公开(公告)号：US11775447B2

公开(公告)日：2023-10-03

申请号：US17450597

申请日：2021-10-12

申请人： Intel Corporation

发明人： David M. Durham ,  Siddhartha Chhabra ,  Amy L. Santoni ,  Gilbert Neiger ,  Barry E. Huntley ,  Hormuzd M. Khosravi ,  Baiju V. Patel ,  Ravi L. Sahita ,  Gideon Gerzon ,  Ido Ouziel ,  Ioannis T. Schoinas ,  Rajesh M. Sankaran

IPC分类号： G06F12/14 ,  G06F21/53 ,  G06F3/06 ,  G06F21/78 ,  G06F21/82 ,  G06F21/60

CPC分类号： G06F12/1408 ,  G06F3/0623 ,  G06F12/145 ,  G06F21/53 ,  G06F21/602 ,  G06F21/78 ,  G06F21/82 ,  G06F2212/1052 ,  G06F2212/401 ,  G06F2212/402

摘要： In one embodiment, an apparatus comprises a processor to read a data line from memory in response to a read request from a VM. The data line comprises encrypted memory data. The apparatus also comprises a memory encryption circuit in the processor. The memory encryption circuit is to use an address of the read request to select an entry from a P2K table; obtain a key identifier from the selected entry of the P2K table; use the key identifier to select a key for the read request; and use the selected key to decrypt the encrypted memory data into decrypted memory data. The processor is further to make the decrypted memory data available to the VM. The P2K table comprises multiple entries, each comprising (a) a key identifier for a page of memory and (b) an encrypted address for that page of memory. Other embodiments are described and claimed.

公开(公告)号：US11436342B2

公开(公告)日：2022-09-06

申请号：US16727608

申请日：2019-12-26

申请人： Intel Corporation

发明人： Gideon Gerzon ,  Hormuzd M. Khosravi ,  Vincent Von Bokern ,  Barry E. Huntley ,  Dror Caspi

IPC分类号： G06F21/60 ,  G06F9/455 ,  G06F21/72 ,  H04L9/06

摘要： Disclosed embodiments relate to trust domain islands with self-contained scope. In one example, a system includes multiple sockets, each including multiple cores, multiple multi-key total memory encryption (MK-TME) circuits, multiple memory controllers, and a trust domain island resource manager (TDIRM) to: initialize a trust domain island (TDI) island control structure (TDICS) associated with a TD island, initialize a trust domain island protected memory (TDIPM) associated with the TD island, identify a host key identifier (HKID) in a key ownership table (KOT), assign the HKID to a cryptographic key and store the HKID in the TDICS, associate one of the plurality of cores with the TD island, add a memory page from an address space of the first core to the TDIPM, and transfer execution control to the first core to execute the TDI, and wherein a number of HKIDs available in the system is increased as the memory mapped to the TD island is decreased.

公开(公告)号：US11288206B2

公开(公告)日：2022-03-29

申请号：US16831381

申请日：2020-03-26

申请人： Intel Corporation

发明人： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC分类号： G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

摘要： Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.

公开(公告)号：US20210224202A1

公开(公告)日：2021-07-22

申请号：US17222722

申请日：2021-04-05

申请人： Intel Corporation

发明人： Siddhartha Chhabra ,  Hormuzd M. Khosravi ,  Gideon Gerzon ,  Barry E. Huntley ,  Gilbert Neiger ,  Ido Ouziel ,  Baiju Patel ,  Ravi L. Sahita ,  Amy L. Santoni ,  Ioannis T. Schoinas

IPC分类号： G06F12/14 ,  H04L29/06 ,  H04L9/06 ,  H04L9/08

摘要： In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.

公开(公告)号：US20200226071A1

公开(公告)日：2020-07-16

申请号：US16831381

申请日：2020-03-26

申请人： Intel Corporation

发明人： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC分类号： G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

摘要： Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.

公开(公告)号：US10114935B2

公开(公告)日：2018-10-30

申请号：US14580817

申请日：2014-12-23

申请人： Intel Corporation

发明人： Barnan Das ,  Abhilasha Bhargav-Spantzel ,  Narayan Biswal ,  Micah J. Sheller ,  Ned M. Smith ,  Hormuzd M. Khosravi

IPC分类号： H04L29/00 ,  G06F21/32 ,  H04L29/06 ,  G06F21/31

摘要： Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.

