公开(公告)号：US11263352B2

公开(公告)日：2022-03-01

申请号：US16936999

申请日：2020-07-23

Applicant: Intel Corporation

Inventor： Manoj R. Sastry ,  Alpa Narendra Trivedi ,  Men Long

IPC: G06F21/72 ,  G09C1/00 ,  G06F21/85 ,  H04L9/06 ,  H04L9/08

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

公开(公告)号：US11080401B2

公开(公告)日：2021-08-03

申请号：US16657669

申请日：2019-10-18

Applicant: Intel Corporation

Inventor： Michael LeMay ,  David M. Durham ,  Men Long

IPC: G06F21/56 ,  G06F12/0802 ,  G06F12/1009

Abstract: Memory scanning methods and apparatus are disclosed. An example apparatus includes an address identifier to, when an entry of a paging structure has been accessed, determine a first address corresponding to a page of physical memory when the entry of the paging structure maps to the page of the physical memory; and a scanner to: scan a threshold amount of memory beginning at a physical memory address corresponding to the first address; and determine whether the threshold amount of memory includes a pattern indicative of malware.

公开(公告)号：US10452848B2

公开(公告)日：2019-10-22

申请号：US15798109

申请日：2017-10-30

Applicant: Intel Corporation

Inventor： Michael LeMay ,  David M. Durham ,  Men Long

IPC: G06F21/56 ,  G06F12/0802 ,  G06F12/1009

Abstract: Memory scanning methods and apparatus are disclosed. An example apparatus includes scan manager to identify a physical memory address that has recently been accessed. The physical memory address is identified as having been recently accessed when an access has occurred within a threshold of a current time. The apparatus also includes a scanner to scan a threshold amount of memory beginning at the physical memory address, and determine whether the memory included in the threshold amount of memory includes a pattern indicative of malware.

公开(公告)号：US20180046806A1

公开(公告)日：2018-02-15

申请号：US15798109

申请日：2017-10-30

Applicant: Intel Corporation

Inventor： Michael LeMay ,  David M. Durham ,  Men Long

IPC: G06F21/56

Abstract: Memory scanning methods and apparatus are disclosed. An example apparatus includes scan manager to identify a physical memory address that has recently been accessed. The physical memory address is identified as having been recently accessed when an access has occurred within a threshold of a current time. The apparatus also includes a scanner to scan a threshold amount of memory beginning at the physical memory address, and determine whether the memory included in the threshold amount of memory includes a pattern indicative of malware.

公开(公告)号：US09847872B2

公开(公告)日：2017-12-19

申请号：US14967545

申请日：2015-12-14

Applicant: Intel Corporation

Inventor： David M. Durham ,  Men Long

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/06 ,  G06F12/14 ,  G06F21/60 ,  G06F21/55 ,  G06F21/64 ,  G06F11/10 ,  G06F12/0868 ,  G11C29/52 ,  G06F21/85 ,  H04L9/32 ,  H04L9/10 ,  G11C29/18 ,  G11C29/36

CPC classification number: H04L9/0618 ,  G06F11/1068 ,  G06F12/0868 ,  G06F12/1408 ,  G06F21/554 ,  G06F21/602 ,  G06F21/64 ,  G06F2212/1021 ,  G06F2212/1052 ,  G11C29/52 ,  G11C2029/1804 ,  G11C2029/3602 ,  H04L9/0637 ,  H04L9/3239 ,  H04L9/3242 ,  H04L9/3247 ,  Y02D10/13

Abstract: Systems and methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.

公开(公告)号：US09832015B2

公开(公告)日：2017-11-28

申请号：US14557125

申请日：2014-12-01

Applicant: Intel Corporation

Inventor： Men Long ,  Jesse Walker ,  Karanvir S Grewal

IPC: G06F21/00 ,  H04L9/08 ,  H04L9/06 ,  H04L29/06

CPC classification number: H04L9/0866 ,  H04L9/0631 ,  H04L63/0428 ,  H04L63/06 ,  H04L2209/125

Abstract: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key_MSB=AES128(base_key_1, client_ID),  (1) client_key_LSB=AES128(base_key_2, client_ID+pad), and  (2) client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

公开(公告)号：US20170185809A1

公开(公告)日：2017-06-29

申请号：US15457004

申请日：2017-03-13

Applicant: INTEL CORPORATION

Inventor： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: G06F21/85 ,  G06F21/60 ,  G06F12/14 ,  H04L9/06

CPC classification number: H04L9/0631 ,  G06F12/1408 ,  G06F12/1425 ,  G06F21/602 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2212/402 ,  G09C1/00 ,  H04L2209/125 ,  Y02D10/13

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

公开(公告)号：US09614666B2

公开(公告)日：2017-04-04

申请号：US14581946

申请日：2014-12-23

Applicant: INTEL CORPORATION

Inventor： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: G06F21/78 ,  H04L9/06 ,  G06F12/14 ,  G09C1/00 ,  G06F21/85

CPC classification number: H04L9/0631 ,  G06F12/1408 ,  G06F12/1425 ,  G06F21/602 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2212/402 ,  G09C1/00 ,  H04L2209/125 ,  Y02D10/13

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

公开(公告)号：US20160261570A1

公开(公告)日：2016-09-08

申请号：US15085114

申请日：2016-03-30

Applicant: Intel Corporation

Inventor： Karanvir Grewal ,  Men Long ,  Prashant Dewan

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L9/083 ,  H04L9/321 ,  H04L9/3247

Abstract: Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.

公开(公告)号：US20160070910A1

公开(公告)日：2016-03-10

申请号：US14739968

申请日：2015-06-15

Applicant: INTEL CORPORATION

Inventor： Hormuzd M. Khosravi ,  Venkat R. Gokulrangan ,  Yasser Rasheed ,  Men Long

IPC: G06F21/56

CPC classification number: G06F21/561 ,  G06F21/51 ,  G06F21/56 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/034 ,  G06F2221/2101 ,  G06F2221/2105

Abstract: A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.