公开(公告)号：US20200153629A1

公开(公告)日：2020-05-14

申请号：US16723599

申请日：2019-12-20

Applicant: Intel Corporation

Inventor： Salessawi Ferede Yitbarek ,  Luis Kida ,  Vincent Scarlata ,  Reshma Lal ,  Simon Johnson

IPC: H04L9/32 ,  H04L9/08 ,  G06F21/60

Abstract: A method comprises initializing a compute platform in a cloud computing environment, assigning at least a first cryptographic key associated with the platform manufacturer and a second cryptographic key associated with a workload owner to a debug/management interface of the compute platform, and encrypting device information generated by the debug/management interface of the compute platform using at least one of the first cryptographic key or the second cryptographic key.

公开(公告)号：US09355262B2

公开(公告)日：2016-05-31

申请号：US14141941

申请日：2013-12-27

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Ilya Alexandrovich ,  Ittai Anati ,  Alex Berenzon ,  Michael Goldsmith ,  Simon Johnson ,  Francis McKeen ,  Carlos Rozas ,  Uday Savagaonkar ,  Vincent Scarlata ,  Vedvyas Shanbhogue ,  Wesley Smith

IPC: G06F21/60 ,  G06F12/08 ,  G06F12/14 ,  G06F9/30 ,  G06F21/72

CPC classification number: G06F21/604 ,  G06F9/3004 ,  G06F12/0875 ,  G06F12/145 ,  G06F12/1466 ,  G06F12/1491 ,  G06F21/72

Abstract: Embodiments of an invention for modifying memory permissions in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to modify access permissions for a page in a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes setting new access permissions in an enclave page cache map entry. Furthermore, the page is immediately accessible from inside the secure enclave according to the new access permissions.

Abstract translation: 公开了用于在安全处理环境中修改存储器许可的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元将接收修改安全飞地中页面访问权限的指令。 执行单元执行指令。 执行该指令包括在飞地页面缓存映射条目中设置新的访问权限。 此外，根据新的访问权限，该页面可以从安全飞地内部立即访问。

公开(公告)号：US09171163B2

公开(公告)日：2015-10-27

申请号：US13844101

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Vinay Phegade ,  Anand Rajan ,  Simon Johnson ,  Vincent Scarlata ,  Carlos Rozas ,  Nikhil Deshpande

IPC: G06F21/60 ,  G06F21/57 ,  G06F21/64

CPC classification number: H04L63/0428 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2105 ,  H04L63/126 ,  H04L63/302

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract translation: 用于在实体之间共享信息的装置包括处理器和在处理器上执行的可信执行模块。 可信执行模块被配置为从与第一实体相关联的第一客户端设备接收第一机密信息，将可信执行环境中的第一机密信息密封，从与第二实体相关联的第二客户端设备接收第二机密信息， 可信执行环境中的第二机密信息，并在可信执行环境内执行代码。 代码被配置为基于第一机密信息和第二机密信息来计算机密结果。

公开(公告)号：US20160044005A1

公开(公告)日：2016-02-11

申请号：US14922931

申请日：2015-10-26

Applicant: Intel Corporation

Inventor： VINAY PHEGADE ,  ANAND RAJAN ,  Simon Johnson ,  Vincent Scarlata ,  Carlos Rozas ,  Nikhil Deshpande

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2105 ,  H04L63/126 ,  H04L63/302

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

Abstract translation: 用于在实体之间共享信息的装置包括处理器和在处理器上执行的可信执行模块。 可信执行模块被配置为从与第一实体相关联的第一客户端设备接收第一机密信息，将可信执行环境中的第一机密信息密封，从与第二实体相关联的第二客户端设备接收第二机密信息， 可信执行环境中的第二机密信息，并在可信执行环境内执行代码。 代码被配置为基于第一机密信息和第二机密信息来计算机密结果。

公开(公告)号：US09729309B2

公开(公告)日：2017-08-08

申请号：US13719939

申请日：2012-12-19

Applicant: Intel Corporation

Inventor： Simon Johnson ,  Abhishek Das ,  Carlos Rozas ,  Uday Savagaonkar ,  Robert Blankenship ,  Kiran Padwekar

IPC: G06F21/00 ,  H04L29/06 ,  H04L9/32 ,  H04L9/00

CPC classification number: H04L9/00 ,  G06F21/556 ,  G06F21/606 ,  H04L9/32 ,  H04L63/0428 ,  H04L63/0471 ,  H04L63/123

Abstract: Embodiments of an invention for securing transmissions between processor packages are disclosed. In one embodiment, an apparatus includes an encryption unit to encrypt first content to be transmitted from the apparatus to a processor package directly through a point-to-point link.

公开(公告)号：US09407636B2

公开(公告)日：2016-08-02

申请号：US14281651

申请日：2014-05-19

Applicant: INTEL CORPORATION

Inventor： Vincent Scarlata ,  Simon Johnson ,  Carlos Rozas ,  Francis McKeen ,  Ittai Anati ,  Ilya Alexandrovich ,  Rebekah Leslie-Hurd

IPC: G06F21/64 ,  H04L29/06 ,  G06F21/74

CPC classification number: G06F21/64 ,  G06F21/62 ,  G06F21/74 ,  G06F21/81 ,  G06F21/85 ,  H04L63/061 ,  H04L63/0876

Abstract: An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.

Abstract translation: 一种用于安全地挂起并恢复处理器状态的装置和方法。 例如，方法的一个实施例包括：生成至少包括单调计数器值的数据结构; 使用第一密钥在数据结构上生成消息认证码（MAC）; 将数据结构和MAC安全地提供给在处理器上执行的模块; 所述模块验证所述MAC，将所述单调计数器值与在先前暂停操作期间存储的计数器值进行比较，并且如果所述计数器值匹配，则加载完成所述恢复操作所需的处理器状态。 方法的另一实施例包括：由处理器生成第一密钥; 用脱离处理器组件安全地共享第一个密钥; 以及使用所述第一密钥来生成可用于识别所述处理器和所述关闭处理器组件之间的配对的配对ID。

公开(公告)号：US09769129B2

公开(公告)日：2017-09-19

申请号：US14922931

申请日：2015-10-26

Applicant: Intel Corporation

Inventor： Vinay Phegade ,  Anand Rajan ,  Simon Johnson ,  Vincent Scarlata ,  Carlos Rozas ,  Nikhil Deshpande

IPC: G06F21/60 ,  G06F21/57 ,  G06F21/64 ,  H04L29/06

CPC classification number: H04L63/0428 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F2221/2105 ,  H04L63/126 ,  H04L63/302

Abstract: An apparatus for sharing information between entities includes a processor and a trusted execution module executing on the processor. The trusted execution module is configured to receive first confidential information from a first client device associated with a first entity, seal the first confidential information within a trusted execution environment, receive second confidential information from a second client device associated with a second entity, seal the second confidential information within the trusted execution environment, and execute code within the trusted execution environment. The code is configured to compute a confidential result based upon the first confidential information and the second confidential information.

公开(公告)号：US09698989B2

公开(公告)日：2017-07-04

申请号：US13949213

申请日：2013-07-23

Applicant: Intel Corporation

Inventor： Vincent Scarlata ,  Carlos Rozas ,  Simon Johnson ,  Uday Savagaonkar ,  Ittai Anati ,  Francis McKeen ,  Michael Goldsmith

IPC: H04L9/32 ,  G06F21/12 ,  G06F21/53

CPC classification number: H04L9/3213 ,  G06F21/12 ,  G06F21/53 ,  H04L9/3263

Abstract: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.