公开(公告)号：US09798900B2

公开(公告)日：2017-10-24

申请号：US14670061

申请日：2015-03-26

Applicant: Intel Corporation

Inventor： Jungju Oh ,  Siddhartha Chhabra ,  David M Durham

IPC: G06F21/78 ,  G06F21/72 ,  G06F21/52

CPC classification number: G06F21/78 ,  G06F21/52 ,  G06F21/72

Abstract: The present disclosure is directed to a flexible counter system for memory protection. In general, a counter system for supporting memory protection operations in a device may be made more efficient utilizing flexible counter structures. A device may comprise a processing module and a memory module. A flexible counter system in the memory module may comprise at least one data line including a plurality of counters. The bit-size of the counters may be reduced and/or varied from existing implementations through an overflow counter that may account for smaller counters entering an overflow state. Counters that utilize the overflow counter may be identified using a bit indicator. In at least one embodiment selectors corresponding to each of the plurality of counters may be able to map particular memory locations to particular counters.

公开(公告)号：US09990249B2

公开(公告)日：2018-06-05

申请号：US14998054

申请日：2015-12-24

Applicant: Intel Corporation

Inventor： David M Durham ,  Siddhartha Chhabra ,  Sergej Deutsch ,  Men Long ,  Alpa T Narendra Trivedi

IPC: H04L9/08 ,  H04L9/30 ,  G06F12/14 ,  G06F11/10 ,  G06F12/0886 ,  G06F21/00 ,  G06F21/79

CPC classification number: G06F11/1004 ,  G06F12/0886 ,  G06F12/1408 ,  G06F21/00 ,  G06F21/79 ,  G06F2212/401 ,  H04L9/0858 ,  H04L9/304

Abstract: Apparatus, systems, and/or methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits, for example based on a compressibility function. An integrity action may be implemented when the unencrypted data includes a random distribution of the plurality of bits, which may include error correction including a modification to ciphertext of the unencrypted data. Independently of error correction, a diffuser may generate intermediate and final ciphertext. In addition, a key and/or a tweak may be derived for a location in the memory. Moreover, an integrity value may be generated (e.g., as a copy) from a portion of the unencrypted data, and/or stored in a slot of an integrity check line based on the location.

公开(公告)号：US09547772B2

公开(公告)日：2017-01-17

申请号：US14323076

申请日：2014-07-03

Applicant: Intel Corporation

Inventor： David M Durham ,  Hormuzd M Khosravi ,  Uri Blumenthal ,  Men Long

IPC: G06F12/14 ,  G06F21/62 ,  G06F21/53 ,  G06F21/52

CPC classification number: G06F21/6209 ,  G06F12/1408 ,  G06F12/1466 ,  G06F12/1475 ,  G06F21/52 ,  G06F21/53

Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

Abstract translation: 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置，物品，方法和系统的实施例。 一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制存储器区域，以便仅通过特定认证的，授权的和已验证的软件组件进行访问，即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。