-
公开(公告)号:US20190213143A1
公开(公告)日:2019-07-11
申请号:US15282575
申请日:2016-09-30
Applicant: Intel Corporation
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: The presently disclosed method and apparatus for sharing security metadata memory space proposes a technique to allow metadata sharing two different encryption techniques. A section of memory encrypted using a first type of encryption and having first security metadata associated therewith is converted to a section of memory encrypted using a second type of encryption and having second security metadata associated therewith. At least a portion of said first security metadata shares a memory space with at least a portion of said second security metadata for a same section of memory.
-
公开(公告)号:US20190042359A1
公开(公告)日:2019-02-07
申请号:US15908205
申请日:2018-02-28
Applicant: INTEL CORPORATION
Inventor: DAVID M. DURHAM
Abstract: Various embodiments are generally directed to techniques for managing errors in data, such as with error-correcting code (ECC), for instance. Some embodiments are particularly directed to providing one or more of error detection, location, and correction for a set of storage memory devices with a management memory device. In one or more embodiments, each of the storage and management memory devices may include a memory chip, such as one of a set of memory chips included in a dual in-line memory module (DIMM). For instance, each memory device be a dynamic random-access memory (DRAM) integrated circuit included in a DIMM. In various embodiments, the set of storage management memory devices may be used to store a memory line, such as an evicted cache line. In many embodiments, cryptographically secure memory encryption and/or integrity may also be provided for the set of storage memory devices with the management memory device.
-
公开(公告)号:US20190042324A1
公开(公告)日:2019-02-07
申请号:US15942029
申请日:2018-03-30
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
IPC: G06F9/50 , G06F12/0808 , G06F12/084 , G06F12/14 , H04L9/32 , G06F9/455
Abstract: Various embodiments are generally directed to techniques for dynamic resource allocation among cryptographic domains, such as with memory pages in a platform that implements a plurality of cryptographically isolated domains, for instance. Some embodiments are particularly directed to a platform that includes a resource allocation manager (RMGR) that allows for page reassignment among cryptographically isolated virtual machines (VMs) while ensuring functional correctness with respect to integrity. In many embodiments, the RMGR may include hardware and/or software support for a new instruction that enables efficient key reassignment for memory pages.
-
公开(公告)号:US20170288874A1
公开(公告)日:2017-10-05
申请号:US15087144
申请日:2016-03-31
Applicant: Intel Corporation
Inventor: ALPA T. NARENDRA TRIVEDI , SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: This disclosure is directed to cryptographic protection for trusted operating systems. In general, a device may comprise for example, at least processing circuitry and memory circuitry. The device may be virtualized in that the processing circuitry may load virtual machines (VMs) and a virtual machine manager (VMM) into the memory circuitry during operation. At least one of the VMs may operate as a trusted execution environment (TEE) including a trusted operating system (TOS). The processing circuitry may comprise encryption circuitry to cryptographically protect the TOS. For example, the VMM may determine a first memory range in which the TOS will be loaded and store data regarding the first memory range in a register within the encryption circuitry. The register configures the encryption circuitry to cryptographically protect the TOS.
