公开(公告)号：US20180239713A1

公开(公告)日：2018-08-23

申请号：US15861364

申请日：2018-01-03

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/1009 ,  G06F12/1027 ,  G06F9/455 ,  G06F12/14 ,  G06F12/109

CPC classification number: G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US09875189B2

公开(公告)日：2018-01-23

申请号：US14738037

申请日：2015-06-12

Applicant: INTEL CORPORATION

Inventor： Krystof C. Zmudzinski ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Raghunandan Makaram ,  Carlos V. Rozas ,  Amy L. Santoni ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Ilya Alexandrovich ,  Ittai Anati ,  Wesley H. Smith ,  Michael Goldsmith

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F12/1009 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/14 ,  G06F9/455 ,  G06F12/1045

CPC classification number: G06F12/1009 ,  G06F9/455 ,  G06F9/45558 ,  G06F12/1027 ,  G06F12/1036 ,  G06F12/1045 ,  G06F12/109 ,  G06F12/1441 ,  G06F2009/45583 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/151 ,  G06F2212/657 ,  G06F2212/684

Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.

公开(公告)号：US20180006809A1

公开(公告)日：2018-01-04

申请号：US15200604

申请日：2016-07-01

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  Mona Vij ,  Brandon Baker ,  Mohan J. Kumar ,  Asit K. Mallick ,  Mark A. Gentry ,  Somnath Chakrabarti

IPC: H04L9/08 ,  H04L29/06 ,  G06F21/62

CPC classification number: H04L9/0816 ,  G06F21/6218 ,  H04L9/0861 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/14 ,  H04L63/06

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to store data in a secure domain in a cloud network, create encryption keys, where each encryption key is to provide a different type of access to the data, and store the encryption keys in a secure domain key store in the cloud network. In an example, each encryption key provides access to a different version of the data. In another example, a counter engine stores the location of each version of the data in the cloud network.

公开(公告)号：US09766889B2

公开(公告)日：2017-09-19

申请号：US15074573

申请日：2016-03-18

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US20170090800A1

公开(公告)日：2017-03-30

申请号：US14866478

申请日：2015-09-25

Applicant: Intel Corporation

Inventor： Ilya Alexandrovich ,  Vladimir Beker ,  Gideon Gerzon ,  Vincent R. Scarlata

IPC: G06F3/06 ,  G06F13/40 ,  G06F13/16

Abstract: An integrated circuit of an aspect includes protected container access control logic to perform a set of access control checks and to determine to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). This is done after it has been determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for said one of DMA and MMIO.

公开(公告)号：US20170024563A1

公开(公告)日：2017-01-26

申请号：US15059485

申请日：2016-03-03

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Vincent R. Scarlata

IPC: G06F21/57 ,  G06F9/455

CPC classification number: G06F21/57 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/575 ,  G06F2009/45587 ,  G06F2221/033

Abstract: A data processing system supports remeasurement of a virtual machine monitor (VMM). In one example process, the VMM may obtain a secret value from a trusted platform module (TPM) of the processing system. The VMM may provide the secret value from the VMM to a measurement agent executing in system management mode (SMM) of the processing system. The measurement agent may be a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM, for example. However, the VMM may verify the measurement agent before providing the secret value to the measurement agent. The measurement agent may generate a remeasurement value for the VMM, use the secret value that was obtained from the TPM to certify the remeasurement value, and communicate the remeasurement value to a requesting program, via the VMM. Other embodiments are described and claimed.

Abstract translation: 数据处理系统支持重新测量虚拟机监视器（VMM）。 在一个示例性过程中，VMM可以从处理系统的可信平台模块（TPM）获得秘密值。 VMM可以将来自VMM的秘密值提供给在处理系统的系统管理模式（SMM）中执行的测量代理。 测量代理可以是例如可以创建在SMM中执行的虚拟机的系统管理中断（SMI）传送监视器（STM）。 然而，VMM可以在向测量代理提供秘密值之前验证测量代理。 测量代理可以生成VMM的重新测量值，使用从TPM获得的秘密值来验证重新测量值，并通过VMM将重新测量值传达给请求程序。 描述和要求保护其他实施例。

公开(公告)号：US09311507B2

公开(公告)日：2016-04-12

申请号：US14670783

申请日：2015-03-27

Applicant: INTEL CORPORATION

Inventor： Vincent R. Scarlata

IPC: G06F21/72 ,  G06F21/57 ,  H04L29/06 ,  G06F9/455 ,  G06F21/00 ,  H04L9/08 ,  G06F21/60 ,  H04L29/08

CPC classification number: G06F21/72 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/00 ,  G06F21/57 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0897 ,  H04L63/0428 ,  H04L67/10

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.

公开(公告)号：US20150261977A1

公开(公告)日：2015-09-17

申请号：US14723925

申请日：2015-05-28

Applicant: INTEL CORPORATION

Inventor： Vincent R. Scarlata

IPC: G06F21/72 ,  H04L9/08 ,  G06F9/455

CPC classification number: G06F21/72 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/00 ,  G06F21/57 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0897 ,  H04L63/0428 ,  H04L67/10

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.

Abstract translation: 在第一处理系统中创建虚拟安全协处理器。 然后将虚拟安全协处理器传送到第二处理系统，供第二处理系统使用。 例如，第二处理系统可以使用虚拟安全协处理器为第二处理系统提供证明。 在替代实施例中，来自第一处理系统的虚拟安全协处理器在第二处理系统处被接收。 在从第一处理系统接收到虚拟安全协处理器之后，第二处理系统使用虚拟安全协处理器。 描述和要求保护其他实施例。

公开(公告)号：US20150261976A1

公开(公告)日：2015-09-17

申请号：US14723910

申请日：2015-05-28

Applicant: INTEL CORPORATION

Inventor： Vincent R. Scarlata

IPC: G06F21/72 ,  H04L9/08 ,  G06F9/455

CPC classification number: G06F21/72 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/00 ,  G06F21/57 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0897 ,  H04L63/0428 ,  H04L67/10

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.

公开(公告)号：US08953807B2

公开(公告)日：2015-02-10

申请号：US14141131

申请日：2013-12-26

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata

IPC: H04L9/00 ,  G06F21/00 ,  G06F21/57 ,  G06F21/72 ,  H04L29/06 ,  G06F9/455 ,  H04L9/08

CPC classification number: G06F21/72 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/00 ,  G06F21/57 ,  G06F21/602 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45595 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0897 ,  H04L63/0428 ,  H04L67/10

Abstract: A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed.