公开(公告)号：US10395028B2

公开(公告)日：2019-08-27

申请号：US15656992

申请日：2017-07-21

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Siddhartha Chhabra ,  David Durham ,  Xiaozhu Kang ,  Uday Savagaonkar ,  Alpa Narendra Trivedi

IPC: G06F9/455 ,  G06F12/08 ,  G06F11/30 ,  G06F21/71 ,  G06F21/53 ,  G06F21/84 ,  H04L9/32 ,  G06F21/55 ,  G06F9/50

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for virtualization-based intra-block workload isolation. The system may include a virtual machine manager (VMM) module to create a secure virtualization environment or sandbox. The system may also include a processor block to load data into a first region of the sandbox and to generate a workload package based on the data. The workload package is stored in a second region of the sandbox. The system may further include an operational block to fetch and execute instructions from the workload package.

公开(公告)号：US10341351B2

公开(公告)日：2019-07-02

申请号：US15941560

申请日：2018-03-30

Applicant: Intel Corporation

Inventor： Hong C. Li ,  John B. Vicente ,  Prashant Dewan

IPC: G06F21/51 ,  G06F21/53 ,  H04L29/06 ,  H04L29/08

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

公开(公告)号：US20190042804A1

公开(公告)日：2019-02-07

申请号：US15863593

申请日：2018-01-05

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta

IPC: G06F21/84 ,  G06F21/53 ,  G06F21/60 ,  G09G5/14 ,  G09G5/00 ,  G09G5/38 ,  G09G5/395

Abstract: In embodiments, an apparatus to enforce secure display view for trusted transactions may include a first input interface to receive from an application, via a trusted execution environment (TEE), viewport size data and an identifier of a display associated with a secure display of a trusted transaction; and a second input interface to receive from the application, via an untrusted execution environment, an encrypted transaction bitmap associated with the trusted transaction, to be securely displayed on the display; and an enforcement engine coupled to the first input interface and the second input interface, to verify that the size and location of the transaction bitmap are within the viewport to ensure the secure display of the transaction bitmap. In embodiments, after verification of the size and location of the transaction bitmap being within the viewport, the transaction bitmap may be displayed.

公开(公告)号：US20190042230A1

公开(公告)日：2019-02-07

申请号：US16143334

申请日：2018-09-26

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam Sengupta

IPC: G06F8/65 ,  H04L9/30 ,  G06F21/57

Abstract: Apparatuses, methods and storage mediums associated with updating firmware of a component of a computer platform, are disclosed herein. In some embodiments, a processor includes an instruction decoder; and a storage having microcode arranged to implement an instruction to verify updates to firmware of a component of a computer platform hosting the processor and the component. The computer platform may include a component firmware update manager. The firmware of a component may include a firmware update plug-in. Other embodiments are also described, and may be claimed.

公开(公告)号：US10181027B2

公开(公告)日：2019-01-15

申请号：US14517338

申请日：2014-10-17

Applicant: Intel Corporation

Inventor： Alpa Narendra Trivedi ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Prashant Dewan ,  Uday Savagaonkar ,  David Durham

IPC: G06F21/53

Abstract: Embodiments of an invention for an interface between a device and a secure processing environment are disclosed. In one embodiment, a system includes a processor, a device, and an interface plug-in. The processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to create a secure processing environment. The execution unit is to execute an application in the secure processing environment. The device is to execute a workload for the application. The interface plug-in is to provide an interface for the device to enter the secure processing environment to execute the workload.

