利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

27 条记录 (耗时 0.017 秒)

    TECHNOLOGIES FOR END-TO-END BIOMETRIC-BASED AUTHENTICATION AND PLATFORM LOCALITY ASSERTION
    1.
    发明申请
    TECHNOLOGIES FOR END-TO-END BIOMETRIC-BASED AUTHENTICATION AND PLATFORM LOCALITY ASSERTION 审中-公开

    公开(公告)号:US20190036699A1

    公开(公告)日:2019-01-31

    申请号:US16133952

    申请日:2018-09-18

    申请人: Intel Corporation

    发明人: Ansuya Negi Nitin V. Sarangdhar Ulhas S. Warrier Ramkumar Venkatachary Ravi L. Sahita Scott H. Robinson Karanvir S. Grewal

    IPC分类号: H04L9/32 H04L9/08

    CPC分类号: H04L9/3231 H04L9/0816 H04L9/0825

    摘要: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.

    Secure replay protected storage
    4.
    发明授权
    Secure replay protected storage 有权

    公开(公告)号:US09411748B2

    公开(公告)日:2016-08-09

    申请号:US13631556

    申请日:2012-09-28

    申请人: Intel Corporation

    发明人: Nitin V. Sarangdhar William A. Stevens, Jr. John J. Vranich

    IPC分类号: H04L9/32 G06F12/14 G06F21/44 G06F21/79

    CPC分类号: G06F12/1408 G06F21/445 G06F21/79

    摘要: Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks.Embodiments of the invention enable secure standard storage flash memory devices such as SPI flash memory devices to achieve replay protection for securely stored data. Embodiments of the invention utilize flash memory controllers, flash memory devices, unique device keys and HMAC key logic to create secure execution environments for various components.

    In-system provisioning of firmware for a hardware platform
    5.
    发明授权
    In-system provisioning of firmware for a hardware platform 有权

    公开(公告)号:US10402565B2

    公开(公告)日:2019-09-03

    申请号:US15419368

    申请日:2017-01-30

    申请人: Intel Corporation

    发明人: Nitin V. Sarangdhar Robert J. Royer, Jr. Eng Hun Ooi Brian R. McFarlane Mukesh Kataria

    IPC分类号: G06F21/57 G06F9/44 G06F11/14 G06F9/4401

    摘要: A hardware platform includes a nonvolatile storage device that can store system firmware as well as code for the primary operating system for the hardware platform. The hardware platform includes a controller that determines the hardware platform lacks functional firmware to boot the primary operating system from the storage device. The controller accesses a firmware image from an external interface that interfaces a device external to the hardware platform, where the external device is a firmware image source. The controller provisions the firmware from the external device to the storage device and initiates a boot sequence from the provisioned firmware.

    REPAIR OF FAILED FIRMWARE THROUGH AN UNMODIFIED DUAL-ROLE COMMUNICATION PORT
    6.
    发明申请
    REPAIR OF FAILED FIRMWARE THROUGH AN UNMODIFIED DUAL-ROLE COMMUNICATION PORT 审中-公开

    公开(公告)号:US20170270021A1

    公开(公告)日:2017-09-21

    申请号:US15607322

    申请日:2017-05-26

    申请人: INTEL CORPORATION

    发明人: Nitin V. Sarangdhar Mukesh Kataria Chee Lim Nge Basavaraj B. Astekar Karthi R. Vadivelu

    IPC分类号: G06F11/30 G06F11/263 G06F13/42

    CPC分类号: G06F13/4282

    摘要: A repair engine for a computing platform is separate from the repeatedly-rewritten storage components for software and firmware. For example, the repair engine may reside in ROM or hardware logic. Through dedicated connections to one or more controllers, the repair engine detects when any of the platform's dual-role ports (e.g., on-the-go USB ports) is connected to a host device. The repair engine responds by opening firmware-independent communication with the host device and supporting the downloading and execution (DnX) of a firmware image from the host. Because the communication is initiated independently of the firmware, even a catastrophic firmware failure is repairable without requiring a user to identify and use a specially modified port.

    Protecting a memory device from becoming unusable
    8.
    发明授权
    Protecting a memory device from becoming unusable 有权

    公开(公告)号:US09606853B2

    公开(公告)日:2017-03-28

    申请号:US14229345

    申请日:2014-03-28

    申请人: Intel Corporation

    发明人: Nitin V. Sarangdhar Sudhakar Otturu

    IPC分类号: G06F11/07

    CPC分类号: G06F11/0787 G06F11/073 G06F11/0775

    摘要: In an embodiment, a computing device may include a memory device that may be rendered unusable after a certain number of operations are performed on the memory device. The computing device may incorporate one or more techniques for protecting the memory device. Processing logic contained in the computing device may be configured to implement the techniques. The techniques may include, for example, acquiring a request to write or erase information stored in a memory device contained in a first computing device, saving the request for execution after a user visible event has been generated on the first computing device, generating the user visible event on the first computing device, and executing the saved request after the user visible event has been generated. In addition, the techniques may include reporting the request. The request may be reported to, for example, an anti-malware agent.

    Technologies for end-to-end biometric-based authentication and platform locality assertion
    9.
    发明授权
    Technologies for end-to-end biometric-based authentication and platform locality assertion 有权

    公开(公告)号:US10749683B2

    公开(公告)日:2020-08-18

    申请号:US16133952

    申请日:2018-09-18

    申请人: Intel Corporation

    发明人: Ansuya Negi Nitin V. Sarangdhar Ulhas S. Warrier Ramkumar Venkatachary Ravi L. Sahita Scott H. Robinson Karanvir S. Grewal

    IPC分类号: H04L9/32 H04L9/08

    摘要: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.