公开(公告)号：US10104122B2

公开(公告)日：2018-10-16

申请号：US14825645

申请日：2015-08-13

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Jason Martin ,  Howard C. Herbert ,  Michael LeMay ,  Karanvir Ken S. Grewal ,  Keith L. Shippy ,  Geoffrey Strongin

IPC: H04L29/06 ,  H04L29/08 ,  G06K9/00

Abstract: Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.

公开(公告)号：US09098300B2

公开(公告)日：2015-08-04

申请号：US13935767

申请日：2013-07-05

Applicant: INTEL CORPORATION

Inventor： Vincent J. Zimmer ,  Bin Xing ,  Scott H. Robinson

IPC: G06F1/00 ,  G06F9/44 ,  G06F11/07 ,  G06F11/10 ,  G06F21/14 ,  G06F21/57

CPC classification number: G06F9/4401 ,  G06F11/073 ,  G06F11/076 ,  G06F11/1092 ,  G06F21/14 ,  G06F21/572 ,  G06F21/575

Abstract: In one embodiment, a semiconductor integrated code (SIC) may be provided in a binary format by a processor manufacturer. This SIC may include platform independent code of the processor manufacturer. Such code may include embedded processor logic to initialize the processor and at least one link that couples the processor to a memory, and embedded memory logic to initialize the memory. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，半导体集成代码（SIC）可由处理器制造商以二进制格式提供。 该SIC可以包括处理器制造商的平台无关代码。 这样的代码可以包括用于初始化处理器的嵌入式处理器逻辑和将处理器耦合到存储器的至少一个链路以及嵌入式存储器逻辑以初始化存储器。 描述和要求保护其他实施例。

公开(公告)号：US10353831B2

公开(公告)日：2019-07-16

申请号：US14998065

申请日：2015-12-24

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Ravi L. Sahita ,  Mark W. Shanahan ,  Karanvir S. Grewal ,  Nitin V. Sarangdhar ,  Carlos V. Rozas ,  Bo Zhang ,  Shanwei Cen

IPC: G06F12/00 ,  G06F12/14 ,  G06F9/455 ,  G06F21/57

Abstract: Systems, apparatuses and methods may provide for verifying, from outside a trusted computing base of a computing system, an identity an enclave instance prior to the enclave instance being launched in the trusted computing base, determining a memory location of the enclave instance and confirming that the memory location is local to the computing system. In one example, the enclave instance is a proxy enclave instance, wherein communications are conducted with one or more additional enclave instances in the trusted computing base via the proxy enclave instance and an unencrypted channel.

公开(公告)号：US20180253327A1

公开(公告)日：2018-09-06

申请号：US15970939

申请日：2018-05-04

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Vijay Tewari ,  Robin C. Knauerhase

IPC: G06F9/455 ,  G06F21/53 ,  H04L29/06

CPC classification number: G06F9/45545 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45562 ,  G06F2009/45566 ,  H04L63/08 ,  H04L63/0815

Abstract: A computing device comprises instructions that, when executed, enable the computing device to present a logical representation of a unified view of virtual machines (VMs), each of which executes a respective application in the computing device. The logical representation of the unified view includes a plurality of graphical user interface (GUI) elements for the applications. The operation of presenting the logical representation of the unified view is performed, at least in part, by a unification console that executes in a dedicated VM. The unification console also facilitates operations such as receiving user input pertaining to a selected application among the applications and receiving application output from the selected application. The user input from the unification console is redirected to the selected application in its respective VM. Output is rendered for the user, based on the application output received by the unification console. Other embodiments are described and claimed.

公开(公告)号：US10019273B2

公开(公告)日：2018-07-10

申请号：US14538451

申请日：2014-11-11

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Vijay Tewari ,  Robin C. Knauerhase

IPC: G06F9/455 ,  H04L29/06 ,  G06F21/53

CPC classification number: G06F9/45545 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45562 ,  G06F2009/45566 ,  H04L63/08 ,  H04L63/0815

Abstract: A virtual environment manager (“VEM”) simplifies the usability of virtual machines and provides users with an enhanced design for creating and/or for managing virtual machines (“VMs”). For example, a user can select description information and management information to be included in descriptors and according to which a VEM will create and manage various VM environments for various host environments. The VEM automatically creates the VM environments and host environments by sending descriptor description information and data files associated with the description information to virtual machine monitors (VMMs), which create the VM environments according to the description information. A VEM at each host may manage VM environments executed by the VMM, according to the descriptor management information. Thus, a set of descriptors to create and manage a set of VMs for a home computer may be easily modified by a user to create and manage a set of VMs for a work or laptop computer.

