公开(公告)号：US20170366359A1

公开(公告)日：2017-12-21

申请号：US15201400

申请日：2016-07-02

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P, Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L29/06

CPC classification number: H04L9/3263 ,  G09C1/00 ,  H04L9/0816 ,  H04L9/0822 ,  H04L9/14 ,  H04L9/3268 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/12

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US09799093B2

公开(公告)日：2017-10-24

申请号：US14864183

申请日：2015-09-24

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  Michael A. Goldsmith ,  David M. Durham

IPC: G06T1/00 ,  G06T1/60 ,  G06F3/147 ,  G06F21/84 ,  H04N21/426 ,  H04N21/431 ,  H04N21/4367 ,  H04N21/44 ,  H04N21/4408 ,  G06T1/20

CPC classification number: G06T1/60 ,  G06F3/147 ,  G06F21/84 ,  G06T1/20 ,  G09G2358/00 ,  H04N21/42653 ,  H04N21/4318 ,  H04N21/4367 ,  H04N21/44004 ,  H04N21/4408

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

公开(公告)号：US09747102B2

公开(公告)日：2017-08-29

申请号：US13729371

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Rebekah Leslie ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert G. Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

公开(公告)号：US20170185809A1

公开(公告)日：2017-06-29

申请号：US15457004

申请日：2017-03-13

Applicant: INTEL CORPORATION

Inventor： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: G06F21/85 ,  G06F21/60 ,  G06F12/14 ,  H04L9/06

CPC classification number: H04L9/0631 ,  G06F12/1408 ,  G06F12/1425 ,  G06F21/602 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2212/402 ,  G09C1/00 ,  H04L2209/125 ,  Y02D10/13

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

公开(公告)号：US09614666B2

公开(公告)日：2017-04-04

申请号：US14581946

申请日：2014-12-23

Applicant: INTEL CORPORATION

Inventor： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC: G06F21/78 ,  H04L9/06 ,  G06F12/14 ,  G09C1/00 ,  G06F21/85

CPC classification number: H04L9/0631 ,  G06F12/1408 ,  G06F12/1425 ,  G06F21/602 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2212/402 ,  G09C1/00 ,  H04L2209/125 ,  Y02D10/13

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

公开(公告)号：US09519803B2

公开(公告)日：2016-12-13

申请号：US13690401

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Francis X. McKeen ,  Carlos Rozas ,  Balaji Vembu ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/64 ,  G06F21/53 ,  G06F21/56

Abstract: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

Abstract translation: 根据一些实施例，可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载，还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外，信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害，那么该部分可以被远程修补，并且在一些实施例中可以通过验证远程验证修补。

公开(公告)号：US08966651B2

公开(公告)日：2015-02-24

申请号：US14204924

申请日：2014-03-11

Applicant: Intel Corporation

Inventor： Christopher J. McConnell ,  Uday R. Savagaonkar

IPC: G06F7/04 ,  H04L9/08 ,  H04L29/06 ,  G06F21/10 ,  G06F11/30 ,  G06F12/14 ,  H04L9/00

CPC classification number: H04L63/10 ,  G06F21/10 ,  H04L2463/101

Abstract: Methods, apparatuses and storage medium associated digital rights management (DRM) using DRM locker is disclosed herein. In embodiments, a DRM locker is provided to a client device. The DRM locker may be configured to store a number of DRM licenses or keys for a number of DRM protected contents. The DRM locker, on presentation of an associated locker key, may respond to a request for one or more of the stored DRM licenses or keys, to enable consumption of the corresponding DRM protected contents using the client device. Other embodiments may be disclosed or claimed.

Abstract translation: 本文公开了使用DRM储物柜的方法，装置和存储介质相关联的数字版权管理（DRM）。 在实施例中，DRM存储器被提供给客户端设备。 DRM存储器可以被配置为存储用于多个受DRM保护的内容的许多DRM许可证或密钥。 DRM存储器在呈现相关联的密钥时，可以响应对所存储的DRM许可证或密钥中的一个或多个的请求，以使得能够使用客户端设备消费相应的受DRM保护的内容。 可以公开或要求保护其他实施例。

公开(公告)号：US10708067B2

公开(公告)日：2020-07-07

申请号：US15201400

申请日：2016-07-02

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US10592421B2

公开(公告)日：2020-03-17

申请号：US15250787

申请日：2016-08-29

Applicant: Intel Corporation

Inventor： Carlos V. Rozas ,  Ilya Alexandrovich ,  Ittai Anati ,  Alex Berenzon ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Anton Ivanov ,  Simon P. Johnson ,  Rebekah M. Leslie-Hurd ,  Francis X. McKeen ,  Gilbert Neiger ,  Rinat Rappoport ,  Scott D. Rodgers ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  William C. Wood

IPC: G06F12/00 ,  G06F12/08 ,  G06F13/00 ,  G06F12/0875 ,  G06F12/0808 ,  G06F12/1027

Abstract: Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.

公开(公告)号：US10409597B2

公开(公告)日：2019-09-10

申请号：US15972573

申请日：2018-05-07

Applicant: Intel Corporation

Inventor： Rebekah Leslie-Hurd ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith ,  Gilbert Neiger

IPC: G06F12/00 ,  G06F9/30 ,  G06F12/0875 ,  G06F9/44 ,  G06F12/084 ,  G06F12/14

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.