-
15.发明申请公开(公告)号:US20250103428A1
公开(公告)日:2025-03-27
申请号:US18373780
申请日:2023-09-27
Applicant: Intel Corporation
Inventor: SERGEJ DEUTSCH , KARANVIR GREWAL , DAVID M. DURHAM
Abstract: An apparatus and method for efficient encoding for trusted environments including full error correction. One embodiment of a processor comprises: a plurality of cores to execute instructions;
a memory controller coupled to the plurality of cores, the memory controller operable in a first error correction mode and a second error correction mode, the memory controller comprising: a decoder to decode first error correction code (ECC) bits encoded in accordance with the first error correction mode to determine a first syndrome and a second syndrome based on data corresponding to the ECC bits; error detection circuitry to determine whether one or both of the first syndrome and the second syndrome indicates an error in the data; and an encoder to generate second ECC bits in accordance with the second error correction mode, the ECC bits to be encoded based on whether one or both of the first syndrome and the second syndrome indicates an error.-
Patent Agency Ranking
16.发明申请公开(公告)号:US20210200673A1
公开(公告)日:2021-07-01
申请号:US16728800
申请日:2019-12-27
Applicant: Intel Corporation
Inventor: DEEPAK GUPTA , MINGWEI ZHANG , RAVI SAHITA , VEDVYAS SHANBHOGUE , MICHAEL LEMAY , DAVID M. DURHAM
IPC: G06F12/02 , G06F12/0895 , G06F9/30
Abstract: An apparatus and method for memory management using compartmentalization. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data, at least one instruction to generate a system memory access request using a first linear address; and address translation circuitry to perform a first walk operation through a set of one or more address translation tables to translate the first linear address to a first physical address, the address translation circuitry to concurrently perform a second walk operation through a set of one or more linear address metadata tables to identify metadata associated with the linear address, and to use one or more portions of the metadata to validate access by the at least one instruction to the first physical address.
-
公开(公告)号:US20200004696A1
公开(公告)日:2020-01-02
申请号:US16558705
申请日:2019-09-03
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: Various embodiments are generally directed to techniques for multi-domain memory encryption, such as with a plurality of cryptographically isolated domains, for instance. Some embodiments are particularly directed to a multi-domain encryption system that provides one or more of memory encryption, integrity, and replay protection services to a plurality of cryptographic domains. In one embodiment, for example, an apparatus may comprise a memory and logic for an encryption engine, at least a portion of the logic implemented in circuitry coupled to the memory. In various embodiments, the logic may receive a memory operation request associated with a data line of a set of data lines stored in a protected memory separate from the memory.
-
公开(公告)号:US20190278525A1
公开(公告)日:2019-09-12
申请号:US16420624
申请日:2019-05-23
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: Various embodiments are generally directed to techniques for encrypting stored data. An apparatus includes a processor component comprising a cache that comprises a cache line to store a first block of data corresponding to a second block of encrypted data stored within a storage; a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store metadata associated with generation of the second block of encrypted data from the first block in response to eviction of the first block from the cache line; and an encrypter to encrypt the compressed data within the first block to generate the encrypted data within the second block and to store encryption metadata associated with encrypting the compressed data within the second block as a portion of the metadata associated with the generation of the second block.
-
公开(公告)号:US20190050581A1
公开(公告)日:2019-02-14
申请号:US15942122
申请日:2018-03-30
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
IPC: G06F21/60 , H04L9/08 , G06F12/1009
Abstract: Various embodiments are generally directed to techniques for enclave confidentiality management, such as for protecting cross enclave confidentiality on servers, for instance. Some embodiments are particularly directed to a computing platform including hardware and/or instruction set architecture (ISA) extensions that ensure enclaves cannot access confidential data of other enclaves. For example, key programming ISA extensions and/or hardware changes to the page miss handler (PMH) may ensure that the key uniquely associated with an enclave is used for its memory accesses.
-
公开(公告)号:US20180107846A1
公开(公告)日:2018-04-19
申请号:US15792350
申请日:2017-10-24
Applicant: INTEL CORPORATION
Inventor: JUNGJU OH , SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: The present disclosure is directed to a flexible counter system for memory protection. In general, a counter system for supporting memory protection operations in a device may be made more efficient utilizing flexible counter structures. A device may comprise a processing module and a memory module. A flexible counter system in the memory module may comprise at least one data line including a plurality of counters. The bit-size of the counters may be reduced and/or varied from existing implementations through an overflow counter that may account for smaller counters entering an overflow state. Counters that utilize the overflow counter may be identified using a bit indicator. In at least one embodiment selectors corresponding to each of the plurality of counters may be able to map particular memory locations to particular counters.
-
-
-
-
-
-
-
-
-
Search Results
30
records
(took 0.021 seconds)
