-
公开(公告)号:US20190296893A1
公开(公告)日:2019-09-26
申请号:US16426746
申请日:2019-05-30
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: Various embodiments are generally directed to techniques for converting between different cipher systems, such as, for instance, between a cipher system used for a first encryption environment and a different cipher system used for a second encryption environment, for instance. Some embodiments are particularly directed to an encryption engine that supports memory operations between two or more encryption environments. Each encryption environment can use different cipher systems while the encryption engine can translate ciphertext between the different cipher systems. In various embodiments, for instance, the first encryption environment may include a main memory that uses a position dependent cipher system and the second encrypted environment may include a secondary memory that uses a position independent cipher system.
-
公开(公告)号:US20190213143A1
公开(公告)日:2019-07-11
申请号:US15282575
申请日:2016-09-30
Applicant: Intel Corporation
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: The presently disclosed method and apparatus for sharing security metadata memory space proposes a technique to allow metadata sharing two different encryption techniques. A section of memory encrypted using a first type of encryption and having first security metadata associated therewith is converted to a section of memory encrypted using a second type of encryption and having second security metadata associated therewith. At least a portion of said first security metadata shares a memory space with at least a portion of said second security metadata for a same section of memory.
-
公开(公告)号:US20190042324A1
公开(公告)日:2019-02-07
申请号:US15942029
申请日:2018-03-30
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
IPC: G06F9/50 , G06F12/0808 , G06F12/084 , G06F12/14 , H04L9/32 , G06F9/455
Abstract: Various embodiments are generally directed to techniques for dynamic resource allocation among cryptographic domains, such as with memory pages in a platform that implements a plurality of cryptographically isolated domains, for instance. Some embodiments are particularly directed to a platform that includes a resource allocation manager (RMGR) that allows for page reassignment among cryptographically isolated virtual machines (VMs) while ensuring functional correctness with respect to integrity. In many embodiments, the RMGR may include hardware and/or software support for a new instruction that enables efficient key reassignment for memory pages.
-
公开(公告)号:US20170288874A1
公开(公告)日:2017-10-05
申请号:US15087144
申请日:2016-03-31
Applicant: Intel Corporation
Inventor: ALPA T. NARENDRA TRIVEDI , SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: This disclosure is directed to cryptographic protection for trusted operating systems. In general, a device may comprise for example, at least processing circuitry and memory circuitry. The device may be virtualized in that the processing circuitry may load virtual machines (VMs) and a virtual machine manager (VMM) into the memory circuitry during operation. At least one of the VMs may operate as a trusted execution environment (TEE) including a trusted operating system (TOS). The processing circuitry may comprise encryption circuitry to cryptographically protect the TOS. For example, the VMM may determine a first memory range in which the TOS will be loaded and store data regarding the first memory range in a register within the encryption circuitry. The register configures the encryption circuitry to cryptographically protect the TOS.
-
公开(公告)号:US20220413886A1
公开(公告)日:2022-12-29
申请号:US17359117
申请日:2021-06-25
Applicant: Intel Corporation
Inventor: SCOTT GRIFFY , DAVID BRONLEEWE , HORMUZD KHOSRAVI , SIDDHARTHA CHHABRA
IPC: G06F9/455 , G06F21/60 , G06F15/173
Abstract: Systems, methods, and apparatuses to support encrypted remote direct memory access for live migration of a virtual machine are described. In one embodiment, a first computer system includes an encryption circuit in a hardware processor of the first computer system to encrypt data, a memory controller circuit, of the first computer system, comprising a port to couple to a network interface controller circuit, a direct memory access engine circuit of the first computer system to access a memory in the first computer system, and the hardware processor to, for a request to perform a live migration of a virtual machine from the first computer system to a second computer system via the network interface controller circuit: encrypt code and data of the virtual machine from the memory with an encryption key by the encryption circuit of the hardware processor, store the encrypted code and data of the virtual machine within a migration buffer of the memory of the first computer system by the direct memory access engine circuit, and cause the network interface controller circuit to send the encrypted code and data of the virtual machine from the migration buffer to the second computer system via the network interface controller circuit without the network interface controller circuit performing an additional encryption.
