公开(公告)号：US09442865B2

公开(公告)日：2016-09-13

申请号：US15000081

申请日：2016-01-19

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Arvind Kumar ,  Purushottam Goel

IPC: G06F1/04 ,  G06F12/14 ,  H04L9/14

CPC classification number: G06F12/1408 ,  G06F9/45558 ,  G06F9/4812 ,  G06F9/5077 ,  G06F2009/45579 ,  G06F2212/1052 ,  H04L9/14 ,  H04L9/3242 ,  H04L63/168 ,  H04L2209/24 ,  Y02D10/22 ,  Y02D10/24 ,  Y02D10/36

Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.

公开(公告)号：US11550917B2

公开(公告)日：2023-01-10

申请号：US16457184

申请日：2019-06-28

Applicant: Intel Corporation

Inventor： Aditya Katragada ,  Prashant Dewan ,  Karunakara Kotary ,  Vinupama Godavarthi ,  Kumar Dwarakanath ,  Alex Izbinsky ,  Purushottam Goel

IPC: G06F21/57 ,  G06F21/72 ,  G06F9/445

Abstract: There is disclosed in one example, a system-on-a-chip (SoC), including: a processor core; a fabric; an intellectual property (IP) block communicatively coupled to the processor core via the fabric, the IP block having a microcontroller configured to provide a microcontroller architecture; a firmware load interface configured to provide a standardized hardware interface to the microcontroller architecture, wherein the standardized hardware interface provides an architecture-agnostic mechanism to securely load a firmware to the intellectual property block; and logic to provide a loader to load a firmware to the IP block via the firmware load interface.

公开(公告)号：US20170323095A1

公开(公告)日：2017-11-09

申请号：US15484660

申请日：2017-04-11

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Purushottam Goel

IPC: G06F21/41 ,  G06F21/33 ,  H04L9/32 ,  H04L9/08 ,  H04L29/06 ,  G06F21/57 ,  G06F21/31 ,  G06F21/80 ,  G06F21/72

CPC classification number: G06F21/335 ,  G06F21/31 ,  G06F21/33 ,  G06F21/41 ,  G06F21/575 ,  G06F21/72 ,  G06F21/80 ,  G06F2221/034 ,  G06F2221/2103 ,  G09G2358/00 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/3213 ,  H04L63/0807 ,  H04L63/0815

Abstract: A manageability engine (ME) receives an authentication response from a user during pre-boot authentication and registers the user with a key distribution center (KDC), indicating that the user has successfully authenticated to the PC. The KDC supplies the ME with single-sign-on credentials in the form of a Key Encryption Key (KEK). The KEK may later be used by the PC to obtain a credential used to establish secure access to Enterprise servers.

公开(公告)号：US20160246998A1

公开(公告)日：2016-08-25

申请号：US15144331

申请日：2016-05-02

Applicant: Intel Corporation

Inventor： Ned Smith ,  Purushottam Goel ,  Victoria Moore

IPC: G06F21/82 ,  G06F21/60

CPC classification number: G06F21/82 ,  G06F21/00 ,  G06F21/35 ,  G06F21/604 ,  G06F2221/2137

Abstract: Systems and methods may provide implementing one or more device locking procedures to block access to a device. In one example, the method may include receiving an indication that a user is no longer present, initiating a timing mechanism to set a period to issue a first device lock instruction to lock a peripheral device, relaying timing information from the timing mechanism to a controller module associated with the peripheral device; and locking the peripheral device upon expiration of the period.

Abstract translation: 系统和方法可以提供实现一个或多个设备锁定过程以阻止对设备的访问。 在一个示例中，该方法可以包括接收用户不再存在的指示，启动定时机制以设置周期以发出第一设备锁定指令以锁定外围设备，将定时信息从定时机制中继到控制器 与外围设备相关的模块; 并且在所述周期期满时锁定所述外围设备。

公开(公告)号：US09268594B2

公开(公告)日：2016-02-23

申请号：US14730224

申请日：2015-06-03

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Arvind Kumar ,  Purushottam Goel

IPC: G06F9/455 ,  G06F9/48 ,  G06F9/50 ,  H04L9/32 ,  H04L29/06

CPC classification number: G06F12/1408 ,  G06F9/45558 ,  G06F9/4812 ,  G06F9/5077 ,  G06F2009/45579 ,  G06F2212/1052 ,  H04L9/14 ,  H04L9/3242 ,  H04L63/168 ,  H04L2209/24 ,  Y02D10/22 ,  Y02D10/24 ,  Y02D10/36

Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.

公开(公告)号：US20150293777A1

公开(公告)日：2015-10-15

申请号：US14730224

申请日：2015-06-03

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Arvind Kumar ,  Purushottam Goel

IPC: G06F9/455 ,  G06F9/48 ,  H04L29/06 ,  H04L9/32

CPC classification number: G06F12/1408 ,  G06F9/45558 ,  G06F9/4812 ,  G06F9/5077 ,  G06F2009/45579 ,  G06F2212/1052 ,  H04L9/14 ,  H04L9/3242 ,  H04L63/168 ,  H04L2209/24 ,  Y02D10/22 ,  Y02D10/24 ,  Y02D10/36

Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.

Abstract translation: 描述与用于执行安全嵌入式容器的处理器扩展有关的方法和装置。 在一个实施例中，提供了用于可管理性功能的可扩展解决方案，例如对于UMPC环境，或者其他利用专用处理器或微控制器进行可管理性是不合适或不切实际的。 例如，在一个实施例中，OS（操作系统）或VMM（虚拟机管理器）独立（本文通常称为“OI”）架构涉及通过动态地划分资源（例如处理器周期）来在处理器上创建一个或多个容器 ，内存，设备）在HOST OS / VMM和OI容器之间。 还描述和要求保护其他实施例。

公开(公告)号：US20150013002A1

公开(公告)日：2015-01-08

申请号：US14496186

申请日：2014-09-25

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Vedvyas Shanbhogue ,  Arvind Kumar ,  Purushottam Goel

IPC: G06F21/55 ,  G06F21/57 ,  G06F21/44

CPC classification number: G06F21/554 ,  G06F21/44 ,  G06F21/57 ,  G06F21/64

Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器包括微代码存储器，其包括处理器指令，用于创建和执行在系统软件不可见的隐藏环境中执行的隐藏资源管理器（HRM）。 处理器还可以包括扩展寄存器，用于存储包括隐藏环境的至少一个内核代码模块的测量值和至少一个内核代码模块的验证状态的安全信息。 描述和要求保护其他实施例。