公开(公告)号：US20180365432A1

公开(公告)日：2018-12-20

申请号：US15623318

申请日：2017-06-14

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: G06F21/60 ,  H04W4/02 ,  H04L29/06 ,  H04W12/08 ,  G06F21/62

Abstract: Technologies for dynamically protecting memory of the mobile compute device include a main memory, a location sensor that produces sensor data indicative of a present location of the mobile compute device, a sensor hub communicatively coupled to the location sensor, and a security engine communicatively coupled to the sensor hub. The sensor hub determines a present location security zone of the mobile compute device based on the present location of the mobile compute device and a geofence policy, which maps locations to location security zones. The security engine encrypts the main memory of the mobile compute device and determines whether the present location security zone has changed relative to a most-previous location security zone of the mobile compute device. If the present location security zone has changed to a safe zone, the security engine decrypts the main memory.

公开(公告)号：US20180047307A1

公开(公告)日：2018-02-15

申请号：US15728113

申请日：2017-10-09

Applicant: INTEL CORPORATION

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Uday R. Savagaonkar ,  Siddhartha Chhabra ,  David Durham ,  Xiaozhu Kang

IPC: G09C5/00

CPC classification number: G09C5/00

Abstract: Various embodiments are generally directed an apparatus and method for processing an encrypted graphic with a decryption key associated with a depth order policy including a depth position of a display scene, generating a graphic from the encrypted graphic when the encrypted graphic is successfully decrypted using the decryption key and assigning the graphic to a plane at the depth position of the display scene when the encrypted graphic is successfully decrypted.

公开(公告)号：US09652609B2

公开(公告)日：2017-05-16

申请号：US14739133

申请日：2015-06-15

Applicant: Intel Corporation

Inventor： Xiaozhu Kang ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham

IPC: G06F21/53 ,  G06F21/60 ,  G06F21/78 ,  G06F21/50 ,  G06F12/14

CPC classification number: G06F21/53 ,  G06F12/14 ,  G06F21/50 ,  G06F21/60 ,  G06F21/78 ,  G06F2221/034

Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.

公开(公告)号：US20160170900A1

公开(公告)日：2016-06-16

申请号：US15048400

申请日：2016-02-19

Applicant: Intel Corporation

Inventor： Gur Hildesheim ,  Shlomo Raikin ,  Ittai Anati ,  Gideon Gerzon ,  Uday Savagaonkar ,  Francis Mckeen ,  Carlos Rozas ,  Michael Goldsmith ,  Prashant Dewan

IPC: G06F12/10

CPC classification number: G06F12/109 ,  G06F12/0284 ,  G06F12/1036 ,  G06F2212/656 ,  G06F2212/657

Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.

Abstract translation: 公开了包括虚拟地址存储器范围寄存器的装置和方法的实施例。 在一个实施例中，处理器包括存储器接口，地址转换硬件和虚拟存储器地址比较硬件。 存储器接口是使用物理内存地址访问系统内存。 地址转换硬件是支持将虚拟内存地址转换为物理内存地址。 虚拟存储器地址由软件用于访问处理器的虚拟存储器地址空间中的虚拟存储器位置。 虚拟内存地址比较硬件是确定虚拟内存地址是否在虚拟内存地址范围内。

公开(公告)号：US20160110540A1

公开(公告)日：2016-04-21

申请号：US14517338

申请日：2014-10-17

Applicant: Intel Corporation

Inventor： ALPA NARENDRA TRIVEDI ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Prashant Dewan ,  Uday Savagaonkar ,  David Durham

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F2221/033

Abstract: Embodiments of an invention for an interface between a device and a secure processing environment are disclosed. In one embodiment, a system includes a processor, a device, and an interface plug-in. The processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to create a secure processing environment. The execution unit is to execute an application in the secure processing environment. The device is to execute a workload for the application. The interface plug-in is to provide an interface for the device to enter the secure processing environment to execute the workload.

Abstract translation: 公开了用于设备和安全处理环境之间的接口的发明的实施例。 在一个实施例中，系统包括处理器，设备和接口插件。 处理器包括指令单元和执行单元。 指令单元将接收创建安全处理环境的指令。 执行单元在安全处理环境中执行应用。 该设备将为应用程序执行工作负载。 接口插件是为设备提供一个接口，进入安全处理环境以执行工作负载。