-
公开(公告)号:US20170075822A1
公开(公告)日:2017-03-16
申请号:US15358976
申请日:2016-11-22
Applicant: INTEL CORPORATION
Inventor: Siddhartha Chhabra , Uday R. Savagaonkar , Men Long , Edgar Borrayo , Alpa T. Narendra Trivedi , Carlos Ornelas
CPC classification number: G06F12/1408 , G06F9/546 , G06F13/16 , G06F13/1605 , G06F21/72 , G06F2212/1052 , Y02D10/14
Abstract: Memory encryption engine (MEE) integration technologies are described. A MEE system may include a MEE interface and a MEE core. The MEE interface may receive a data from an arbiter, where the data is selected by the arbiter from data at memory link queues. The MEE interface may adjust a timing rate to send the data to match a timing of a MEE core. The MEE core may be coupled to the MEE interface and may receive the data from the MEE interface.
Abstract translation: 描述内存加密引擎(MEE)集成技术。 MEE系统可以包括MEE接口和MEE核。 MEE接口可以从仲裁器接收数据,其中数据由仲裁器从存储器链路队列的数据中选择。 MEE接口可以调整定时速率以发送数据以匹配MEE核的定时。 MEE核可以耦合到MEE接口并且可以从MEE接口接收数据。
-
22.发明授权Secure vault service for software components within an execution environment 有权为执行环境中的软件组件提供安全的保管库服务公开(公告)号:US09547772B2
公开(公告)日:2017-01-17
申请号:US14323076
申请日:2014-07-03
Applicant: Intel Corporation
Inventor: David M Durham , Hormuzd M Khosravi , Uri Blumenthal , Men Long
CPC classification number: G06F21/6209 , G06F12/1408 , G06F12/1466 , G06F12/1475 , G06F21/52 , G06F21/53
Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
Abstract translation: 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置,物品,方法和系统的实施例。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制存储器区域,以便仅通过特定认证的,授权的和已验证的软件组件进行访问,即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。
-
公开(公告)号:US20160285892A1
公开(公告)日:2016-09-29
申请号:US14669226
申请日:2015-03-27
Applicant: Intel Corporation
Inventor: Eugene M. Kishinevsky , Siddhartha Chhabra , Men Long , Jungju Oh , David M. Durham
CPC classification number: G06F12/1408 , G06F21/00 , G06F2212/1052
Abstract: In an embodiment, a processor includes: at least one core to execute instructions; and a memory protection logic to encrypt data to be stored to a memory coupled to the processor, generate a message authentication code (MAC) based on the encrypted data, the MAC to have a first value according to a first key, obtain the encrypted data from the memory and validate the encrypted data using the MAC, where the MAC is to be re-keyed to have a second value according to a second key and without the encrypted data. Other embodiments are described and claimed.
Abstract translation: 在一个实施例中,处理器包括:执行指令的至少一个核心; 以及存储器保护逻辑,用于加密要存储到耦合到处理器的存储器的数据的存储器保护逻辑,基于加密数据生成消息认证码(MAC),MAC根据第一密钥具有第一值,获得加密数据 并且使用MAC验证加密数据,其中MAC将被重新键入以具有根据第二密钥的第二值并且没有加密数据。 描述和要求保护其他实施例。
-
公开(公告)号:US20160254905A1
公开(公告)日:2016-09-01
申请号:US14967545
申请日:2015-12-14
Applicant: Intel Corporation
Inventor: David M. Durham , Men Long
CPC classification number: H04L9/0618 , G06F11/1068 , G06F12/0868 , G06F12/1408 , G06F21/554 , G06F21/602 , G06F21/64 , G06F2212/1021 , G06F2212/1052 , G11C29/52 , G11C2029/1804 , G11C2029/3602 , H04L9/0637 , H04L9/3239 , H04L9/3242 , H04L9/3247 , Y02D10/13
Abstract: Systems and methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.
