公开(公告)号：US09740882B2

公开(公告)日：2017-08-22

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/60 ,  H04W12/02

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

公开(公告)号：US09720843B2

公开(公告)日：2017-08-01

申请号：US13729439

申请日：2012-12-28

Applicant: Intel Corporation

Inventor： Gur Hildesheim ,  Shlomo Raikin ,  Ittai Anati ,  Gideon Gerzon ,  Hisham Shafi ,  Alex Berenzon ,  Geoffrey S. Strongin ,  Iris Sorani

IPC: G06F12/00 ,  G06F12/1027 ,  G06F12/14

CPC classification number: G06F12/1027 ,  G06F12/1441 ,  G06F12/145 ,  G06F2212/1052

Abstract: A processor of an aspect includes operation mode check logic to determine whether to allow an attempted access to an operation mode and access type protected memory based on an operation mode that is to indicate whether the attempted access is by an on-die processor logic. Access type check logic is to determine whether to allow the attempted access to the operation mode and access type protected memory based on an access type of the attempted access to the operation mode and access type protected memory. Protection logic is coupled with the operation mode check logic and is coupled with the access type check logic. The protection logic is to deny the attempted access to the operation mode and access type protected memory if at least one of the operation mode check logic and the access type check logic determines not to allow the attempted access.

公开(公告)号：US20150248566A1

公开(公告)日：2015-09-03

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/62

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

Abstract translation: 用于计算设备上的传感器隐私的技术包括由计算设备的传感器控制器接收来自计算设备的传感器的传感器数据; 确定传感器的传感器模式; 以及响应于所述传感器的传感器模式被设置为专用模式的确定，发送隐私数据代替所述传感器数据。 这些技术还可以包括由计算设备的安全引擎经由计算设备的信任输入/输出路径从计算设备的用户接收传感器模式改变命令; 并且向传感器控制器发送模式命令以基于传感器模式改变命令来设置传感器的传感器模式，其中发送模式命令包括通过在安全引擎和传感器控制器之间建立的专用总线发送模式命令。 本文描述了其它实施例。

公开(公告)号：US20140359754A1

公开(公告)日：2014-12-04

申请号：US14464874

申请日：2014-08-21

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Vedvyas Shanbhogue ,  Geoffrey S. Strongin ,  Willard M. Wiseman ,  David W. Grawrock

IPC: G06F21/44

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器可以强制黑名单并且根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种执行可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁定完整性协议未被验证的设备的列表。 描述和要求保护其他实施例。

公开(公告)号：US20180285562A1

公开(公告)日：2018-10-04

申请号：US15476196

申请日：2017-03-31

Applicant: Intel Corporation

Inventor： Sivakumar Radhakrishnan ,  Mahesh S. Natu ,  Pawel Szymanski ,  Zhenyu Zhu ,  Malay Trivedi ,  Kirk D. Brannock ,  Geoffrey S. Strongin

IPC: G06F21/55 ,  G11C16/34 ,  G11C16/16 ,  G06F3/06

Abstract: Technology for a computing system is described. The computing system can include memory, a controller, and a security management module. The controller can receive a block erase command for erasing data stored in a block of memory. The controller can store information associated with the block erase command in a store, wherein the information includes a block address associated with the data to be erased based on the block erase command. The security management module can read block addresses from the store, update a block erase count array over a defined interval to include block addresses read from the store, compare the block erase count array to a defined threshold, identify block addresses for which the block erase count array is above the defined threshold, and deny subsequent block erase commands for the identified block addresses.

公开(公告)号：US09519803B2

公开(公告)日：2016-12-13

申请号：US13690401

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Jason Martin ,  Michael Goldsmith ,  Ravi L. Sahita ,  Francis X. McKeen ,  Carlos Rozas ,  Balaji Vembu ,  Scott Janus ,  Geoffrey S. Strongin ,  Xiaozhu Kang ,  Karanvir S. Grewal ,  Siddhartha Chhabra ,  Alpha T. Narendra Trivedi

IPC: G06F21/00 ,  G06F21/64 ,  G06F21/53 ,  G06F21/56

CPC classification number: G06F21/64 ,  G06F21/53 ,  G06F21/56

Abstract: In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.

Abstract translation: 根据一些实施例，可以为图形处理单元定义受保护的执行环境。 该框架不仅保护了图形处理单元上运行的恶意软件的工作负载，还保护了这些工作负载免受中央处理单元上运行的恶意软件。 此外，信任框架可以通过测量用于执行工作负载的代码和数据结构来促进安全执行的证明。 如果该框架或受保护的执行环境的可信计算基础的一部分受到损害，那么该部分可以被远程修补，并且在一些实施例中可以通过验证远程验证修补。

公开(公告)号：US09245106B2

公开(公告)日：2016-01-26

申请号：US14464874

申请日：2014-08-21

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Vedvyas Shanbhogue ,  Geoffrey S. Strongin ,  Willard M. Wiseman ,  David W. Grawrock

IPC: G06F12/00 ,  G06F21/44 ,  H04L29/08 ,  G06F21/57 ,  H04L29/06

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

公开(公告)号：US08844021B2

公开(公告)日：2014-09-23

申请号：US13925991

申请日：2013-06-25

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Vedvyas Shanbhogue ,  Geoffrey S. Strongin ,  Willard M. Wiseman ,  David W. Grawrock

IPC: G06F21/44 ,  H04L29/08 ,  G06F21/57 ,  H04L29/06

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器可以强制黑名单并且根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种执行可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁定完整性协议未被验证的设备的列表。 描述和要求保护其他实施例。