公开(公告)号：US09213653B2

公开(公告)日：2015-12-15

申请号：US14097414

申请日：2013-12-05

申请人： David M. Durham ,  Men Long

发明人： David M. Durham ,  Men Long

IPC分类号： G06F21/00 ,  H04L29/06 ,  G06F12/14 ,  G06F21/60 ,  G06F21/55 ,  G06F21/64 ,  G06F7/52 ,  G06F21/62

CPC分类号： H04L9/0618 ,  G06F11/1068 ,  G06F12/0868 ,  G06F12/1408 ,  G06F21/554 ,  G06F21/602 ,  G06F21/64 ,  G06F2212/1021 ,  G06F2212/1052 ,  G11C29/52 ,  G11C2029/1804 ,  G11C2029/3602 ,  H04L9/0637 ,  H04L9/3239 ,  H04L9/3242 ,  H04L9/3247 ,  Y02D10/13

摘要： Systems and methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.

摘要翻译： 系统和方法可以提供用于识别包括多个比特的未加密数据，其中未加密数据可以被加密并存储在存储器中。 此外，可以确定未加密数据是否包括多个比特的随机分布。 可以实现完整性动作，例如，当未加密数据包括多个比特的随机分布时。

公开(公告)号：US20150186295A1

公开(公告)日：2015-07-02

申请号：US14142117

申请日：2013-12-27

申请人： Uday R. Savagaonkar ,  Siddhartha Chhabra ,  Men Long ,  Alpa T. Narendra Trivedi ,  Carlos Cornelas Omelas ,  Edgar Borrayo ,  Ramadass Nagarajan ,  Stanley Steve Kulick

发明人： Uday R. Savagaonkar ,  Siddhartha Chhabra ,  Men Long ,  Alpa T. Narendra Trivedi ,  Carlos Cornelas Omelas ,  Edgar Borrayo ,  Ramadass Nagarajan ,  Stanley Steve Kulick

IPC分类号： G06F12/14 ,  G06F21/60 ,  G06F21/55

CPC分类号： G06F12/1408 ,  G06F12/1441 ,  G06F21/74 ,  G06F2212/1052

摘要： A processor is described that includes one or more processing cores. The processor includes a memory controller to interface with a system memory having a protected region and a non protected region. The processor includes a protection engine to protect against active and passive attacks. The processor includes an encryption/decryption engine to protect against passive attacks. The protection engine includes bridge circuitry coupled between the memory controller and the one or more processing cores. The bridge circuitry is also coupled to the protection engine and the encryption/decryption engine. The bridge circuitry is to route first requests directed to the protected region to the protection engine and to route second requests directed to the non protected region to the encryption/decryption engine.

摘要翻译： 描述了包括一个或多个处理核心的处理器。 处理器包括与具有受保护区域和非保护区域的系统存储器接口的存储器控​​制器。 该处理器包括保护引擎，以防止主动和被动攻击。 该处理器包括一个加密/解密引擎，以防止被动攻击。 保护引擎包括耦合在存储器控制器和一个或多个处理核心之间的桥接电路。 桥接电路还耦合到保护引擎和加密/解密引擎。 桥接电路是将定向到保护区域的第一请求路由到保护引擎，并将定向到非保护区域的第二请求路由到加密/解密引擎。

公开(公告)号：US09069961B2

公开(公告)日：2015-06-30

申请号：US13919609

申请日：2013-06-17

申请人： Hormuzd M. Khosravi ,  Venkat R. Gokulrangan ,  Yasser Rasheed ,  Men Long

发明人： Hormuzd M. Khosravi ,  Venkat R. Gokulrangan ,  Yasser Rasheed ,  Men Long

IPC分类号： G06F3/00 ,  G06F5/00 ,  G06F21/56 ,  G06F21/51 ,  G06F21/74 ,  G06F21/85

CPC分类号： G06F21/561 ,  G06F21/51 ,  G06F21/56 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/034 ,  G06F2221/2101 ,  G06F2221/2105

摘要： A platform to support verification of the contents of an input-output device. The platform includes a platform hardware, which may verify the contents of the I/O device. The platform hardware may comprise components such as manageability engine and verification engine that are used to verify the contents of the I/O device even before the contents of the I/O device are exposed to an operating system supported by a host. The platform components may delete the infected portions of the contents of I/O device if the verification process indicates that the contents of the I/O device include the infected portions.

