公开(公告)号：US10691618B2

公开(公告)日：2020-06-23

申请号：US14369252

申请日：2013-12-17

Applicant: INTEL CORPORATION

Inventor： Bin Cedric Xing ,  Reshma Lal

IPC: G06F21/00 ,  H04L29/06 ,  G06F12/14 ,  G06F21/62 ,  G06F21/53 ,  G06F21/57 ,  G06F3/06 ,  G06F9/4401 ,  G06F12/0802 ,  G06F12/1009 ,  H04L9/32 ,  H04L9/08

Abstract: Various embodiments are generally directed to techniques to load and run secure enclaves for use by kernel mode applications. An apparatus to provide kernel mode access to a secure enclave includes a kernel mode secure enclave driver to provide user mode support for a kernel mode application and to initialize a secure enclave on behalf of the kernel mode application and a user mode secure enclave manager to process an instruction from the kernel mode application to the secure enclave.

公开(公告)号：US09864861B2

公开(公告)日：2018-01-09

申请号：US14227411

申请日：2014-03-27

Applicant: Intel Corporation

Inventor： Bin Cedric Xing ,  Mark W. Shanahan ,  James D. Beaney, Jr.

IPC: G06F21/60 ,  G06F21/53

CPC classification number: G06F21/60 ,  G06F21/53

Abstract: A system is disclosed and includes a processor to automatically execute enclave initialization code within a host application at run time of the host application. The enclave initialization code includes marshaling code to create a secure enclave separate from the host application. The marshaling code is generated at build time of the host application. The system also includes a dynamic random access memory (DRAM) including a dedicated DRAM portion to store the secure enclave. Other embodiments are described and claimed.

公开(公告)号：US09904803B2

公开(公告)日：2018-02-27

申请号：US14667916

申请日：2015-03-25

Applicant: Intel Corporation

Inventor： Bin Cedric Xing ,  Reshma Lal ,  Dheeraj Subbareddy

IPC: G06F21/71 ,  G06F21/74 ,  G06F21/60

CPC classification number: G06F21/71 ,  G06F21/53 ,  G06F21/602 ,  G06F21/6281 ,  G06F21/74 ,  G06F21/78 ,  G06F2221/2105 ,  G06F2221/2107 ,  G06F2221/2113 ,  G06F2221/2125 ,  G06F2221/2149

Abstract: Technologies for hardening encryption operations are disclosed. In some embodiments, the technologies harden encryption operations typically performed by kernel mode programs with a secure enclave that may run in user mode and/or in a pre-boot context. In some embodiments, the technologies leverage a shared buffer and a proxy to enable the use of a secure enclave hosted in user mode to perform encryption operations. In additional embodiments, the technologies utilize one or more pre-boot applications to enable the use of a secure enclave in a pre-boot phase, e.g., so as to enable the use of a secure enclave to decrypt data that may be needed to boot a computing device.

公开(公告)号：US20150278528A1

公开(公告)日：2015-10-01

申请号：US14227411

申请日：2014-03-27

Applicant: Intel Corporation

Inventor： Bin Cedric Xing ,  Mark W. Shanahan ,  James D. Beaney, JR.

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/53

Abstract: A system is disclosed and includes a processor to automatically execute enclave initialization code within a host application at run time of the host application. The enclave initialization code includes marshaling code to create a secure enclave separate from the host application. The marshaling code is generated at build time of the host application. The system also includes a dynamic random access memory (DRAM) including a dedicated DRAM portion to store the secure enclave. Other embodiments are described and claimed.

Abstract translation: 公开了一种系统，并且包括处理器，用于在主机应用的运行时间内在主机应用内自动执行飞地初始化代码。 飞地初始化代码包括编组代码，以创建与主机应用程序分开的安全飞地。 编组代码是在主机应用程序的构建时生成的。 该系统还包括动态随机存取存储器（DRAM），其包括用于存储安全飞地的专用DRAM部分。 描述和要求保护其他实施例。