公开(公告)号：US10395035B2

公开(公告)日：2019-08-27

申请号：US15277195

申请日：2016-09-27

Applicant: Intel Corporation

Inventor： Sanu K. Mathew ,  Sudhir K Satpathy ,  Vikram B Suresh ,  Patrick Koeberl

IPC: H01L27/02 ,  G06F21/56 ,  G06F21/72 ,  G06F21/75 ,  H01L23/00

Abstract: Some embodiments include apparatuses having diffusion regions located adjacent each other in a substrate, and connections coupled to the diffusion regions. The diffusion regions include first diffusion regions, second diffusion regions, and third diffusion regions. One of the second diffusion regions and one of the third diffusion regions are between two of the first diffusion regions. One of the first diffusion regions and one of the third diffusion regions are between two of the second diffusion regions. The connections include a first connection coupled to each of the first diffusion regions, a second connection coupled to each of the second diffusion regions, and a third connection coupled to each of the third diffusion regions.

公开(公告)号：US20180173644A1

公开(公告)日：2018-06-21

申请号：US15384267

申请日：2016-12-19

Applicant: Intel Corporation

Inventor： Patrick Koeberl ,  Steffen Schulz ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

IPC: G06F12/14 ,  G06F3/06 ,  G06F9/44 ,  G06F21/57

Abstract: Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.

公开(公告)号：US20160306752A1

公开(公告)日：2016-10-20

申请号：US15192049

申请日：2016-06-24

Applicant: INTEL CORPORATION

Inventor： Patrick Koeberl ,  Steffen Schulz

IPC: G06F12/14 ,  G06F9/38 ,  G06F9/30

CPC classification number: G06F12/1441 ,  G06F9/3005 ,  G06F9/3802 ,  G06F9/3824

Abstract: Execution-Aware Memory protection technologies are described. A processor includes a processor core and a memory protection unit (MPU). The MPU includes a memory protection table and memory protection logic. The memory protection table defines a first protection region in main memory, the first protection region including a first instruction region and a first data region. The memory protection logic determines a protection violation by a first instruction when 1) an instruction address, resulting from an instruction fetch operation corresponding to the first instruction, is not within the first instruction region or 2) a data address, resulting from an execute operation corresponding to the first instruction, is not within the first data region.

Abstract translation: 执行意识描述内存保护技术。 处理器包括处理器核和存储器保护单元（MPU）。 MPU包括存储器保护表和存储器保护逻辑。 存储器保护表定义主存储器中的第一保护区域，第一保护区域包括第一指令区域和第一数据区域。 存储器保护逻辑在1）由与第一指令相对应的指令获取操作产生的指令地址不在第一指令区域内时由第一指令确定保护违规，或2）由执行操作产生的数据地址 对应于第一指令，不在第一数据区域内。

公开(公告)号：US08938792B2

公开(公告)日：2015-01-20

申请号：US13730469

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Patrick Koeberl ,  Jiangtao Li

IPC: G06F21/00 ,  G06F21/70

CPC classification number: G06F21/70 ,  G06F21/44 ,  G06F21/73 ,  G09C1/00 ,  H04L9/0866 ,  H04L2209/12

Abstract: At least one machine accessible medium having instructions stored thereon for authenticating a hardware device is provided. When executed by a processor, the instructions cause the processor to receive two or more device keys from a physically unclonable function (PUF) on the hardware device, generate a device identifier from the two or more device keys, obtain a device certificate from the hardware device, perform a verification of the device identifier, and provide a result of the device identifier verification. In a more specific embodiment, the instructions cause the processor to perform a verification of a digital signature in the device certificate and to provide a result of the digital signature verification. The hardware device may be rejected if at least one of the device identifier verification and the digital signature verification fails.

Abstract translation: 提供了至少一个具有存储在其上用于认证硬件设备的指令的机器可访问介质。 当处理器执行时，指令使处理器从硬件设备上的物理不可克隆功能（PUF）接收两个或多个设备密钥，从两个或多个设备密钥生成设备标识符，从硬件获得设备证书 设备，执行设备标识符的验证，并提供设备标识符验证的结果。 在更具体的实施例中，指令使处理器执行设备证书中的数字签名的验证并提供数字签名验证的结果。 如果设备标识符验证和数字签名验证中的至少一个失败，则硬件设备可能被拒绝。