-
公开(公告)号:US20160180114A1
公开(公告)日:2016-06-23
申请号:US14577812
申请日:2014-12-19
Applicant: Intel Corporation
Inventor: Manoj R. Sastry , Alpa Narendra Trivedi , Men Long
Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
Abstract translation: 本文描述了片上系统(SoC)安全插件的系统和技术。 可以在来自SoC组件的互连端点处接收组件消息。 互连端点可以通过安全互连将组件消息传递给安全组件。 安全组件可以使用加密引擎来保护组件消息来创建安全消息。 安全消息通过安全互连传递回互连端点,并通过互连端点在互连上传输。
-
Patent Agency Ranking
公开(公告)号:US09245141B2
公开(公告)日:2016-01-26
申请号:US14557079
申请日:2014-12-01
Applicant: Intel Corporation
Inventor: David M. Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
-
27.发明申请APPARATUS, SYSTEM AND METHOD OF PROTECTING DOMAINS OF A MULTIMODE WIRELESS RADIO TRANSCEIVER 有权多模无线无线电收发器保护域的装置,系统及方法公开(公告)号:US20150189509A1
公开(公告)日:2015-07-02
申请号:US14141477
申请日:2013-12-27
Applicant: Intel Corporation
Inventor: Farhana Asrar Sheikh , Patrick Koeberl , Jesse Walker , Hossein Alavi , Men Long , Ram Kumar Krishnamurthy , Alpa T. Narendra Trivedi
Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of protecting domains of a multimode wireless radio transceiver. For example, an apparatus may include a protection domain controller (PDC) to restrict access of a configuration software to a protection domain of a plurality of protection domains of a multimode wireless radio transceiver based on a security level of the configuration software, wherein the protection domain includes one or more radio configuration parameters of the multimode wireless radio transceiver.
Abstract translation: 一些演示实施例包括保护多模无线电收发机的域的设备,系统和/或方法。 例如,设备可以包括保护域控制器(PDC),其基于配置软件的安全级别来限制配置软件到多模无线无线电收发器的多个保护域的保护域的访问,其中保护 域包括多模无线收发器的一个或多个无线电配置参数。
-
公开(公告)号:US12093431B2
公开(公告)日:2024-09-17
申请号:US18363176
申请日:2023-08-01
Applicant: Intel Corporation
Inventor: Manoj R. Sastry , Alpa Narendra Trivedi , Men Long
CPC classification number: G06F21/72 , G06F21/85 , G09C1/00 , H04L9/0643 , H04L9/0897 , G06F2207/7219 , G06F2211/008 , G06F2213/0038 , H04L2209/76
Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
-
公开(公告)号:US11797678B2
公开(公告)日:2023-10-24
申请号:US17384279
申请日:2021-07-23
Applicant: Intel Corporation
Inventor: Michael LeMay , David M. Durham , Men Long
IPC: G06F21/56 , G06F12/0802 , G06F12/1009
CPC classification number: G06F21/567 , G06F12/0802 , G06F12/1009 , G06F21/564 , G06F2212/1052 , G06F2212/151 , G06F2212/683
Abstract: An example apparatus includes a scan manager to add a portion of a page of physical memory from a first sequence of mappings to a second sequence of mappings in response to determining the second sequence includes an address corresponding to the portion of the page of physical memory, and a scanner to scan the first sequence and the second sequence to determine whether at least one of first data in the first sequence or second data in the second sequence includes a pattern indicative of malware.
-
公开(公告)号:US11416414B2
公开(公告)日:2022-08-16
申请号:US16724603
申请日:2019-12-23
Applicant: Intel Corporation
Inventor: David M. Durham , Michael Lemay , Men Long
IPC: G06F12/00 , G06F12/1027 , G06F12/14 , G06F9/30 , G06F12/1045 , G06F12/1081
Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
54
records
(took 0.023 seconds)
