公开(公告)号：US10079684B2

公开(公告)日：2018-09-18

申请号：US14974893

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Ansuya Negi ,  Nitin V. Sarangdhar ,  Ulhas S. Warrier ,  Ramkumar Venkatachary ,  Ravi L. Sahita ,  Scott H. Robinson ,  Karanvir S. Grewal

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3231 ,  H04L9/0816 ,  H04L9/0825

Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.

公开(公告)号：US09740882B2

公开(公告)日：2017-08-22

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/60 ,  H04W12/02

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

公开(公告)号：US20150248566A1

公开(公告)日：2015-09-03

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/62

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

Abstract translation: 用于计算设备上的传感器隐私的技术包括由计算设备的传感器控制器接收来自计算设备的传感器的传感器数据; 确定传感器的传感器模式; 以及响应于所述传感器的传感器模式被设置为专用模式的确定，发送隐私数据代替所述传感器数据。 这些技术还可以包括由计算设备的安全引擎经由计算设备的信任输入/输出路径从计算设备的用户接收传感器模式改变命令; 并且向传感器控制器发送模式命令以基于传感器模式改变命令来设置传感器的传感器模式，其中发送模式命令包括通过在安全引擎和传感器控制器之间建立的专用总线发送模式命令。 本文描述了其它实施例。

公开(公告)号：US09087000B2

公开(公告)日：2015-07-21

申请号：US13836863

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Gustavo P. Espinosa ,  Steven M. Bennett

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/71 ,  G06F21/78

CPC classification number: G06F12/1408 ,  G06F21/71 ,  G06F21/78

Abstract: According to an embodiment of the invention, a method for operating a data processing machine is described in which data about a state of the machine is written to a location in storage. The location is one that is accessible to software that may be written for the machine. The state data as written is encoded. This state data may be recovered from the storage according to a decoding process. Other embodiments are also described and claimed.

Abstract translation: 根据本发明的实施例，描述了一种用于操作数据处理机器的方法，其中关于机器状态的数据被写入存储器中的位置。 该位置是可以为机器编写的软件可访问的位置。 写入的状态数据被编码。 该状态数据可以根据解码处理从存储器恢复。 还描述和要求保护其他实施例。

公开(公告)号：US20150067683A1

公开(公告)日：2015-03-05

申请号：US14538451

申请日：2014-11-11

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Vijay Tewari ,  Robert C. Knauerhase

IPC: G06F9/455 ,  H04L29/06

CPC classification number: G06F9/45545 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45562 ,  G06F2009/45566 ,  H04L63/08 ,  H04L63/0815

Abstract: A virtual environment manager (“VEM”) simplifies the usability of virtual machines and provides users with an enhanced design for creating and/or for managing virtual machines (“VMs”). For example, a user can select description information and management information to be included in descriptors and according to which a VEM will create and manage various VM environments for various host environments. The VEM automatically creates the VM environments and host environments by sending descriptor description information and data files associated with the description information to virtual machine monitors (VMMs), which create the VM environments according to the description information. A VEM at each host may manage VM environments executed by the VMM, according to the descriptor management information. Thus, a set of descriptors to create and manage a set of VMs for a home computer may be easily modified by a user to create and manage a set of VMs for a work or laptop computer.

公开(公告)号：US11347530B2

公开(公告)日：2022-05-31

申请号：US16830520

申请日：2020-03-26

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Vijay Tewari ,  Robin C. Knauerhase

IPC: G06F9/455 ,  G06F21/53 ,  H04L29/06

Abstract: A method for unifying VMs comprises presenting, in a display device, a unified view that includes GUI elements for multiple applications that execute in respective VMs in a computing device. The operation of presenting the unified view may be performed by a unification console that executes in a dedicated VM. The method also comprises (a) after presenting the unified view, receiving, by the unification console, user input pertaining to a selected application; (b) redirecting the user input from the unification console in the dedicated VM to the selected application in its respective VM; (c) receiving, by the unification console outside of the VM for the selected application, application output from the selected application; and (d) rendering output for a user, based on the application output received by the unification console. Other embodiments are described and claimed.

公开(公告)号：US10749683B2

公开(公告)日：2020-08-18

申请号：US16133952

申请日：2018-09-18

Applicant: Intel Corporation

Inventor： Ansuya Negi ,  Nitin V. Sarangdhar ,  Ulhas S. Warrier ,  Ramkumar Venkatachary ,  Ravi L. Sahita ,  Scott H. Robinson ,  Karanvir S. Grewal

IPC: H04L9/32 ,  H04L9/08

Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.

公开(公告)号：US20200225969A1

公开(公告)日：2020-07-16

申请号：US16830520

申请日：2020-03-26

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Vijay Tewari ,  Robin C. Knauerhase

IPC: G06F9/455 ,  G06F21/53 ,  H04L29/06

Abstract: A method for unifying VMs comprises presenting, in a display device, a unified view that includes GUI elements for multiple applications that execute in respective VMs in a computing device. The operation of presenting the unified view may be performed by a unification console that executes in a dedicated VM. The method also comprises (a) after presenting the unified view, receiving, by the unification console, user input pertaining to a selected application; (b) redirecting the user input from the unification console in the dedicated VM to the selected application in its respective VM; (c) receiving, by the unification console outside of the VM for the selected application, application output from the selected application; and (d) rendering output for a user, based on the application output received by the unification console. Other embodiments are described and claimed.

公开(公告)号：US20170185776A1

公开(公告)日：2017-06-29

申请号：US14998065

申请日：2015-12-24

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Ravi L. Sahita ,  Mark W. Shanahan ,  Karanvir S. Grewal ,  Nitin V. Sarangdhar ,  Carlos V. Rozas ,  Bo Zhang ,  Shanwei Cen

IPC: G06F21/56 ,  G06F12/08 ,  G06F12/14 ,  G06F9/455

CPC classification number: G06F12/145 ,  G06F9/45558 ,  G06F21/575 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2221/034

Abstract: Systems, apparatuses and methods may provide for verifying, from outside a trusted computing base of a computing system, an identity an enclave instance prior to the enclave instance being launched in the trusted computing base, determining a memory location of the enclave instance and confirming that the memory location is local to the computing system. In one example, the enclave instance is a proxy enclave instance, wherein communications are conducted with one or more additional enclave instances in the trusted computing base via the proxy enclave instance and an unencrypted channel.

公开(公告)号：US20150350255A1

公开(公告)日：2015-12-03

申请号：US14825645

申请日：2015-08-13

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Jason Martin ,  Howard C. Herbert ,  Michael LeMay ,  Karanvir Ken S. Grewal ,  Keith L. Shippy ,  Geoffrey Strongin

IPC: H04L29/06 ,  G06K9/00 ,  H04L29/08

CPC classification number: H04L63/20 ,  G06K9/00228 ,  H04L63/105 ,  H04L67/24

Abstract: Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.

Abstract translation: 传感器数据可能会在安全的环境中进行过滤。 滤波可能会限制传感器数据的分布。 过滤可以修改传感器数据，例如，以防止识别拍摄图像中描绘的人，或阻止获取用户的精确位置。 过滤还可以添加或要求其他数据使用控制来访问数据。 也可以提供过滤器策略正在应用和正常工作的证明。