公开(公告)号：US09501668B2

公开(公告)日：2016-11-22

申请号：US14036263

申请日：2013-09-25

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  David M. Durham ,  Balaji Vembu ,  Xiaozhu Kang ,  Scott Janus ,  Jason Martin ,  Vincent R. Scarlata

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  David M. Durham ,  Balaji Vembu ,  Xiaozhu Kang ,  Scott Janus ,  Jason Martin ,  Vincent R. Scarlata

IPC分类号： H04N7/167 ,  G06F21/82 ,  G06F21/84 ,  G06F21/85 ,  H04N21/41 ,  H04N21/4143 ,  H04N21/4367

CPC分类号： G06F21/82 ,  G06F21/84 ,  G06F21/85 ,  H04N21/4122 ,  H04N21/4143 ,  H04N21/4367

摘要： Systems and methods for secure delivery of output surface bitmaps to a display engine. An example processing system comprises: an architecturally protected memory; and a processing core communicatively coupled to the architecturally protected memory, the processing core comprising a processing logic configured to implement an architecturally-protected execution environment by performing at least one of: executing instructions residing in the architecturally protected memory and preventing an unauthorized access to the architecturally protected memory; wherein the processing logic is further configured to provide a secure video output path by generating an output surface bitmap encrypted with a first encryption key and storing an encrypted first encryption key in an external memory, wherein the encrypted first encryption key is produced by encrypting the first encryption key with a second encryption key.

摘要翻译： 用于将输出表面位图安全传递到显示引擎的系统和方法。 一个示例处理系统包括：架构受保护的存储器; 以及处理核心，其通信地耦合到所述体系结构保护的存储器，所述处理核心包括处理逻辑，所述处理逻辑被配置为通过执行以下中的至少一个来实现架构保护的执行环境：执行驻留在所述体系结构保护的存储器中的指令， 建筑保护记忆; 其中所述处理逻辑还被配置为通过生成用第一加密密钥加密并将加密的第一加密密钥存储在外部存储器中的输出表面位图来提供安全视频输出路径，其中所述加密的第一加密密钥是通过加密所述第一加密密钥 具有第二加密密钥的加密密钥。

公开(公告)号：US20140176572A1

公开(公告)日：2014-06-26

申请号：US13724291

申请日：2012-12-21

申请人： Balaji Vembu ,  David I. Poisner ,  Arvind Kumar ,  Chaitanya R. Gandra

发明人： Balaji Vembu ,  David I. Poisner ,  Arvind Kumar ,  Chaitanya R. Gandra

IPC分类号： G06T1/20

CPC分类号： G06T1/20

摘要： In an embodiment, a processor includes a graphics domain including a graphics engines each having at least one execution unit. The graphics domain is to schedule a touch application offloaded from a core domain to at least one of the plurality of graphics engines. The touch application is to execute responsive to an update to a doorbell location in a system memory coupled to the processor, where the doorbell location is written responsive to a user input to the touch input device. Other embodiments are described and claimed.

公开(公告)号：US20100027790A1

公开(公告)日：2010-02-04

申请号：US11961848

申请日：2007-12-20

申请人： Balaji Vembu ,  Gary Graunke ,  Sathyamurthi Sadhasivan ,  Aditya Sreenivas

发明人： Balaji Vembu ,  Gary Graunke ,  Sathyamurthi Sadhasivan ,  Aditya Sreenivas

IPC分类号： H04N7/167 ,  H04L9/08

CPC分类号： G06F21/606

摘要： A method for delivering audio/video data through a hardware device using a software application comprises, at the hardware end, receiving an encrypted application key, an encrypted random session key, and encrypted audio/video data from the software. The hardware then decrypts the encrypted application key using a secret encryption key, decrypts the encrypted random session key using the application key, and decrypts the encrypted audio/video data using the random session key. The hardware may then deliver the unencrypted audio/video data by way of a display and speakers. The secret encryption key is securely embedded within the hardware device at an earlier point in time.

摘要翻译： 通过使用软件应用的硬件设备来传送音频/视频数据的方法包括在硬件端从软件接收加密的应用密钥，加密的随机会话密钥和加密的音频/视频数据。 然后硬件使用秘密加密密钥解密加密的应用密钥，使用应用密钥对加密的随机会话密钥进行解密，并使用随机会话密钥解密加密的音频/视频数据。 然后硬件可以通过显示器和扬声器传递未加密的音频/视频数据。 秘密加密密钥在较早的时间点安全地嵌入硬件设备内。

公开(公告)号：US07636441B2

公开(公告)日：2009-12-22

申请号：US10756444

申请日：2004-01-12

申请人： Balaji Vembu

发明人： Balaji Vembu

IPC分类号： H04L9/08 ,  H04L9/30

CPC分类号： G06F21/10 ,  G06F2221/0797 ,  H04L9/0841 ,  H04L9/0897 ,  H04L9/30 ,  H04L2209/60

摘要： Secure key exchange and protected content distribution between a first entity and a second entity in a processing system may be accomplished by generating, by the first entity, a first key, encrypting the first key with a public key of a third entity, and storing the encrypted first key in the third entity. The second entity generates a second key, encrypts the second key with the public key of the third entity, and stores the encrypted second key in the third entity. The third entity decrypts the encrypted first key and the encrypted second key, using the third entity's private key to obtain the first key and the second key, encrypts the first key using the second key, and stores the first key encrypted by the second key in the third entity. The second entity then obtains the first key encrypted by the second key, and decrypts, using the second key, the first key encrypted by the second key. The first key may then be used to encrypt content sent to from the second entity to the first entity.

