公开(公告)号：US09134878B2

公开(公告)日：2015-09-15

申请号：US13631288

申请日：2012-09-28

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

IPC: G06F3/041 ,  G06F3/0481 ,  G06F3/0488 ,  G06F21/74 ,  G06F21/82

CPC classification number: G06F3/0481 ,  G06F3/041 ,  G06F3/04883 ,  G06F21/74 ,  G06F21/82

Abstract: A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

Abstract translation: 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势，并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势，或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后，计算设备的主处理器可以从安全执行环境接收更新的视图数据。

公开(公告)号：US12177343B2

公开(公告)日：2024-12-24

申请号：US17358952

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Siddhartha Chhabra ,  Prashant Dewan ,  Ofir Shwartz

IPC: H04L9/08

Abstract: Systems, methods, and apparatuses for providing chiplet binding to a disaggregated architecture for a system on a chip are described. In one embodiment, system includes a plurality of physically separate dies, an interconnect to electrically couple the plurality of physically separate dies together, a first die-to-die communication circuit, of a first die of the plurality of physically separate dies, comprising a transmitter circuit and an encryption circuit having a link key to encrypt data to be sent from the transmitter circuit into encrypted data, and a second die-to-die communication circuit, of a second die of the plurality of physically separate dies, comprising a receiver circuit and a decryption circuit having the link key to decrypt the encrypted data sent from the transmitter circuit to the receiver circuit.

公开(公告)号：US20240378294A1

公开(公告)日：2024-11-14

申请号：US18426561

申请日：2024-01-30

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Chao Zhang ,  Nivedita Aggarwal ,  Aditya Katragada ,  Mohamed Haniffa ,  Kenji Chen

IPC: G06F21/57 ,  G06F8/65 ,  G06F21/64

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

公开(公告)号：US11928215B2

公开(公告)日：2024-03-12

申请号：US17852814

申请日：2022-06-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Chao Zhang ,  Nivedita Aggarwal ,  Aditya Katragada ,  Mohamed Haniffa ,  Kenji Chen

IPC: G06F21/57 ,  G06F8/65 ,  G06F21/44 ,  G06F21/64

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F21/64 ,  G06F2221/033

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

公开(公告)号：US11874776B2

公开(公告)日：2024-01-16

申请号：US17358315

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: G06F12/14 ,  G06F13/16 ,  G06F21/79

CPC classification number: G06F12/1408 ,  G06F12/1425 ,  G06F12/1466 ,  G06F13/1668 ,  G06F21/79

Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.

公开(公告)号：US11825000B2

公开(公告)日：2023-11-21

申请号：US17742774

申请日：2022-05-12

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

CPC classification number: H04L9/3278 ,  H04L9/0869 ,  H04L9/14 ,  H04L9/30 ,  H04L9/3268

Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.

公开(公告)号：US11765239B2

公开(公告)日：2023-09-19

申请号：US17591116

申请日：2022-02-02

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta ,  Howard C. Herbert

IPC: G06F13/40 ,  G06F12/14 ,  H04L67/142 ,  H04L9/40

CPC classification number: H04L67/142 ,  H04L63/0435 ,  H04L63/105 ,  H04L63/1466 ,  H04L63/20

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

公开(公告)号：US11520859B2

公开(公告)日：2022-12-06

申请号：US15942096

申请日：2018-03-30

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra

IPC: G06F21/10 ,  G06F21/44 ,  H04L9/40

Abstract: The present disclosure is directed to secure processing and display of protected content. The use of a trusted execution environment (TEE) to handle authentication and session key negotiation in accordance with a selected content protection protocol may reduce any trusted computing base (TCB) needed for such operations, and thereby present a smaller target for potential attackers. Techniques are presented in which a session key negotiated via such a TEE is securely provided to output circuitry such as a display controller, which may encrypt protected content that has been requested for viewing on a protocol-compliant display device communicatively coupled to a device comprising the TEE and/or the output circuitry. The output circuitry may then provide the encrypted protected content to the protocol-compliant display device, such as for compliant display of the protected content.

公开(公告)号：US11494519B2

公开(公告)日：2022-11-08

申请号：US17379470

申请日：2021-07-19

Applicant: Intel Corporation

Inventor： Sudeep Divakaran ,  Ranjit Sivaram Narjala ,  Prashant Dewan

IPC: G06F21/62 ,  G06F9/451 ,  G06F3/04886 ,  G06F3/04847 ,  G06F3/0362 ,  G06F3/0482 ,  G06F21/32

Abstract: Technologies provide hardware-assisted privacy protection of sensor data. One embodiment includes unlocking a user interface coupled to a trusted execution environment of a processor in a device, where the user interface includes a plurality of selectable settings associated with a plurality of access levels for sensor data captured by a sensor. The embodiment also includes receiving a selection signal from the user interface indicating that a user selected a first setting associated with a first access level for the sensor data captured by the sensor, and restricting access to the sensor data based on a first set of one or more entities associated with the first access level. In more specific embodiments, the user interface includes a knob that is rotatably attached to a housing of the device or a privacy panel including a slider bar that is to be displayed on a touch screen display of the device.

公开(公告)号：US20220253366A1

公开(公告)日：2022-08-11

申请号：US17733347

申请日：2022-04-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Aditya Katragada

IPC: G06F11/34 ,  H04L9/32 ,  H04L67/125

Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.