-
公开(公告)号:US11651092B2
公开(公告)日:2023-05-16
申请号:US17237102
申请日:2021-04-22
Applicant: INTEL CORPORATION
Inventor: Brian S. Hausauer , Lokpraveen B. Mosur , Tony Hurson , Patrick Fleming , Adrian R. Pearson
CPC classification number: G06F21/62 , G06F21/78 , H04L9/0891 , H04L9/0894 , H04L9/3242 , H04L63/0428 , H04L63/06 , H04L63/08 , H04L63/10 , G06F16/13 , G06F2221/2107 , H04L9/3213 , H04L67/1097
Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.
-
公开(公告)号:US10911250B2
公开(公告)日:2021-02-02
申请号:US15871726
申请日:2018-01-15
Applicant: INTEL CORPORATION
Inventor: Adrian R. Pearson , Jason R. Cox , James Chu
Abstract: Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.
-
公开(公告)号:US20190005063A1
公开(公告)日:2019-01-03
申请号:US15636788
申请日:2017-06-29
Applicant: Intel Corporation
Inventor: Adrian R. Pearson , Jawad B. Khan
CPC classification number: G06F16/1844 , G06F11/1662 , G06F12/023 , G06F12/0646 , G06F21/645 , H04L67/1097
Abstract: Systems, apparatuses and methods may provide for technology that digitally signs a hash table and a data payload, wherein the data payload is partitioned into a plurality of storage blocks and the hash table specifies how to index into and individually authenticate the plurality of storage blocks. Additionally, a write of the digitally signed hash table and data payload may be initiated to an aggregate storage array. In one example, the aggregate storage array authenticates the digital signature of the hash table and the data payload and conducts a write of the data payload to a plurality of drives in the aggregate storage array in accordance with the hash table.
-
公开(公告)号:US11042657B2
公开(公告)日:2021-06-22
申请号:US15721769
申请日:2017-09-30
Applicant: INTEL CORPORATION
Inventor: Brian S. Hausauer , Lokpraveen B. Mosur , Tony Hurson , Patrick Fleming , Adrian R. Pearson
Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to de determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.
-
公开(公告)号:US10355858B2
公开(公告)日:2019-07-16
申请号:US15086040
申请日:2016-03-30
Applicant: INTEL CORPORATION
Inventor: Brandon Collier , Thomas R. Bowen , Adrian R. Pearson , Jason R. Cox
Abstract: Provided are an apparatus, system, and method authenticating a system to access diagnostic interface in a storage device. The storage device includes a computer readable storage medium implemented to store data and a controller. The controller receives a request from the computer system to initiate a cryptographic nonce to access diagnostic interface in the storage device. The controller generates a nonce and returns to the computer system. Upon receiving an unlock request from the computer system to access the diagnostic interface including a signed nonce comprising at least the nonce encrypted with a private key by the authorized unlock system, the controller uses a public key that is a cryptographic pair with the private key to decrypt the signed nonce to determine whether to grant the computer system access to the diagnostic interface in the storage device.
-
Patent Agency Ranking
公开(公告)号:US09619242B2
公开(公告)日:2017-04-11
申请号:US14581309
申请日:2014-12-23
Applicant: Intel Corporation
Inventor: Hormuzd M. Khosravi , Adrian R. Pearson , Ned M. Smith , Abhilasha Bhargav-Spantzel
CPC classification number: G06F21/575 , G06F9/4406 , G06F9/441 , G06F9/4418 , G06F21/31 , H04L63/102 , H04L63/108
Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.
-
公开(公告)号:US10592477B2
公开(公告)日:2020-03-17
申请号:US15636788
申请日:2017-06-29
Applicant: Intel Corporation
Inventor: Adrian R. Pearson , Jawad B. Khan
Abstract: Systems, apparatuses and methods may provide for technology that digitally signs a hash table and a data payload, wherein the data payload is partitioned into a plurality of storage blocks and the hash table specifies how to index into and individually authenticate the plurality of storage blocks. Additionally, a write of the digitally signed hash table and data payload may be initiated to an aggregate storage array. In one example, the aggregate storage array authenticates the digital signature of the hash table and the data payload and conducts a write of the data payload to a plurality of drives in the aggregate storage array in accordance with the hash table.
