-
公开(公告)号:US09710675B2
公开(公告)日:2017-07-18
申请号:US14669235
申请日:2015-03-26
Applicant: Intel Corporation
Inventor: David M. Durham , Siddhartha Chhabra , Jungju Oh , Men Long , Eugene M. Kishinevsky
CPC classification number: G06F21/79 , G06F12/1408 , G06F21/71 , G06F2212/1052 , H04L9/0891 , H04L9/3242
Abstract: In an embodiment, a processor includes: at least one core to execute instructions; a cache memory coupled to the at least one core to store data; and a tracker cache memory coupled to the at least one core. The tracker cache memory includes entries to store an integrity value associated with a data block to be written to a memory coupled to the processor. Other embodiments are described and claimed.
-
公开(公告)号:US20170185532A1
公开(公告)日:2017-06-29
申请号:US14998054
申请日:2015-12-24
Applicant: Intel Corporation
Inventor: David M. Durham , Siddhartha Chhabra , Sergej Deutsch , Men Long , Alpa T. Narendra Trivedi
CPC classification number: G06F11/1004 , G06F12/0886 , G06F12/1408 , G06F21/00 , G06F21/79 , G06F2212/401 , H04L9/0858 , H04L9/304
Abstract: Apparatus, systems, and/or methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits, for example based on a compressibility function. An integrity action may be implemented when the unencrypted data includes a random distribution of the plurality of bits, which may include error correction including a modification to ciphertext of the unencrypted data. Independently of error correction, a diffuser may generate intermediate and final ciphertext. In addition, a key and/or a tweak may be derived for a location in the memory. Moreover, an integrity value may be generated (e.g., as a copy) from a portion of the unencrypted data, and/or stored in a slot of an integrity check line based on the location.
-
公开(公告)号:US09654453B2
公开(公告)日:2017-05-16
申请号:US14691203
申请日:2015-04-20
Applicant: Intel Corporation
Inventor: Divya Naidu Kolar Sunder , Prashant Dewan , Men Long
CPC classification number: H04L63/0435 , H04L9/083 , H04L63/0428 , H04L63/062 , H04L63/20
Abstract: A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.
-
14.发明授权Secure vault service for software components within an execution environment 有权为执行环境中的软件组件提供安全的保管库服务公开(公告)号:US09361471B2
公开(公告)日:2016-06-07
申请号:US14557079
申请日:2014-12-01
Applicant: Intel Corporation
Inventor: David M. Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
CPC classification number: G06F21/6209 , G06F12/1408 , G06F12/1466 , G06F12/1475 , G06F21/52 , G06F21/53
Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
Abstract translation: 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置,物品,方法和系统的实施例。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制存储器区域,以便仅通过特定认证的,授权的和已验证的软件组件进行访问,即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。
-
公开(公告)号:US09015484B2
公开(公告)日:2015-04-21
申请号:US13953594
申请日:2013-07-29
Applicant: Intel Corporation
Inventor: Divya Naidu Kolar Sundar , Prashant Dewan , Men Long
CPC classification number: H04L63/0435 , H04L9/083 , H04L63/0428 , H04L63/062 , H04L63/20
Abstract: A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.
Abstract translation: 公开了一种方法,装置和系统。 在一个实施例中,该方法包括从密钥分发服务器上的客户端接收测量的健康信息。 一旦接收到测量的健康信息,服务器就能够验证测量的健康信息,看它是否可信。 当测量的健康信息被验证时,服务器还能够向客户端发送会话密钥。 当客户端接收会话密钥时,客户端能够使用会话密钥发起与域中的应用服务器的加密和认证连接。
-
Patent Agency Ranking
公开(公告)号:US20220405427A1
公开(公告)日:2022-12-22
申请号:US17679009
申请日:2022-02-23
Applicant: Intel Corporation
Inventor: Manoj R. Sastry , Alpa Narendra Trivedi , Men Long
Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
-
公开(公告)号:US20220224510A1
公开(公告)日:2022-07-14
申请号:US17706288
申请日:2022-03-28
Applicant: Intel Corporation
Inventor: Eugene M. Kishinevsky , Uday Savagaonkar , Alpa T. Narendra Trivedi , Siddhartha Chhabra , Baiju V. Patel , Men Long , Kirk S. Yap , David M. Durham
Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.
-
公开(公告)号:US20200259632A1
公开(公告)日:2020-08-13
申请号:US16733685
申请日:2020-01-03
Applicant: Intel Corporation
Inventor: Eugene M. Kishinevsky , Uday R. Savagaonkar , Alpa T. Narendra Trivedi , Siddhartha Chhabra , Baiju V. Patel , Men Long , Kirk S. Yap , David M. Durham
Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.
-
公开(公告)号:US09990249B2
公开(公告)日:2018-06-05
申请号:US14998054
申请日:2015-12-24
Applicant: Intel Corporation
Inventor: David M Durham , Siddhartha Chhabra , Sergej Deutsch , Men Long , Alpa T Narendra Trivedi
CPC classification number: G06F11/1004 , G06F12/0886 , G06F12/1408 , G06F21/00 , G06F21/79 , G06F2212/401 , H04L9/0858 , H04L9/304
Abstract: Apparatus, systems, and/or methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits, for example based on a compressibility function. An integrity action may be implemented when the unencrypted data includes a random distribution of the plurality of bits, which may include error correction including a modification to ciphertext of the unencrypted data. Independently of error correction, a diffuser may generate intermediate and final ciphertext. In addition, a key and/or a tweak may be derived for a location in the memory. Moreover, an integrity value may be generated (e.g., as a copy) from a portion of the unencrypted data, and/or stored in a slot of an integrity check line based on the location.
-
公开(公告)号:US09792229B2
公开(公告)日:2017-10-17
申请号:US14669226
申请日:2015-03-27
Applicant: Intel Corporation
Inventor: Eugene M. Kishinevsky , Siddhartha Chhabra , Men Long , Jungju Oh , David M. Durham
CPC classification number: G06F12/1408 , G06F21/00 , G06F2212/1052
Abstract: In an embodiment, a processor includes: at least one core to execute instructions; and a memory protection logic to encrypt data to be stored to a memory coupled to the processor, generate a message authentication code (MAC) based on the encrypted data, the MAC to have a first value according to a first key, obtain the encrypted data from the memory and validate the encrypted data using the MAC, where the MAC is to be re-keyed to have a second value according to a second key and without the encrypted data. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
54
records
(took 0.019 seconds)
