G06F21/74 ,  G06F3/06 ,  G06F21/10 ,  G06F21/60 ,  G06F21/62

Abstract: In one embodiment, an apparatus includes: at least one core to execute instructions, the at least one core formed on a semiconductor die; a first memory formed on the semiconductor die, the first memory comprising a non-volatile random access memory, the first memory to store a first entry to be a monotonic counter, the first entry including a value field and a status field; and a control circuit, wherein the control circuit is to enable access to the first entry if the apparatus is in a secure mode and otherwise prevent the access to the first entry. Other embodiments are described and claimed.