公开(公告)号：US20240129104A1

公开(公告)日：2024-04-18

申请号：US17964549

申请日：2022-10-12

Applicant: Intel Corporation

Inventor： Jason M. Fung ,  Debayan Das ,  Sayak Ray ,  Rana Elnaggar ,  Majid Sabbagh

IPC: H04L9/00

CPC classification number: H04L9/003

Abstract: An apparatus, system, and method for protecting a component from an observation attack are provided. A power balancing circuit configured to protect a cryptography component can include a ring oscillator electrically connected to a power supply, a time-to-digital converter (TDC) electrically connected to monitor an electrical parameter of the electrical power drawn by the cryptography component and provide data indicative of the electrical parameter, and a controller circuit configured to adjust a number of inverters of the ring oscillator drawing power from the power supply based on the data.

公开(公告)号：US11144468B2

公开(公告)日：2021-10-12

申请号：US16024072

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Abhishek Basak ,  Arun Kanuparthi ,  Nagaraju N. Kodalapura ,  Jason M. Fung

IPC: G06F12/0891

Abstract: A system may include a processor and a memory, the processor having at least one cache. The cache may include a plurality of sets, each set having a plurality of cache lines. Each cache line may include several bits for storing information, including at least a “shared” bit to indicate whether the cache line is shared between different processes being executed by the processor. The example cache may also include shared cache line detection and eviction logic. During normal operation, the cache logic may monitor for a context switch (i.e., determine if the processor is switching from executing instructions for a first process to executing instructions for a second process). Upon a context switch, the cache logic may evict the shared cache lines (e.g., the cache lines with a shared bit of 1). This eviction of shared cache lines may prevent attackers utilizing such attacks from gleaning meaningful information.

公开(公告)号：US20190042453A1

公开(公告)日：2019-02-07

申请号：US16024072

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Abhishek Basak ,  Arun Kanuparthi ,  Nagaraju N. Kodalapura ,  Jason M. Fung

IPC: G06F12/0891

Abstract: A system may include a processor and a memory, the processor having at least one cache. The cache may include a plurality of sets, each set having a plurality of cache lines. Each cache line may include several bits for storing information, including at least a “shared” bit to indicate whether the cache line is shared between different processes being executed by the processor. The example cache may also include shared cache line detection and eviction logic. During normal operation, the cache logic may monitor for a context switch (i.e., determine if the processor is switching from executing instructions for a first process to executing instructions for a second process). Upon a context switch, the cache logic may evict the shared cache lines (e.g., the cache lines with a shared bit of 1). Due to the nature of cache-timing side-channel attacks, this eviction of shared cache lines may prevent attackers utilizing such attacks from gleaning meaningful information.

公开(公告)号：US20170222988A1

公开(公告)日：2017-08-03

申请号：US15431121

申请日：2017-02-13

Applicant: Intel Corporation

Inventor： Gyan Prakash ,  Jason M. Fung ,  Cris Rhodes ,  Selim Aissi

IPC: H04L29/06

CPC classification number: H04L63/0435 ,  G06F21/6218 ,  G06F21/72 ,  G06F21/78 ,  H04L63/061 ,  H04L2209/127

Abstract: A device, system, and method for providing processor-based data protection on a mobile computing device includes accessing data stored in memory with a central processing unit of the mobile computing device and determining that the accessed data is encrypted data based on a data included in one or more control registers of the central processing unit. If the data is determined to be encrypted data, the central processing unit is to decrypt the encrypted data using a cryptographic key stored in the central processing unit. The encrypted data may also be stored on a drive of the mobile computing device. The encryption state of the data stored on the drive is maintained in a drive encryption table, which is used to update a memory page tables and the one or more control registers.

公开(公告)号：US09705913B2

公开(公告)日：2017-07-11

申请号：US14927128

申请日：2015-10-29

Applicant: Intel Corporation

Inventor： Mojtaba Mojy Mirashrafi ,  Jason M. Fung ,  Jiphun Satapathy ,  Sachin B. Godse ,  Mrudula Yelamanchi ,  Dave Paul Singh

IPC: H04L9/00 ,  H04L29/06 ,  H04W12/10 ,  H04W76/02 ,  G06N99/00 ,  H04W84/12

CPC classification number: H04L63/145 ,  G06N99/005 ,  H04L63/0876 ,  H04L63/102 ,  H04W12/06 ,  H04W12/10 ,  H04W12/12 ,  H04W48/20 ,  H04W76/11 ,  H04W84/12

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums which provide a security rating to an STA for a WLAN AP. Prior to connecting to an AP, the STA employs pre-connection logic in the STA to identify likely safe and likely unsafe APs. Once the user connects to an AP, the STA connects first in an untrusted mode. In the untrusted mode, the STA uses the network connectivity provided by the AP to establish a secure connection to a network-based WLAN trust service for post-connection security checks. If the AP passes the post-connection security checks, the STA may allow other applications to access the network connection provided by the AP.