-
公开(公告)号:US09871663B2
公开(公告)日:2018-01-16
申请号:US14668657
申请日:2015-03-25
Applicant: Intel Corporation
Inventor: Adrian R. Pearson , Jason R. Cox , James Chu
CPC classification number: H04L9/3271 , G06F12/1408 , G06F21/52 , G06F21/6218 , G06F2212/1052 , G06F2221/2139 , H04L9/3234 , H04L9/3257 , H04L63/061 , H04L63/0823 , H04L63/0853
Abstract: Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.
-
9.发明申请公开(公告)号:US20150178500A1
公开(公告)日:2015-06-25
申请号:US14639854
申请日:2015-03-05
Applicant: Intel Corporation
Inventor: Adrian R. Pearson , Christopher Andrew Thornburg , Steven J. Brown , Peter R. Munguia
IPC: G06F21/57
CPC classification number: G06F3/0625 , G06F1/3234 , G06F3/0622 , G06F21/57 , G06F21/575 , G06F21/79 , H04L9/3247
Abstract: A disclosed example method involves configuring a processor to, when transitioning the processor system to a low-power mode, use a key and a random or pseudo-random value to generate a first signature based on a sample of memory regions to be protected during the low-power mode, the memory regions based on a manufacturer required regions table and a third-party required regions table. The disclosed example method also involves configuring a processor to, during a resume process of the processor system from the low-power mode, generate a second signature based on the sample of the memory regions protected during the low-power mode. The disclosed example method also involves configuring a processor to, when the first signature matches the second signature, cause the processor system to resume from the low-power mode, and when the first signature does not match the second signature, generate an error.
Abstract translation: 所公开的示例性方法包括配置处理器以在将处理器系统转换到低功率模式时,使用密钥和随机或伪随机值,以基于在所述第一签名期间保护的存储器区域的样本来生成第一签名 低功耗模式,内存区域基于制造商所需的区域表和第三方所需区域表。 所公开的示例性方法还涉及将处理器配置成在处理器系统从低功率模式的恢复过程期间,基于在低功率模式期间受保护的存储器区域的采样来生成第二签名。 所公开的示例方法还涉及将处理器配置为当第一签名与第二签名匹配时使得处理器系统从低功率模式恢复,并且当第一签名与第二签名不匹配时,生成错误。
-
10.发明授权公开(公告)号:US09542114B2
公开(公告)日:2017-01-10
申请号:US15187348
申请日:2016-06-20
Applicant: Intel Corporation
Inventor: Adrian R. Pearson , Christopher Andrew Thornburg , Steven J. Brown , Peter R. Munguia
CPC classification number: G06F3/0625 , G06F1/3234 , G06F3/0622 , G06F21/57 , G06F21/575 , G06F21/79 , H04L9/3247
Abstract: A disclosed example involves managing power states, signing a suspend-to-RAM (STR) data structure by: generating a header key, a scatter/gather table key and a dynamic random access memory (DRAM) key using a root key generated by the secure processor. Generating a header signature using the header key, the header signature based on a table header and a random or pseudo-random value. Generating a scatter/gather table signature using the scatter/gather table key, the scatter/gather table signature based on a scatter/gather table header and a random or pseudo-random value. Generating a DRAM signature using the DRAM key and a value from a region of DRAM. Storing the header signature, the scatter/gather table signature and the DRAM signature in the STR data structure. Resume the processor system from the low-power mode when the data structure is valid based on a comparison of a first signature and a second signature.
Abstract translation: 所公开的示例涉及通过以下方式来管理电源状态,签名挂起到RAM(STR)数据结构:使用根据密钥生成的根密钥生成头部密钥,分散/聚集表密钥和动态随机存取存储器(DRAM)密钥 安全处理器。 使用头部密钥生成头部签名,基于表头部的头部签名和随机或伪随机值。 使用分散/收集表密钥生成分散/收集表签名,基于分散/收集表头的分散/收集表签名和随机或伪随机值。 使用DRAM密钥和来自DRAM区域的值生成DRAM签名。 在STR数据结构中存储头标签,分散/收集表签名和DRAM签名。 当数据结构基于第一签名和第二签名的比较而有效时,从低功率模式恢复处理器系统。
-
-
-
-
-
-
-
-
-
Search Results
17
records
(took 0.021 seconds)
