公开(公告)号：US20180097809A1

公开(公告)日：2018-04-05

申请号：US15283208

申请日：2016-09-30

Applicant: Intel Corporation

Inventor： Somnath Chakrabarti ,  Mona Vij ,  Carlos V. Rozas ,  Brandon Baker ,  Vincent R. Scarlata ,  Malini K. Bhandaru ,  Ning Sun ,  Jun Nakajima ,  Francis X. McKeen ,  Simon P. Johnson

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/08 ,  H04L63/126 ,  H04L67/10

Abstract: Particular embodiments described herein provide for receiving a request from a first cloud component in a cloud network, wherein the request is to access a key and the key allows the first cloud component to access located trusted execution environment of a second cloud component in the cloud network and allow the request on the condition that the first cloud component is authenticated. A more specific example includes determining a type for the first cloud component, and comparing the determined type of the first cloud component with a component type associated with the key. The example may also include blocking the request if the determined type of the first cloud component does not match the component type associated with the key.

公开(公告)号：US20180007023A1

公开(公告)日：2018-01-04

申请号：US15200820

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Somnath Chakrabarti ,  Mona Vij ,  Carlos V. Rozas ,  Brandon Baker ,  Vincent R. Scarlata ,  Francis X. McKeen ,  Simon P. Johnson

IPC: H04L29/06 ,  G06F9/48 ,  H04L9/08

CPC classification number: G06F9/4856 ,  H04L9/0894 ,  H04L9/3226 ,  H04L63/10 ,  H04L63/20 ,  H04L2463/062

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.

公开(公告)号：US09846787B2

公开(公告)日：2017-12-19

申请号：US14633701

申请日：2015-02-27

Applicant: INTEL CORPORATION

Inventor： Simon P. Johnson ,  Vincent R. Scarlata ,  Willard M. Wiseman

IPC: G06F21/00 ,  G06F21/71 ,  G06F21/10 ,  G06F21/57 ,  H04L9/32

CPC classification number: G06F21/71 ,  G06F21/10 ,  G06F21/57 ,  G06F2221/0748 ,  G06F2221/0797 ,  H04L9/3234

Abstract: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.

公开(公告)号：US09767044B2

公开(公告)日：2017-09-19

申请号：US14034813

申请日：2013-09-24

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Michael A. Goldsmith ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich

IPC: G06F12/00 ,  G06F12/14 ,  G06F12/0808 ,  G06F12/1027 ,  G06F9/455 ,  G06F12/0897

CPC classification number: G06F12/1408 ,  G06F9/45558 ,  G06F12/0808 ,  G06F12/0897 ,  G06F12/1027 ,  G06F2009/45587 ,  G06F2212/1032 ,  G06F2212/1048 ,  G06F2212/152

Abstract: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section that is convertible in response to a section conversion instruction.

公开(公告)号：US09667628B2

公开(公告)日：2017-05-30

申请号：US14534305

申请日：2014-11-06

Applicant: Intel Corporation

Inventor： Simon P. Johnson ,  Asher M. Altman ,  Abhishek Das ,  Vincent R. Scarlata

IPC: H04L29/06 ,  G06F21/51 ,  G06F21/53 ,  G06F21/60

CPC classification number: H04L63/0876 ,  G06F21/51 ,  G06F21/53 ,  G06F21/57 ,  G06F21/60 ,  H04L63/061 ,  H04L63/08

Abstract: The present application is directed to establishing ownership of a secure workspace (SW). A client device may provide a SW data structure (SWDS) to a SW configurator. A SWDS may comprise a hash of an original SW and a public key, and may be signed by a private key corresponding to the public key. The SW configurator may cause an execution container (EC) to be generated including a SW initiated using the SWDS. The client device may claim SW ownership using a request (signed by the private key) transmitted along with a copy of the public key. SW ownership may be determined by an ownership determination module that verifies the signature of the request using the public key received with the request, determines a hash of the received public key and compares the hash of the received public key to a hash of the public key in the SWDS.

公开(公告)号：US09501665B2

公开(公告)日：2016-11-22

申请号：US14723910

申请日：2015-05-28

Applicant: INTEL CORPORATION

Inventor： Vincent R. Scarlata

IPC: G06F21/72 ,  G06F21/57 ,  H04L29/06 ,  G06F9/455 ,  G06F21/00 ,  H04L9/08 ,  G06F21/60 ,  H04L29/08

CPC classification number: G06F21/72 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/00 ,  G06F21/57 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0897 ,  H04L63/0428 ,  H04L67/10

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.

公开(公告)号：US09323686B2

公开(公告)日：2016-04-26

申请号：US13729277

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F12/08 ,  G06F9/30

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US20160042184A1

公开(公告)日：2016-02-11

申请号：US14919350

申请日：2015-10-21

Applicant: Intel Corporation

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barrey E. Huntley ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F21/60 ,  G06F12/14 ,  G06F21/72 ,  G06F12/08

CPC classification number: G06F21/60 ,  G06F12/0875 ,  G06F12/14 ,  G06F12/145 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2212/152 ,  G06F2212/452

Abstract: Embodiments of an invention for logging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction having an associated enclave page cache address. The execution unit is to execute the instruction without causing a virtual machine exit, wherein execution of the instruction includes logging the instruction and the associated enclave page cache address.

Abstract translation: 公开了用于登录安全飞行器的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 该指令单元用于接收具有关联的飞地页面缓存地址的指令。 执行单元执行指令而不引起虚拟机退出，其中指令的执行包括记录指令和关联的飞地页面缓存地址。

公开(公告)号：US20150201010A1

公开(公告)日：2015-07-16

申请号：US14670783

申请日：2015-03-27

Applicant: INTEL CORPORATION

Inventor： Vincent R. Scarlata

IPC: H04L29/08 ,  H04L29/06 ,  G06F9/455

CPC classification number: G06F21/72 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/00 ,  G06F21/57 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0897 ,  H04L63/0428 ,  H04L67/10

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.

公开(公告)号：US09043604B2

公开(公告)日：2015-05-26

申请号：US13987807

申请日：2013-09-05

Applicant: Intel Corporation

Inventor： Ernest F. Brickell ,  Shay Gueron ,  Jiangtao Li ,  Carlos V. Rozas ,  Daniel Nemiroff ,  Vincent R. Scarlata ,  Uday R. Savagaonkar ,  Simon P. Johnson

IPC: H04L9/08 ,  H04L9/32 ,  G06F21/73 ,  G06F21/60

CPC classification number: H04L9/0816 ,  G06F21/572 ,  G06F21/73

Abstract: Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.

Abstract translation: 用于在平台中提供安全性的键控材料可以安全地在线和离线地配置到远程平台中的设备。 密钥材料的安全配置基于安装在平台中的固件的修订版本。