公开(公告)号：US09619242B2

公开(公告)日：2017-04-11

申请号：US14581309

申请日：2014-12-23

申请人： Intel Corporation

发明人： Hormuzd M. Khosravi ,  Adrian R. Pearson ,  Ned M. Smith ,  Abhilasha Bhargav-Spantzel

IPC分类号： G06F17/00 ,  H04L29/06 ,  G06F9/44 ,  G06F21/57 ,  G06F21/31

CPC分类号： G06F21/575 ,  G06F9/4406 ,  G06F9/441 ,  G06F9/4418 ,  G06F21/31 ,  H04L63/102 ,  H04L63/108

摘要： Methods, apparatus, systems and articles of manufacture are disclosed to initialize a platform. An example disclosed apparatus includes a boot loader manager to prevent operating system loading in response to detecting a power-on condition, a context manager to retrieve first context information associated with the platform, and a policy manager to identify a first operating system based on the first context information, the policy manager to authorize the boot loader manager to load the first operating system.

公开(公告)号：US09483246B2

公开(公告)日：2016-11-01

申请号：US14055008

申请日：2013-10-16

申请人： Intel Corporation

发明人： Gyan Prakash ,  Saurabh Dadu ,  Selim Aissi ,  Hormuzd M. Khosravi ,  Duncan Glendinning ,  Cris Rhodes

IPC分类号： G06Q99/00 ,  G06F9/445 ,  G06F21/57 ,  G06F9/24 ,  G06Q10/00

CPC分类号： G06F8/65 ,  G06F9/24 ,  G06F21/572 ,  G06Q10/00

摘要： A method, apparatus, system, and computer program product for an automated modular and secure boot firmware update. An updated boot firmware code module is received in a secure partition of a system, the updated boot firmware code module to replace one original boot firmware code module for the system. Only the one original boot firmware code module is automatically replaced with the updated boot firmware code module. The updated boot firmware code module is automatically executed with the plurality of boot firmware code modules for the system and without user intervention when the system is next booted. The updated boot firmware code module may be written to an update partition of a firmware volume, wherein the update partition of the firmware volume is read along with another partition of the firmware volume containing the plurality of boot firmware code modules when the system is booted.

公开(公告)号：US20160125180A1

公开(公告)日：2016-05-05

申请号：US14361877

申请日：2013-12-12

申请人： Intel Corporation

发明人： Ned M. Smith ,  Victoria C. Moore ,  Avi Kannon ,  Ehud Reshef ,  Alex Nayshtut ,  Oleg Pogorelik ,  Abhilasha Bhargav-Spantzel ,  Craig T. Owen ,  Hormuzd M. Khosravi

IPC分类号： G06F21/34 ,  H04L9/32 ,  H04W12/06 ,  H04L29/06

CPC分类号： G06F21/34 ,  G06F21/32 ,  G06F21/606 ,  G06F2221/2103 ,  G06F2221/2111 ,  G06F2221/2143 ,  G06Q20/3278 ,  H04L9/006 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0866 ,  H04L9/3234 ,  H04L9/3271 ,  H04L63/0492 ,  H04L63/0853 ,  H04L63/102 ,  H04L2209/805 ,  H04L2463/082 ,  H04W4/80 ,  H04W12/003 ,  H04W12/00503 ,  H04W12/06 ,  H04W12/0608

摘要： A computing device is described. The computing device includes input/output (I/O) circuitry to receive sensory data and a trusted execution environment to monitor the I/O circuitry to detect one or more context characteristics of the computing device and to authenticate user identity based on context characteristics.

摘要翻译： 描述了计算设备。 计算设备包括用于接收感觉数据的输入/输出（I / O）电路和可信赖的执行环境，以监视I / O电路以检测计算设备的一个或多个上下文特征，并且基于上下文特征来认证用户身份。

公开(公告)号：US08938610B2

公开(公告)日：2015-01-20

申请号：US14060289

申请日：2013-10-22

申请人： Intel Corporation

发明人： Hormuzd M. Khosravi ,  Venkat R Gokulrangan ,  Michael Berger ,  Izoslav Tchigevsky ,  Gary Joe Calhoun

IPC分类号： G06F9/00 ,  G06F15/177 ,  G06F9/44 ,  H04W99/00

CPC分类号： G06F9/4416 ,  H04W99/00

摘要： In some embodiments, a secure authenticated remote boot of computing device over a wireless network is performed in a pre-boot execution environment (PXE) using active management technology (AMT) for remote discovery. In these embodiments, a management engine (ME) may maintain full control of a wireless interface and a wireless connection as booting begins. The ME may relinquish control of the wireless interface after a PXE timeout, in response to a shutdown command, or once the device has booted. The ME controls the use of an operating system received from a remote location.

摘要翻译： 在一些实施例中，通过使用用于远程发现的主动管理技术（AMT）在预引导执行环境（PXE）中执行无线网络上的计算设备的安全认证的远程启动。 在这些实施例中，当引导开始时，管理引擎（ME）可以保持对无线接口和无线连接的完全控制。 在PXE超时之后，ME可以放弃对无线接口的控制，以响应关机命令，或者一旦设备启动。 ME控制从远程位置接收的操作系统的使用。