公开(公告)号：US09519803B2

公开(公告)日：2016-12-13

申请号：US13690401

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Francis X. McKeen ,  Carlos Rozas ,  Balaji Vembu ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/64 ,  G06F21/53 ,  G06F21/56

Abstract: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

Abstract translation: 根据一些实施例，可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载，还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外，信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害，那么该部分可以被远程修补，并且在一些实施例中可以通过验证远程验证修补。

公开(公告)号：US10395028B2

公开(公告)日：2019-08-27

申请号：US15656992

申请日：2017-07-21

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Siddhartha Chhabra ,  David Durham ,  Xiaozhu Kang ,  Uday Savagaonkar ,  Alpa Narendra Trivedi

IPC: G06F9/455 ,  G06F12/08 ,  G06F11/30 ,  G06F21/71 ,  G06F21/53 ,  G06F21/84 ,  H04L9/32 ,  G06F21/55 ,  G06F9/50

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for virtualization-based intra-block workload isolation. The system may include a virtual machine manager (VMM) module to create a secure virtualization environment or sandbox. The system may also include a processor block to load data into a first region of the sandbox and to generate a workload package based on the data. The workload package is stored in a second region of the sandbox. The system may further include an operational block to fetch and execute instructions from the workload package.

公开(公告)号：US10181027B2

公开(公告)日：2019-01-15

申请号：US14517338

申请日：2014-10-17

Applicant: Intel Corporation

Inventor： Alpa Narendra Trivedi ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Prashant Dewan ,  Uday Savagaonkar ,  David Durham

IPC: G06F21/53

Abstract: Embodiments of an invention for an interface between a device and a secure processing environment are disclosed. In one embodiment, a system includes a processor, a device, and an interface plug-in. The processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to create a secure processing environment. The execution unit is to execute an application in the secure processing environment. The device is to execute a workload for the application. The interface plug-in is to provide an interface for the device to enter the secure processing environment to execute the workload.

公开(公告)号：US20180047307A1

公开(公告)日：2018-02-15

申请号：US15728113

申请日：2017-10-09

Applicant: INTEL CORPORATION

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Uday R. Savagaonkar ,  Siddhartha Chhabra ,  David Durham ,  Xiaozhu Kang

IPC: G09C5/00

CPC classification number: G09C5/00

Abstract: Various embodiments are generally directed an apparatus and method for processing an encrypted graphic with a decryption key associated with a depth order policy including a depth position of a display scene, generating a graphic from the encrypted graphic when the encrypted graphic is successfully decrypted using the decryption key and assigning the graphic to a plane at the depth position of the display scene when the encrypted graphic is successfully decrypted.

公开(公告)号：US09652609B2

公开(公告)日：2017-05-16

申请号：US14739133

申请日：2015-06-15

Applicant: Intel Corporation

Inventor： Xiaozhu Kang ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham

IPC: G06F21/53 ,  G06F21/60 ,  G06F21/78 ,  G06F21/50 ,  G06F12/14

CPC classification number: G06F21/53 ,  G06F12/14 ,  G06F21/50 ,  G06F21/60 ,  G06F21/78 ,  G06F2221/034

Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.

公开(公告)号：US20160110540A1

公开(公告)日：2016-04-21

申请号：US14517338

申请日：2014-10-17

Applicant: Intel Corporation

Inventor： ALPA NARENDRA TRIVEDI ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Prashant Dewan ,  Uday Savagaonkar ,  David Durham

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F2221/033

Abstract: Embodiments of an invention for an interface between a device and a secure processing environment are disclosed. In one embodiment, a system includes a processor, a device, and an interface plug-in. The processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to create a secure processing environment. The execution unit is to execute an application in the secure processing environment. The device is to execute a workload for the application. The interface plug-in is to provide an interface for the device to enter the secure processing environment to execute the workload.

Abstract translation: 公开了用于设备和安全处理环境之间的接口的发明的实施例。 在一个实施例中，系统包括处理器，设备和接口插件。 处理器包括指令单元和执行单元。 指令单元将接收创建安全处理环境的指令。 执行单元在安全处理环境中执行应用。 该设备将为应用程序执行工作负载。 接口插件是为设备提供一个接口，进入安全处理环境以执行工作负载。

公开(公告)号：US09786205B2

公开(公告)日：2017-10-10

申请号：US14369551

申请日：2013-12-23

Applicant: INTEL CORPORATION

Inventor： Prashant Dewan ,  Uttam Sengupta ,  Uday R. Savagaonkar ,  Siddhartha Chhabra ,  David Durham ,  Xiaozhu Kang

IPC: G06F21/60 ,  G09C5/00

CPC classification number: G09C5/00

Abstract: Various embodiments are generally directed an apparatus and method for processing an encrypted graphic with a decryption key associated with a depth order policy including a depth position of a display scene, generating a graphic from the encrypted graphic when the encrypted graphic is successfully decrypted using the decryption key and assigning the graphic to a plane at the depth position of the display scene when the encrypted graphic is successfully decrypted.

