公开(公告)号：US20220327214A1

公开(公告)日：2022-10-13

申请号：US17852814

申请日：2022-06-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Chao Zhang ,  Nivedita Aggarwal ,  Aditya Katragada ,  Mohamed Haniffa ,  Kenji Chen

IPC: G06F21/57 ,  G06F8/65 ,  G06F21/64

Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.

公开(公告)号：US20220271955A1

公开(公告)日：2022-08-25

申请号：US17742774

申请日：2022-05-12

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08

Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.

公开(公告)号：US20220141026A1

公开(公告)日：2022-05-05

申请号：US17133367

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Gaurav Kumar ,  Alex Nayshtut ,  Reshma Lal ,  Prashant Dewan ,  Pradeep Pappachan ,  Rajesh Poornachandran ,  Omer Ben-Shalom

IPC: H04L9/32 ,  G06T1/20 ,  G06T1/60 ,  H04L9/08 ,  H04L29/06 ,  G06F9/50 ,  G06F8/65 ,  G06N3/04 ,  G06N3/08

Abstract: Methods, apparatuses and system provide for technology that interleaves a plurality of verification commands with a plurality of copy commands in a command buffer, wherein each copy command includes a message authentication code (MAC) derived from a master session key, wherein one or more of the plurality of verification commands corresponds to a copy command in the plurality of copy commands, and wherein a verification command at an end of the command buffer corresponds to contents of the command buffer. The technology may also add a MAC generation command to the command buffer, wherein the MAC generation command references an address of a compute result.

公开(公告)号：US20210258313A1

公开(公告)日：2021-08-19

申请号：US17127579

申请日：2020-12-18

Applicant: Intel Corporation

Inventor： Hong C. Li ,  John B. Vicente ,  Prashant Dewan

IPC: H04L29/06 ,  G06F21/51 ,  G06F21/53

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

公开(公告)号：US10789061B2

公开(公告)日：2020-09-29

申请号：US16143334

申请日：2018-09-26

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam Sengupta

IPC: G06F8/65 ,  H04L9/30 ,  G06F21/57 ,  H04L9/32 ,  G06F8/654

Abstract: Apparatuses, methods and storage mediums associated with updating firmware of a component of a computer platform, are disclosed herein. In some embodiments, a processor includes an instruction decoder; and a storage having microcode arranged to implement an instruction to verify updates to firmware of a component of a computer platform hosting the processor and the component. The computer platform may include a component firmware update manager. The firmware of a component may include a firmware update plug-in. Other embodiments are also described, and may be claimed.

公开(公告)号：US20200226047A1

公开(公告)日：2020-07-16

申请号：US16832163

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Aditya Katragada

IPC: G06F11/34 ,  H04L29/08 ,  H04L9/32

Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.

公开(公告)号：US20190305973A1

公开(公告)日：2019-10-03

申请号：US16444143

申请日：2019-06-18

Applicant: INTEL CORPORATION

Inventor： Prashant Dewan

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/08 ,  H04L9/14

Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.

公开(公告)号：US10397231B2

公开(公告)日：2019-08-27

申请号：US15979119

申请日：2018-05-14

Applicant: Intel Corporation

Inventor： Hong C. Li ,  John B. Vicente ,  Prashant Dewan

IPC: G06F21/51 ,  G06F21/53 ,  H04L29/06 ,  H04L29/08

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

公开(公告)号：US20190103961A1

公开(公告)日：2019-04-04

申请号：US15721352

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: H04L9/08 ,  H04L9/30 ,  H04L9/06

CPC classification number: H04L9/0838 ,  H04L9/06 ,  H04L9/0825 ,  H04L9/0841 ,  H04L9/30

Abstract: Embodiments detailed herein relate to techniques which enable the creation of secure point-to-point interconnect communication channels between hardware components which may be independently manufactured and arbitrarily paired with one another in a computer system. Also detailed herein is instruction support for dynamically enabling and disabling the security of a point-to-point interconnect link.

公开(公告)号：US20190045016A1

公开(公告)日：2019-02-07

申请号：US16023233

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta ,  Howard C. Herbert

IPC: H04L29/08 ,  H04L29/06

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.