摘要翻译： 在处理系统中的第一实体和第二实体之间的安全密钥交换和受保护的内容分发可以通过由第一实体生成第一密钥，用第三实体的公钥加密第一密钥来存储， 第三个实体加密的第一个密钥。 第二实体生成第二密钥，用第三实体的公开密钥对第二密钥进行加密，并将加密的第二密钥存储在第三实体中。 第三实体使用第三实体的私钥来解密加密的第一密钥和加密的第二密钥，以获得第一密钥和第二密钥，使用第二密钥加密第一密钥，并将由第二密钥加密的第一密钥存储在 第三个实体。 第二实体然后获得由第二密钥加密的第一密钥，并且使用第二密钥对由第二密钥加密的第一密钥进行解密。 然后可以将第一密钥用于加密从第二实体发送到第一实体的内容。

公开(公告)号：US07334107B2

公开(公告)日：2008-02-19

申请号：US10956206

申请日：2004-09-30

申请人： Ioannis Schoinas ,  Rajesh Madukkarumukumana ,  Gilbert Neiger ,  Richard Uhlig ,  Balaji Vembu

发明人： Ioannis Schoinas ,  Rajesh Madukkarumukumana ,  Gilbert Neiger ,  Richard Uhlig ,  Balaji Vembu

IPC分类号： G06F12/00 ,  G06F13/28

CPC分类号： G06F12/1027 ,  G06F12/1081 ,  G06F2212/151 ,  G06F2212/683

摘要： An embodiment of the present invention is a technique to provide cache support for direct memory access address translation. A cache structure stores cached entries used in address translation of a guest physical address to a host physical address. The guest physical address corresponds to a guest domain identified by a guest domain identifier in an input/output (I/O) transaction requested by an I/O device. A register stores an invalidating domain identifier identifying an invalidating domain and an indicator indicating invalidating an entry in the cached entries having a tag.

摘要翻译： 本发明的实施例是提供用于直接存储器访问地址转换的高速缓存支持的技术。 高速缓存结构将客户物理地址的地址转换中使用的缓存条目存储到主机物理地址。 访客物理地址对应于由I / O设备请求的输入/输出（I / O）事务中的来宾域标识符标识的访客域。 寄存器存储标识无效域的无效域标识符和指示使具有标签的缓存条目中的条目无效的指示符。

公开(公告)号：US20180191494A1

公开(公告)日：2018-07-05

申请号：US15394324

申请日：2016-12-29

申请人： Balaji Vembu ,  Vidhya Krishnan ,  Sandeep S. Sodhi ,  Scott Janus ,  Daniel Nemiroff

发明人： Balaji Vembu ,  Vidhya Krishnan ,  Sandeep S. Sodhi ,  Scott Janus ,  Daniel Nemiroff

IPC分类号： H04L9/08 ,  G06F21/57

CPC分类号： H04L9/14 ,  G06F21/74 ,  G06F21/75

摘要： An embodiment of a graphics apparatus may include a graphics processor including a kernel executor, and a security engine communicatively coupled to the graphics processor. The security engine may be configured to create a kernel security key, encrypt an executable kernel for the kernel executor in accordance with the kernel security key, and share the kernel security key with the graphics processor.

公开(公告)号：US08521006B2

公开(公告)日：2013-08-27

申请号：US12775003

申请日：2010-05-06

申请人： Daniel Nemiroff ,  Balaji Vembu ,  Raul Gutierrez ,  Suryaprasad Kareenahalli

发明人： Daniel Nemiroff ,  Balaji Vembu ,  Raul Gutierrez ,  Suryaprasad Kareenahalli

IPC分类号： H04N5/94

CPC分类号： G11B27/3027 ,  G11B27/28

摘要： Encoded data decoding techniques. A data decoding agent determines a data segment size for a packet that includes a header and a data segment. The data decoding agent determines a segment end location based, at least in part, on the data segment size. The data decoding agent processes subblocks of data from the data segment. The data decoding agent compares a current location to the segment end location to determine if a current subblock of data from the data segments contains the segment end location. The data decoding agent triggers an exception handler if the current subblock contains the segment end location.