-
Patent Agency Ranking
公开(公告)号:US20200004696A1
公开(公告)日:2020-01-02
申请号:US16558705
申请日:2019-09-03
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: Various embodiments are generally directed to techniques for multi-domain memory encryption, such as with a plurality of cryptographically isolated domains, for instance. Some embodiments are particularly directed to a multi-domain encryption system that provides one or more of memory encryption, integrity, and replay protection services to a plurality of cryptographic domains. In one embodiment, for example, an apparatus may comprise a memory and logic for an encryption engine, at least a portion of the logic implemented in circuitry coupled to the memory. In various embodiments, the logic may receive a memory operation request associated with a data line of a set of data lines stored in a protected memory separate from the memory.
-
公开(公告)号:US20190278525A1
公开(公告)日:2019-09-12
申请号:US16420624
申请日:2019-05-23
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: Various embodiments are generally directed to techniques for encrypting stored data. An apparatus includes a processor component comprising a cache that comprises a cache line to store a first block of data corresponding to a second block of encrypted data stored within a storage; a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store metadata associated with generation of the second block of encrypted data from the first block in response to eviction of the first block from the cache line; and an encrypter to encrypt the compressed data within the first block to generate the encrypted data within the second block and to store encryption metadata associated with encrypting the compressed data within the second block as a portion of the metadata associated with the generation of the second block.
-
公开(公告)号:US20190050581A1
公开(公告)日:2019-02-14
申请号:US15942122
申请日:2018-03-30
Applicant: INTEL CORPORATION
Inventor: SIDDHARTHA CHHABRA , DAVID M. DURHAM
IPC: G06F21/60 , H04L9/08 , G06F12/1009
Abstract: Various embodiments are generally directed to techniques for enclave confidentiality management, such as for protecting cross enclave confidentiality on servers, for instance. Some embodiments are particularly directed to a computing platform including hardware and/or instruction set architecture (ISA) extensions that ensure enclaves cannot access confidential data of other enclaves. For example, key programming ISA extensions and/or hardware changes to the page miss handler (PMH) may ensure that the key uniquely associated with an enclave is used for its memory accesses.
-
公开(公告)号:US20180107846A1
公开(公告)日:2018-04-19
申请号:US15792350
申请日:2017-10-24
Applicant: INTEL CORPORATION
Inventor: JUNGJU OH , SIDDHARTHA CHHABRA , DAVID M. DURHAM
Abstract: The present disclosure is directed to a flexible counter system for memory protection. In general, a counter system for supporting memory protection operations in a device may be made more efficient utilizing flexible counter structures. A device may comprise a processing module and a memory module. A flexible counter system in the memory module may comprise at least one data line including a plurality of counters. The bit-size of the counters may be reduced and/or varied from existing implementations through an overflow counter that may account for smaller counters entering an overflow state. Counters that utilize the overflow counter may be identified using a bit indicator. In at least one embodiment selectors corresponding to each of the plurality of counters may be able to map particular memory locations to particular counters.
-
20.发明申请TREE-LESS INTEGRITY AND REPLAY MEMORY PROTECTION FOR TRUSTED EXECUTION ENVIRONMENT 审中-公开有害执行环境的树木不完整和重复记忆保护公开(公告)号:US20160328335A1
公开(公告)日:2016-11-10
申请号:US14703420
申请日:2015-05-04
Applicant: Intel Corporation
Inventor: BINATA BHATTACHARYYA , AMY L. SANTONI , RAGHUNANDAN MAKARAM , FRANCIS X. MCKEEN , SIMON P. JOHNSON , GEORGE Z. CHRYSOS , SIDDHARTHA CHHABRA
CPC classification number: H04L9/3242 , H04L9/0637 , H04L2209/12
Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.
Abstract translation: 用于实现可信执行环境的内存保护的系统和方法。 一个示例性处理系统包括:一个包装内存储器; 包括MEE缓存的存储器加密引擎(MEE),所述MEE响应于在所述MEE缓存内未能定位与从外部存储器加载的数据项相关联的加密元数据,从所述MEE缓存中检索至少部分所述加密元数据 OPM,并使用加密元数据验证数据项。
-
-
-
-
-
-
-
-
-
Search Results
28
records
(took 0.022 seconds)