公开(公告)号：US09507951B2

公开(公告)日：2016-11-29

申请号：US14560245

申请日：2014-12-04

Applicant: Intel Corporation

Inventor： Xiaozhu Kang ,  Ghayathri V. Garudapuram ,  Karanvir S. Grewal

IPC: G06F21/60 ,  G06F21/84 ,  G06F21/83

CPC classification number: G06F21/606 ,  G06F21/83 ,  G06F21/84

Abstract: Technologies for secure input and display of a virtual touch user interface include a computing device having a security monitor that may protect memory regions from being accessed by untrusted code. The security monitor may use hardware virtualization features such as extended page tables or directed I/O to protect the memory regions. A protected touch filter driver intercepts requests for touch input and allocates a transfer buffer. The transfer buffer is protected by the security monitor. A touch screen controller may write touch input data into the protected transfer buffer. The touch input data may be shared by the touch filter driver with authorized applications through a protected communication channel. A graphical virtual user interface may be generated by trusted code and rendered into a hardware overlay surface. The user interface may include a virtual keyboard. The security monitor may protect the overlay surface. Other embodiments are described and claimed.

Abstract translation: 用于安全输入和显示虚拟触摸用户界面的技术包括具有可以保护存储器区域不被不可信代码访问的安全监视器的计算设备。 安全监视器可以使用诸如扩展页表或定向I / O之类的硬件虚拟化特征来保护存储器区域。 受保护的触摸滤波器驱动器拦截触摸输入的请求并分配传输缓冲器。 传输缓冲区由安全监视器保护。 触摸屏控制器可将触摸输入数据写入受保护的传送缓冲器。 触摸输入数据可以由具有授权应用的触摸滤波器驱动器通过受保护的通信信道共享。 图形虚拟用户界面可以由可信代码生成并呈现到硬件覆盖表面。 用户界面可以包括虚拟键盘。 安全监视器可以保护覆盖表面。 描述和要求保护其他实施例。

公开(公告)号：US09134878B2

公开(公告)日：2015-09-15

申请号：US13631288

申请日：2012-09-28

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

IPC: G06F3/041 ,  G06F3/0481 ,  G06F3/0488 ,  G06F21/74 ,  G06F21/82

CPC classification number: G06F3/0481 ,  G06F3/041 ,  G06F3/04883 ,  G06F21/74 ,  G06F21/82

Abstract: A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

Abstract translation: 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势，并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势，或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后，计算设备的主处理器可以从安全执行环境接收更新的视图数据。

公开(公告)号：US20160085958A1

公开(公告)日：2016-03-24

申请号：US14492163

申请日：2014-09-22

Applicant: Intel Corporation

Inventor： Xiaozhu Kang

IPC: G06F21/40 ,  G06F21/36 ,  G06F3/01 ,  G06K9/00

CPC classification number: G06F21/40 ,  G06F3/017 ,  G06F21/32 ,  G06F21/36 ,  G06K9/00067 ,  G06K9/00087 ,  G06K9/00355 ,  G06K9/00389 ,  G06K9/00892 ,  G06K9/6202

Abstract: A data processing system (DPS) includes a user authentication module that uses a hand recognition module and a gesture recognition module to authenticate users, based on video data from a two-dimensional (2D) camera. When executed, the hand recognition module performs operations comprising (a) obtaining 2D video data of a hand of the current user; and (b) automatically determining whether the hand of the current user matches the hand of an authorized user, based on the 2D video data. When executed, the gesture recognition module performs operations comprising (a) presenting a gesture challenge to the current user, wherein the gesture challenge asks the current user to perform a predetermined hand gesture; (b) obtaining 2D video response data; and (c) automatically determining whether the current user has performed the predetermined hand gesture, based on the 2D video response data. Other embodiments are described and claimed.

Abstract translation: 数据处理系统（DPS）包括基于来自二维（2D）相机的视频数据的用户认证模块，其使用手识别模块和手势识别模块来认证用户。 当执行时，手识别模块执行包括（a）获得当前用户的手的2D视频数据的操作; 和（b）基于2D视频数据自动确定当前用户的手是否与授权用户的手匹配。 当执行时，手势识别模块执行包括（a）向当前用户呈现手势挑战的操作，其中手势挑战询问当前用户执行预定的手势; （b）获得2D视频响应数据; 以及（c）基于2D视频响应数据自动确定当前用户是否已经执行了预定的手势。 描述和要求保护其他实施例。