-
公开(公告)号:US10706159B2
公开(公告)日:2020-07-07
申请号:US15623318
申请日:2017-06-14
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan
Abstract: Technologies for dynamically protecting memory of the mobile compute device include a main memory, a location sensor that produces sensor data indicative of a present location of the mobile compute device, a sensor hub communicatively coupled to the location sensor, and a security engine communicatively coupled to the sensor hub. The sensor hub determines a present location security zone of the mobile compute device based on the present location of the mobile compute device and a geofence policy, which maps locations to location security zones. The security engine encrypts the main memory of the mobile compute device and determines whether the present location security zone has changed relative to a most-previous location security zone of the mobile compute device. If the present location security zone has changed to a safe zone, the security engine decrypts the main memory.
-
公开(公告)号:US20200167294A1
公开(公告)日:2020-05-28
申请号:US16777956
申请日:2020-01-31
Applicant: Intel Corporation
Inventor: Prashant Dewan , Siddhartha Chhabra , David M. Durham , Karanvir S. Grewal , Alpa T. Narendra Trivedi
Abstract: In one embodiment, an apparatus includes: at least one core to execute instructions, the at least one core formed on a semiconductor die; a first memory formed on the semiconductor die, the first memory comprising a non-volatile random access memory, the first memory to store a first entry to be a monotonic counter, the first entry including a value field and a status field; and a control circuit, wherein the control circuit is to enable access to the first entry if the apparatus is in a secure mode and otherwise prevent the access to the first entry. Other embodiments are described and claimed.
-
公开(公告)号:US10545783B2
公开(公告)日:2020-01-28
申请号:US16108453
申请日:2018-08-22
Applicant: Intel Corporation
Inventor: Prashant Dewan , Siddhartha Chhabra , Uttam Sengupta
Abstract: A data processing system with technology to secure a virtual machine control data structure (VMCDS) comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to run a virtual machine monitor (VMM) in the data processing system and to run guest software in a virtual machine (VM) that is managed by the VMM. The VM is based at least in part on a VMCDS for the VM. An instruction decoder in the processor recognizes and dispatches a set-mask instruction. The set-mask instruction specifies access restrictions to be imposed on the VMM with respect to the VMCDS of the VM. The processor also comprises a mask enforcer to automatically enforce the access restrictions specified by the set-mask instruction, in response to an attempt by the VMM to access the VMCDS of the VM. Other embodiments are described and claimed.
-
公开(公告)号:US20190095351A1
公开(公告)日:2019-03-28
申请号:US15714323
申请日:2017-09-25
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Reouven Elbaz , Krishnakumar Narasimhan , Prashant Dewan , David M. Durham
Abstract: Technologies for secure memory usage include a computing device having a processor that includes a memory encryption engine and a memory device coupled to the processor. The processor supports multiple processor usages, such as secure enclaves, system management firmware, and a virtual machine monitor. The memory encryption engine is configured to protect a memory region stored in the memory device for a processor usage. The memory encryption engine restricts access to one or more configuration registers to a trusted code base of the processor usage. The processor executes the processor usage and the memory encryption engine protects contents of the memory region during execution. The memory encryption engine may access integrity metadata based on the address of the protected memory region. The memory encryption engine may prepare top-level counter metadata for entering a low-power state. Other embodiments are described and claimed.
-
45.发明申请公开(公告)号:US20180124057A1
公开(公告)日:2018-05-03
申请号:US15722336
申请日:2017-10-02
Applicant: Intel Corporation
Inventor: Hong C. Li , John B. Vicente , Prashant Dewan
CPC classification number: H04L63/101 , G06F21/51 , G06F21/53 , G06F2221/2119 , H04L67/02
Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.
-
Patent Agency Ranking
公开(公告)号:US09838367B2
公开(公告)日:2017-12-05
申请号:US14752379
申请日:2015-06-26
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan , Reshma Lal , Ulhas S. Warrier
CPC classification number: H04L63/061 , G06F21/74 , G06F21/82 , H04L63/062 , H04L63/0876 , H04L67/146 , H04L2463/062
Abstract: According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register.
-
公开(公告)号:US09654453B2
公开(公告)日:2017-05-16
申请号:US14691203
申请日:2015-04-20
Applicant: Intel Corporation
Inventor: Divya Naidu Kolar Sunder , Prashant Dewan , Men Long
CPC classification number: H04L63/0435 , H04L9/083 , H04L63/0428 , H04L63/062 , H04L63/20
Abstract: A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.
-
公开(公告)号:US20150278514A1
公开(公告)日:2015-10-01
申请号:US14739133
申请日:2015-06-15
Applicant: Intel Corporation
Inventor: Xiaozhu Kang , Alpa T. Narendra Trivedi , Siddhartha Chhabra , Prashant Dewan , Uday R. Savagaonkar , David M. Durham
Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.
Abstract translation: 入口/出口架构可能是保护框架的关键组成部分,使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境(入口体系结构)并脱离可信执行环境(退出体系结构)的步骤,同时防止任何安全信息泄露到不受信任的环境中。
-
公开(公告)号:US09087202B2
公开(公告)日:2015-07-21
申请号:US13891255
申请日:2013-05-10
Applicant: Intel Corporation
Inventor: Xiaozhu Kang , Alpa T. Narendra Trivedi , Siddhartha Chhabra , Prashant Dewan , Uday R. Savagaonkar , David M. Durham
Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.
Abstract translation: 入口/出口架构可能是保护框架的关键组成部分,使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境(入口体系结构)并脱离可信执行环境(退出体系结构)的步骤,同时防止任何安全信息泄露到不受信任的环境中。
-
公开(公告)号:US09015484B2
公开(公告)日:2015-04-21
申请号:US13953594
申请日:2013-07-29
Applicant: Intel Corporation
Inventor: Divya Naidu Kolar Sundar , Prashant Dewan , Men Long
CPC classification number: H04L63/0435 , H04L9/083 , H04L63/0428 , H04L63/062 , H04L63/20
Abstract: A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.
Abstract translation: 公开了一种方法,装置和系统。 在一个实施例中,该方法包括从密钥分发服务器上的客户端接收测量的健康信息。 一旦接收到测量的健康信息,服务器就能够验证测量的健康信息,看它是否可信。 当测量的健康信息被验证时,服务器还能够向客户端发送会话密钥。 当客户端接收会话密钥时,客户端能够使用会话密钥发起与域中的应用服务器的加密和认证连接。
-
-
-
-
-
-
-
-
-
Search Results
143
records
(took 0.033 seconds)
