-
31.发明授权公开(公告)号:US10558588B2
公开(公告)日:2020-02-11
申请号:US15651771
申请日:2017-07-17
Applicant: Intel Corporation
Inventor: Carlos V. Rozas , Mona Vij , Rebekah M. Leslie-Hurd , Krystof C. Zmudzinski , Somnath Chakrabarti , Francis X. Mckeen , Vincent R. Scarlata , Simon P. Johnson , Ilya Alexandrovich , Gilbert Neiger , Vedvyas Shanbhogue , Ittai Anati
Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
-
32.发明授权公开(公告)号:US10534724B2
公开(公告)日:2020-01-14
申请号:US14998157
申请日:2015-12-24
Applicant: INTEL CORPORATION
Inventor: Carlos V. Rozas , Ilya Alexandrovich , Gilbert Neiger , Francis X. McKeen , Ittai Anati , Vedvyas Shanbhogue , Mona Vij , Rebekah Leslie-Hurd , Krystof C. Zmudzinski , Somnath Chakrabarti , Vincent R. Scarlata , Simon P. Johnson
IPC: G06F12/14 , H04L9/32 , G06F12/0802 , H04L9/14
Abstract: Instructions and logic support suspending and resuming migration of enclaves in a secure enclave page cache (EPC). An EPC stores a secure domain control structure (SDCS) in storage accessible by an enclave for a management process, and by a domain of enclaves. A second processor checks if a corresponding version array (VA) page is bound to the SDCS, and if so: increments a version counter in the SDCS for the page, performs an authenticated encryption of the page from the EPC using the version counter in the SDCS, and writes the encrypted page to external memory. A second processor checks if a corresponding VA page is bound to a second SDCS of the second processor, and if so: performs an authenticated decryption of the page using a version counter in the second SDCS, and loads the decrypted page to the EPC in the second processor if authentication passes.
-
公开(公告)号:US10289554B2
公开(公告)日:2019-05-14
申请号:US15711615
申请日:2017-09-21
Applicant: Intel Corporation
Inventor: Rebekah M. Leslie-Hurd , Carlos V. Rozas , Francis X. Mckeen , Ilya Alexandrovich , Vedvyas Shanbhogue , Bin Xing , Mark W. Shanahan , Simon P. Johnson
IPC: G06F12/0844 , G06F12/0882 , G06F11/07
Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.
-
公开(公告)号:US10230528B2
公开(公告)日:2019-03-12
申请号:US14703420
申请日:2015-05-04
Applicant: Intel Corporation
Inventor: Binata Bhattacharyya , Amy L. Santoni , Raghunandan Makaram , Francis X. McKeen , Simon P. Johnson , George Z. Chrysos , Siddhartha Chhabra
Abstract: Systems and methods for memory protection for implementing trusted execution environment. An example processing system comprises: an on-package memory; a memory encryption engine (MEE) comprising a MEE cache, the MEE to: responsive to failing to locate, within the MEE cache, an encryption metadata associated with a data item loaded from an external memory, retrieve at least part of the encryption metadata from the OPM, and validate the data item using the encryption metadata.
-
公开(公告)号:US10218711B2
公开(公告)日:2019-02-26
申请号:US15152755
申请日:2016-05-12
Applicant: Intel Corporation
Inventor: Ned M. Smith , Simon P. Johnson , Steve Orrin , Willard M. Wiseman
Abstract: In one embodiment, a method includes determining a location of a system responsive to location information received from at least one of a location sensor and a wireless device of the system, associating the location with a key present in the system to generate an authenticated location of the system, and determining whether the authenticated location is within a geofence boundary indicated in a location portion of a launch control policy (LCP) that provides a geographic-specific policy. Other embodiments are described and claimed.
-
Patent Agency Ranking
公开(公告)号:US10152350B2
公开(公告)日:2018-12-11
申请号:US15200820
申请日:2016-07-01
Applicant: Intel Corporation
Inventor: Somnath Chakrabarti , Mona Vij , Carlos V. Rozas , Brandon Baker , Vincent R. Scarlata , Francis X. McKeen , Simon P. Johnson
Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.
-
公开(公告)号:US20180097809A1
公开(公告)日:2018-04-05
申请号:US15283208
申请日:2016-09-30
Applicant: Intel Corporation
Inventor: Somnath Chakrabarti , Mona Vij , Carlos V. Rozas , Brandon Baker , Vincent R. Scarlata , Malini K. Bhandaru , Ning Sun , Jun Nakajima , Francis X. McKeen , Simon P. Johnson
IPC: H04L29/06
CPC classification number: H04L63/10 , H04L63/08 , H04L63/126 , H04L67/10
Abstract: Particular embodiments described herein provide for receiving a request from a first cloud component in a cloud network, wherein the request is to access a key and the key allows the first cloud component to access located trusted execution environment of a second cloud component in the cloud network and allow the request on the condition that the first cloud component is authenticated. A more specific example includes determining a type for the first cloud component, and comparing the determined type of the first cloud component with a component type associated with the key. The example may also include blocking the request if the determined type of the first cloud component does not match the component type associated with the key.
-
公开(公告)号:US20180007023A1
公开(公告)日:2018-01-04
申请号:US15200820
申请日:2016-07-01
Applicant: Intel Corporation
Inventor: Somnath Chakrabarti , Mona Vij , Carlos V. Rozas , Brandon Baker , Vincent R. Scarlata , Francis X. McKeen , Simon P. Johnson
CPC classification number: G06F9/4856 , H04L9/0894 , H04L9/3226 , H04L63/10 , H04L63/20 , H04L2463/062
Abstract: Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.
-
公开(公告)号:US09846787B2
公开(公告)日:2017-12-19
申请号:US14633701
申请日:2015-02-27
Applicant: INTEL CORPORATION
Inventor: Simon P. Johnson , Vincent R. Scarlata , Willard M. Wiseman
CPC classification number: G06F21/71 , G06F21/10 , G06F21/57 , G06F2221/0748 , G06F2221/0797 , H04L9/3234
Abstract: An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave.
-
公开(公告)号:US09767044B2
公开(公告)日:2017-09-19
申请号:US14034813
申请日:2013-09-24
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Uday R. Savagaonkar , Michael A. Goldsmith , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Wesley H. Smith , Ittai Anati , Ilya Alexandrovich
IPC: G06F12/00 , G06F12/14 , G06F12/0808 , G06F12/1027 , G06F9/455 , G06F12/0897
CPC classification number: G06F12/1408 , G06F9/45558 , G06F12/0808 , G06F12/0897 , G06F12/1027 , G06F2009/45587 , G06F2212/1032 , G06F2212/1048 , G06F2212/152
Abstract: Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section that is convertible in response to a section conversion instruction.
-
-
-
-
-
-
-
-
-
Search Results
79
records
(took 0.03 seconds)