公开(公告)号：US20170104597A1

公开(公告)日：2017-04-13

申请号：US14974893

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Ansuya Negi ,  Nitin V. Sarangdhar ,  Ulhas S. Warrier ,  Ramkumar Venkatachary ,  Ravi L. Sahita ,  Scott H. Robinson ,  Karanvir S. Grewal

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3231 ,  H04L9/0816 ,  H04L9/0825

Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.

公开(公告)号：US20160350534A1

公开(公告)日：2016-12-01

申请号：US14725310

申请日：2015-05-29

Applicant: Intel Corporation

Inventor： Rajesh Poornachandran ,  Ned M. Smith ,  Nitin V. Sarangdhar ,  Karanvir S. Grewal ,  Ravi L. Sahita ,  Scott H. Robinson

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F21/10 ,  G06F21/554 ,  G06F21/71 ,  G06F2221/034 ,  G06F2221/2125 ,  G06F2221/2143 ,  H04L9/0897 ,  H04L9/3226 ,  H04L9/3273 ,  H04L2209/603

Abstract: In an embodiment, a system is adapted to: record at least one measurement of a virtual trusted execution environment in a storage of the system and generate a secret sealed to a state of this measurement; create, using the virtual trusted execution environment, an isolated environment including a secure enclave and an application, the virtual trusted execution environment to protect the isolated environment; receive, in the application, a first measurement quote associated with the virtual trusted execution environment and a second measurement quote associated with the secure enclave; and communicate quote information regarding the first and second measurement quotes to a remote attestation service to enable the remote attestation service to verify the virtual trusted execution environment and the secure enclave, and responsive to the verification the secret is to be provided to the virtual trusted execution environment and the isolated environment. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，系统适于：将虚拟可信执行环境的至少一个测量记录在系统的存储器中，并生成密封到该测量的状态的秘密; 创建，使用虚拟可信执行环境，包括安全飞地和应用程序的隔离环境，保护隔离环境的虚拟可信执行环境; 在所述应用中接收与所述虚拟可信执行环境相关联的第一测量报价和与所述安全飞地相关联的第二测量报价; 并且将关于第一和第二测量报价的报价信息传达到远程认证服务，以使远程认证服务能够验证虚拟可信执行环境和安全飞地，并且响应于验证，将秘密提供给虚拟可信执行 环境和孤立的环境。 描述和要求保护其他实施例。

公开(公告)号：US09124635B2

公开(公告)日：2015-09-01

申请号：US13690666

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Jason Martin ,  Howard C. Herbert ,  Michael LeMay ,  Karanvir Ken S. Grewal ,  Keith L. Shippy ,  Geoffrey Strongin

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06K9/00228 ,  H04L63/105 ,  H04L67/24

Abstract: Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.

Abstract translation: 传感器数据可能会在安全的环境中进行过滤。 滤波可能会限制传感器数据的分布。 过滤可以修改传感器数据，例如，以防止识别拍摄图像中描绘的人，或阻止获取用户的精确位置。 过滤还可以添加或要求其他数据使用控制来访问数据。 也可以提供过滤器策略正在应用和正常工作的证明。

公开(公告)号：US20190036699A1

公开(公告)日：2019-01-31

申请号：US16133952

申请日：2018-09-18

Applicant: Intel Corporation

Inventor： Ansuya Negi ,  Nitin V. Sarangdhar ,  Ulhas S. Warrier ,  Ramkumar Venkatachary ,  Ravi L. Sahita ,  Scott H. Robinson ,  Karanvir S. Grewal

IPC: H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3231 ,  H04L9/0816 ,  H04L9/0825

Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.

公开(公告)号：US20150074663A1

公开(公告)日：2015-03-12

申请号：US14520045

申请日：2014-10-21

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Vijay Tewari ,  Robert C. Knauerhase

IPC: G06F9/455

CPC classification number: G06F9/45545 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45562 ,  G06F2009/45566 ,  H04L63/08 ,  H04L63/0815

Abstract: A virtual environment manager (“VEM”) simplifies the usability of virtual machines and provides users with an enhanced design for creating and/or for managing virtual machines (“VMs”). For example, a user can select description information and management information to be included in descriptors and according to which a VEM will create and manage various VM environments for various host environments. The VEM automatically creates the VM environments and host environments by sending descriptor description information and data files associated with the description information to virtual machine monitors (VMMs), which create the VM environments according to the description information. A VEM at each host may manage VM environments executed by the VMM, according to the descriptor management information. Thus, a set of descriptors to create and manage a set of VMs for a home computer may be easily modified by a user to create and manage a set of VMs for a work or laptop computer.