公开(公告)号：US10091213B2

公开(公告)日：2018-10-02

申请号：US14818654

申请日：2015-08-05

Applicant: INTEL CORPORATION

Inventor： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Paul J. Thadikaran ,  David Michael Durham

IPC: H04L29/06 ,  G06F21/10 ,  G06F21/57

Abstract: Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device.

公开(公告)号：US20180096137A1

公开(公告)日：2018-04-05

申请号：US15283357

申请日：2016-10-01

Applicant: Intel Corporation

Inventor： Jonathan Trostle ,  Paritosh Saxena ,  Ernie Brickell ,  Thomas J. Barnes

IPC: G06F21/53 ,  G06F21/44 ,  G06F21/34 ,  G06F21/33

CPC classification number: G06F21/53 ,  G06F21/33 ,  G06F21/34 ,  G06F21/44 ,  G06F2221/2103

Abstract: A method, apparatus, and computer-readable medium are provided to determine whether to enroll a computing device as a provider of a secure application enclave for a secure an application. The following information is obtained from a second computing device: a device identifier for a first computing device, application information, and data for a shared secret. The first computing device is configured to provide a secure application enclave to support execution of a secure the application associated with the application information, and the shared secret is shared between the secure application enclave and a user of the first computing device. A determination is made whether to enroll the first computing device as a provider of the secure application enclave for the secure application using the device identifier, the application information, and the data for the shared secret. The secure application enclave may be notified whether the enrollment of the first computing device is successful.

公开(公告)号：US20170235953A1

公开(公告)日：2017-08-17

申请号：US15391702

申请日：2016-12-27

Applicant: Intel Corporation

Inventor： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Paritosh Saxena

IPC: G06F21/56 ,  G06F3/06 ,  G06F21/80 ,  G06F17/30

CPC classification number: G06F21/564 ,  G06F3/0623 ,  G06F3/0643 ,  G06F3/0673 ,  G06F17/30091 ,  G06F17/301 ,  G06F21/565 ,  G06F21/567 ,  G06F21/575 ,  G06F21/78 ,  G06F21/80 ,  G06F2221/034

Abstract: Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

公开(公告)号：US09158916B2

公开(公告)日：2015-10-13

申请号：US13995244

申请日：2012-10-17

Applicant: Intel Corporation

Inventor： Daniel Nemiroff ,  Paul J. Thadikaran ,  Paritosh Saxena ,  Nicholas D. Triantafillou ,  Andrew H. Gafken

IPC: G06F21/00 ,  G06F21/55

CPC classification number: G06F21/55 ,  G06F21/554 ,  G06F21/568 ,  G06F21/78

Abstract: An embodiment may include a storage processor that may be comprised, at least in part, in a host. The host may include at least one host central processing unit (CPU) to execute at least one host operating system (OS). The storage processor may execute at least one operation in isolation from interference from and control by the at least one host CPU and the at least one host OS. The at least one operation may facilitate, at least in part: (1) prevention, at least in part, of unauthorized access to storage, (2) prevention, at least in part, of execution by the at least one host CPU of at least one unauthorized instruction, (3) detection, at least in part, of the at least one unauthorized instruction, and/or (4) remediation, at least in part, of at least one condition associated, at least in part, with the at least unauthorized instruction.

Abstract translation: 一个实施例可以包括可以至少部分地包括在主机中的存储处理器。 主机可以包括至少一个主机中央处理单元（CPU），以执行至少一个主机操作系统（OS）。 存储处理器可以与至少一个主机CPU和至少一个主机OS的干扰和控制隔离起来执行至少一个操作。 所述至少一个操作可以至少部分地促进：（1）至少部分地防止非法访问存储，（2）至少部分地防止所述至少一个主机CPU执行 至少一个未经授权的指令，（3）至少部分地至少检测至少一个未经授权的指令，和/或（4）至少部分地至少部分地与 至少未经授权的指令。