摘要翻译： 编码数据解码技术。 数据解码代理确定包括报头和数据段的分组的数据段大小。 数据解码代理至少部分地基于数据段大小来确定段结束位置。 数据解码代理处理来自数据段的数据的子块。 数据解码代理将当前位置与段结束位置进行比较，以确定来自数据段的当前数据子块是否包含段结束位置。 如果当前子块包含段结束位置，则数据解码代理触发异常处理程序。

公开(公告)号：US08014530B2

公开(公告)日：2011-09-06

申请号：US11387203

申请日：2006-03-22

申请人： Ernest Brickell ,  Gary Graunke ,  William A. Stevens ,  Balaji Vembu

发明人： Ernest Brickell ,  Gary Graunke ,  William A. Stevens ,  Balaji Vembu

IPC分类号： H04L9/08

CPC分类号： H04L9/0841 ,  G09C1/00 ,  H04L2209/56

摘要： A method and apparatus for authenticated recoverable key distribution are described. In one embodiment, an application key is provided to an integrated chip platform. In one embodiment, the integrated chip platform encrypts the application key with a Key Encryption Key, which is stored within the persistent memory on the platform, and outputs a ChipID and the encrypted application key to enable recovery. In one embodiment, the platform can provide the ChipID to a recovery database to replace a lost encrypted application key. In one embodiment, the ChipID is the public key of a public/private key pair, and the application key is provided to the integrated chip platform by encrypting it using this public key. In one embodiment, the ChipID and the Key Encryption Key are derived from a secret random number programmed into the integrated chip. Other embodiments are described and claimed.

摘要翻译： 描述了用于认证的可恢复密钥分发的方法和装置。 在一个实施例中，将应用密钥提供给集成芯片平台。 在一个实施例中，集成芯片平台用存储在平台上的持久存储器内的密钥加密密钥加密应用密钥，并输出ChipID和加密的应用密钥以使能恢复。 在一个实施例中，平台可以将ChipID提供给恢复数据库以替换丢失的加密应用密钥。 在一个实施例中，ChipID是公共/私人密钥对的公共密钥，并且通过使用该公开密钥将应用密钥提供给集成芯片平台。 在一个实施例中，ChipID和密钥加密密钥从编入集成芯片的秘密随机数导出。 描述和要求保护其他实施例。

公开(公告)号：US20090006702A1

公开(公告)日：2009-01-01

申请号：US11768696

申请日：2007-06-26

申请人： Nitin Sarangdhar ,  Balaji Vembu

发明人： Nitin Sarangdhar ,  Balaji Vembu

IPC分类号： G06F13/14

CPC分类号： G06F13/14

摘要： A method and computer readable medium are disclosed. In one embodiment, the method includes enumerating multiple Universal Serial Bus (USB) devices on a computer platform running a multiple virtual machines (VMs). The method also includes assigning each of the USB devices to a VM, wherein each USB device may be assigned to a different VM. The method also includes making each USB device visible only to the VM it is assigned to. The method also includes limiting the bandwidth each of the VMs can schedule its assigned devices within a USB data transfer frame. This will allow all of the VMs to have access to the bandwidth of the frame by avoiding the problem of over-subscription when the schedule is merged.

摘要翻译： 公开了一种方法和计算机可读介质。 在一个实施例中，该方法包括在运行多个虚拟机（VM）的计算机平台上列举多个通用串行总线（USB）设备。 该方法还包括将每个USB设备分配给VM，其中每个USB设备可被分配给不同的VM。 该方法还包括使每个USB设备仅对其被分配给的VM可见。 该方法还包括限制每个VM的带宽可以在USB数据传输帧内调度其分配的设备。 这将允许所有VM通过避免在合并计划时超额订购的问题来访问帧的带宽。

公开(公告)号：US20070223704A1

公开(公告)日：2007-09-27

申请号：US11387203

申请日：2006-03-22

申请人： Ernest Brickell ,  Gary Graunke ,  William Stevens ,  Balaji Vembu

发明人： Ernest Brickell ,  Gary Graunke ,  William Stevens ,  Balaji Vembu

IPC分类号： H04L9/00

CPC分类号： H04L9/0841 ,  G09C1/00 ,  H04L2209/56

摘要： A method and apparatus for authenticated recoverable key distribution are described. In one embodiment, an application key is provided to an integrated chip platform. In one embodiment, the integrated chip platform encrypts the application key with a Key Encryption Key, which is stored within the persistent memory on the platform, and outputs a ChipID and the encrypted application key to enable recovery. In one embodiment, the platform can provide the ChipID to a recovery database to replace a lost encrypted application key. In one embodiment, the ChipID is the public key of a public/private key pair, and the application key is provided to the integrated chip platform by encrypting it using this public key. In one embodiment, the ChipID and the Key Encryption Key are derived from a secret random number programmed into the integrated chip. Other embodiments are described and claimed.

摘要翻译： 描述了用于认证的可恢复密钥分发的方法和装置。 在一个实施例中，将应用密钥提供给集成芯片平台。 在一个实施例中，集成芯片平台用存储在平台上的持久存储器内的密钥加密密钥加密应用密钥，并输出ChipID和加密的应用密钥以使能恢复。 在一个实施例中，平台可以将ChipID提供给恢复数据库以替换丢失的加密应用密钥。 在一个实施例中，ChipID是公共/私人密钥对的公共密钥，并且通过使用该公开密钥将应用密钥提供给集成芯片平台。 在一个实施例中，ChipID和密钥加密密钥从编入集成芯片的秘密随机数导出。 描述和要求保护其他实施例。