公开(公告)号：US09298911B2

公开(公告)日：2016-03-29

申请号：US13840799

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Gal Chanoch ,  Eran Birk ,  Baiju Patel ,  Steven Grobman ,  Tobias Kohlenberg ,  Rajeev Gopalakrisha

IPC: H04L29/06 ,  G06F21/54 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16

CPC classification number: H04L63/1408 ,  G06F21/54 ,  H04L63/10

Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

Abstract translation: 在用于接收与至少一个安全异常相关联的策略信息，与至少一个程序的执行有关的安全异常，至少部分地基于策略信息确定与所述安全异常相关联的操作的实施例中提供技术，以及 至少部分地基于确定发生了至少一个安全异常来执行操作。

公开(公告)号：US20140282832A1

公开(公告)日：2014-09-18

申请号：US13840799

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Gal Chanoch ,  Eran Birk ,  Baiju Patel ,  Steven Grobman ,  Tobias Kohlenberg ,  Rajeev Gopalakrisha

IPC: G06F21/00

CPC classification number: H04L63/1408 ,  G06F21/54 ,  H04L63/10

Abstract: Technologies are provided in embodiments for receiving policy information associated with at least one security exception, the security exception relating to execution of at least one program, determining an operation associated with the security exception based, at least in part, on the policy information, and causing the operation to be performed, based at least in part, on a determination that the at least one security exception occurred.

Abstract translation: 在用于接收与至少一个安全异常相关联的策略信息，与至少一个程序的执行相关的安全异常，至少部分地基于策略信息确定与所述安全异常相关联的操作的实施例中提供技术，以及 至少部分地基于确定发生了至少一个安全异常来执行操作。

公开(公告)号：US20240045968A1

公开(公告)日：2024-02-08

申请号：US18492007

申请日：2023-10-23

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Ioannis T. Schoinas ,  Yu-Yuan Chen ,  Raghunandan Makaram ,  David J. Harriman ,  Baiju Patel ,  Ronald Perez ,  Matthew E. Hoekstra ,  Reshma Lal

IPC: G06F21/57 ,  G06F9/50 ,  G06F21/85 ,  G06F21/72 ,  G06F21/53

CPC classification number: G06F21/57 ,  G06F9/505 ,  G06F21/85 ,  G06F21/72 ,  G06F21/53 ,  G06F2221/034

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

公开(公告)号：US11829483B2

公开(公告)日：2023-11-28

申请号：US17548825

申请日：2021-12-13

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F21/71 ,  G06F21/79 ,  G06F21/78 ,  G06F15/78

CPC classification number: G06F21/575 ,  G06F9/4413 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/3278 ,  G06F2221/034

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US11809545B2

公开(公告)日：2023-11-07

申请号：US17856574

申请日：2022-07-01

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Baiju Patel ,  Barry E. Huntley ,  Ravi L. Sahita ,  Hormuzd M. Khosravi

IPC: H04L29/00 ,  G06F21/44 ,  G06F9/30

CPC classification number: G06F21/44 ,  G06F9/3016

Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.

公开(公告)号：US11570010B2

公开(公告)日：2023-01-31

申请号：US17134365

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan ,  Baiju Patel

IPC: H04L9/32 ,  G06F9/30 ,  H04L9/08

Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.

公开(公告)号：US11562063B2

公开(公告)日：2023-01-24

申请号：US17114246

申请日：2020-12-07

Applicant: INTEL CORPORATION

Inventor： Michael Lemay ,  David M. Durham ,  Michael E. Kounavis ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Josh Triplett ,  Gilbert Neiger ,  Karanvir Grewal ,  Baiju Patel ,  Ye Zhuang ,  Jr-Shian Tsai ,  Vadim Sukhomlinov ,  Ravi Sahita ,  Mingwei Zhang ,  James C. Farwell ,  Amitabh Das ,  Krishna Bhuyan

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

公开(公告)号：US20220416997A1

公开(公告)日：2022-12-29

申请号：US17357973

申请日：2021-06-24

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Robert J. Royer, JR. ,  Michael Glik ,  Baiju Patel

IPC: H04L9/06 ,  G06F21/72

Abstract: Methods and apparatus relating to handling unaligned transactions for inline encryption are described. In an embodiment, cryptographic logic circuitry receives a plurality of incoming packets and store two or more incoming packets from the plurality of incoming packets in memory. The cryptographic logic circuitry is informs software in response to detection of the two or more incoming packets. Other embodiments are also disclosed and claimed.

公开(公告)号：US20220365885A1

公开(公告)日：2022-11-17

申请号：US17872805

申请日：2022-07-25

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Rajat Agarwal ,  Baiju Patel ,  Kirk Yap

IPC: G06F12/14 ,  G06F21/78 ,  G06F21/60 ,  H04L9/32 ,  G06F21/64 ,  H04L9/14 ,  G06F21/53 ,  G06F21/85

Abstract: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.

公开(公告)号：US20220271955A1

公开(公告)日：2022-08-25

申请号：US17742774

申请日：2022-05-12

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.