摘要翻译： 支持验证输入输出设备内容的平台。 该平台包括可以验证I / O设备内容的平台硬件。 即使在I / O设备的内容暴露于由主机支持的操作系统之前，平台硬件也可以包括用于验证I / O设备的内容的诸如可管理性引擎和验证引擎的组件。 如果验证过程指示I / O设备的内容包括感染部分，则平台组件可以删除I / O设备的内容的感染部分。

公开(公告)号：US20150161059A1

公开(公告)日：2015-06-11

申请号：US14097414

申请日：2013-12-05

申请人： David M. Durham ,  Men Long

发明人： David M. Durham ,  Men Long

IPC分类号： G06F12/14 ,  G06F21/60

CPC分类号： H04L9/0618 ,  G06F11/1068 ,  G06F12/0868 ,  G06F12/1408 ,  G06F21/554 ,  G06F21/602 ,  G06F21/64 ,  G06F2212/1021 ,  G06F2212/1052 ,  G11C29/52 ,  G11C2029/1804 ,  G11C2029/3602 ,  H04L9/0637 ,  H04L9/3239 ,  H04L9/3242 ,  H04L9/3247 ,  Y02D10/13

摘要： Systems and methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.

摘要翻译： 系统和方法可以提供用于识别包括多个比特的未加密数据，其中未加密数据可以被加密并存储在存储器中。 此外，可以确定未加密数据是否包括多个比特的随机分布。 可以实现完整性动作，例如，当未加密数据包括多个比特的随机分布时。

公开(公告)号：US09053346B2

公开(公告)日：2015-06-09

申请号：US13976930

申请日：2011-12-28

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

IPC分类号： G06F12/00 ,  G06F21/64 ,  G06F12/14 ,  G06F21/00 ,  G06F21/77

CPC分类号： G06F21/64 ,  G06F12/1408 ,  G06F21/00 ,  G06F21/77

摘要： A method and system to provide a low-overhead cryptographic scheme that affords memory confidentiality, integrity and replay-protection by removing the critical read-after-write dependency between the various levels of the cryptographic tree. In one embodiment of the invention, the cryptographic processing of a child node can be pipelined with that of the parent nodes. This parallelization provided by the invention results in an efficient utilization of the cryptographic pipeline, enabling significantly lower performance overheads.

摘要翻译： 一种提供低开销加密方案的方法和系统，其通过去除加密树的各个级别之间的关键读后依赖关系来提供内存机密性，完整性和重放保护。 在本发明的一个实施例中，子节点的密码处理可以与母节点的密码处理流水线化。 由本发明提供的这种并行化导致密码流水线的有效利用，能够显着降低性能开销。

公开(公告)号：US20120117348A1

公开(公告)日：2012-05-10

申请号：US12941915

申请日：2010-11-08

申请人： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Robert W. Strong ,  Richard J. Heiler ,  Eliezer Tamir ,  Simoni Ben-Michael ,  Brad W. Stewart ,  Akshay R. Kadam ,  Men Long ,  James T. Doyle ,  Hormuzd M. Khosravi ,  Lokpraveen B. Mosur ,  Edward J. Pullin ,  Paul S. Schmitz ,  Carol L. Barrett ,  Paul J. Thadikaran

发明人： Nicholas D. Triantafillou ,  Paritosh Saxena ,  Robert W. Strong ,  Richard J. Heiler ,  Eliezer Tamir ,  Simoni Ben-Michael ,  Brad W. Stewart ,  Akshay R. Kadam ,  Men Long ,  James T. Doyle ,  Hormuzd M. Khosravi ,  Lokpraveen B. Mosur ,  Edward J. Pullin ,  Paul S. Schmitz ,  Carol L. Barrett ,  Paul J. Thadikaran

IPC分类号： G06F12/14

CPC分类号： G06F21/566

摘要： Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device.

摘要翻译： 用于数据存储设备本地实现安全管理功能的技术。 在一个实施例中，数据存储设备的安全管理过程是确定对数据存储设备的非易失性介质的访问是否被授权。 在某些实施例中，数据存储设备将限制对非易失性存储介质的安全区域的访问，该安全区域用于存储由数据存储设备的安全管理过程使用和/或生成的信息。

公开(公告)号：US20180165229A1

公开(公告)日：2018-06-14

申请号：US15376442

申请日：2016-12-12

申请人： Siddhartha Chhabra ,  Men Long ,  Carlos Cornelas Ornelas ,  Edgar Borrayo ,  Alpa T. Narendra Trivedi

发明人： Siddhartha Chhabra ,  Men Long ,  Carlos Cornelas Ornelas ,  Edgar Borrayo ,  Alpa T. Narendra Trivedi

IPC分类号： G06F13/16 ,  G06F13/18

CPC分类号： G06F13/1626 ,  G06F13/1642 ,  G06F13/18

摘要： Embodiments of the invention include a machine-readable medium having stored thereon instructions, which if performed by a machine causes the machine to perform a method that includes assigning an urgency of requests based on a priority level for incoming requests and associated entries in at least one priority queue, assigning an urgency delta for anti-starvation that indicates urgency promotion to prevent starvation for the incoming requests in the at least one priority queue, determining conflict information including whether an incoming request is dependent on any request already present in the at least one queue, determining all contending requests within the at least one priority queue during a cycle, and sending a selected contending request to a memory controller for accessing memory.

公开(公告)号：US20170097898A1

公开(公告)日：2017-04-06

申请号：US14974972

申请日：2015-12-18

申请人： David M. Durham ,  Michael Lemay ,  Men Long

发明人： David M. Durham ,  Michael Lemay ,  Men Long

IPC分类号： G06F12/10 ,  G06F9/30 ,  G06F12/14

CPC分类号： G06F12/1027 ,  G06F9/3005 ,  G06F12/1408 ,  G06F12/1475 ,  G06F2212/402 ,  G06F2212/50 ,  Y02D10/13

摘要： Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.

公开(公告)号：US20160182223A1

公开(公告)日：2016-06-23

申请号：US14581946

申请日：2014-12-23

申请人： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

发明人： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC分类号： H04L9/06 ,  G06F12/14 ,  G06F21/62

CPC分类号： H04L9/0631 ,  G06F12/1408 ,  G06F12/1425 ,  G06F21/602 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2212/402 ,  G09C1/00 ,  H04L2209/125 ,  Y02D10/13

摘要： Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

摘要翻译： 描述加密接口技术。 处理器可以包括系统代理，加密接口和存储器控制器。 系统代理可以与硬件功能块通信数据。 加密接口可以耦合在系统代理和存储器控制器之间。 加密接口可以从系统代理接收明文请求，加密明文请求以获得加密请求，并将加密的请求传送到存储器控制器。 存储器控制器可以将加密的请求传送到计算设备的主存储器。

公开(公告)号：US08873746B2

公开(公告)日：2014-10-28

申请号：US12695853

申请日：2010-01-28

申请人： Men Long ,  Karanvir S. Grewal

发明人： Men Long ,  Karanvir S. Grewal

IPC分类号： H04L29/06 ,  H04L9/08

CPC分类号： H04L9/0827 ,  H04L9/0838 ,  H04L9/14 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/06 ,  H04L2209/60 ,  H04L2209/76

摘要： An embodiment may include circuitry to establish, at least in part, a secure communication channel between, at least in part, a client in a first domain and a server in a second domain. The channel may include a first and second domain sessions in the first and second domains. The circuitry may generate first and second domain session keys that may encrypt, at least in part, respectively, the first and second domain sessions. The first domain session key may be generated based upon a first domain key assigned to the first domain and a first data set associated with the first domain session. The second domain session key may be generated based upon a second domain key assigned to the second domain and a second data set associated with the second domain session.

摘要翻译： 实施例可以包括至少部分地在至少部分地建立第一域中的客户端和第二域中的服务器之间的安全通信信道的电路。 频道可以包括第一和第二域中的第一和第二域会话。 电路可以产生可以分别至少部分地加密第一和第二域会话的第一和第二域会话密钥。 可以基于分配给第一域的第一域密钥和与第一域会话相关联的第一数据集来生成第一域会话密钥。 可以基于分配给第二域的第二域密钥和与第二域会话相关联的第二数据集来生成第二域会话密钥。