公开(公告)号：US20220027288A1

公开(公告)日：2022-01-27

申请号：US17496147

申请日：2021-10-07

Applicant: Intel Corporation

Inventor： SANTOSH GHOSH ,  LUIS S. KIDA ,  RESHMA LAL

IPC: G06F12/14 ,  H04L9/32 ,  G06F21/76 ,  G06F21/60 ,  H04L9/08 ,  G06F9/455 ,  G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  G06F21/79 ,  H04L9/06 ,  G06F9/38 ,  G06F12/0802

Abstract: Technologies for secure data transfer include a computing device having a processor, an accelerator, and a security engine, such as a direct memory access (DMA) engine or a memory-mapped I/O (MMIO) engine. The computing device initializes the security engine with an initialization vector and a secret key. During initialization, the security engine pre-fills block cipher pipelines and pre-computes hash subkeys. After initialization, the processor initiates a data transfer, such as a DMA transaction or an MMIO request, between the processor and the accelerator. The security engine performs an authenticated cryptographic operation for the data transfer operation. The authenticated cryptographic operation may be AES-GCM authenticated encryption or authenticated decryption. The security engine may perform encryption or decryption using multiple block cipher pipelines. The security engine may calculate an authentication tag using multiple Galois field multipliers. Other embodiments are described and claimed.

公开(公告)号：US20240061697A1

公开(公告)日：2024-02-22

申请号：US17820950

申请日：2022-08-19

Applicant: Intel Corporation

Inventor： RESHMA LAL ,  KRYSTOF ZMUDZINSKI ,  PRADEEP PAPPACHAN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/45545 ,  G06F2009/45579 ,  G06F2009/45583

Abstract: An apparatus comprises a hardware processor to create an input/output control data structure (IOCS) for a trusted execution environment (TEE), allocate an input/output (I/O) address range comprising a host physical address (HPA) and a plurality of input/output (IO) pages to the input/output control structure, create an entry in the input/output control structure (IOCS) for a set of input/output (IO) pages and a device identifier for a remote device, set a pending bit to a first value which indicates that the remote device is authorized to access the input/output (I/O) address range, and grant the remote device access to the set of input/output pages in the input/output control structure upon verification of an input/output (IO) address range for the remote device.

公开(公告)号：US20240193281A1

公开(公告)日：2024-06-13

申请号：US18065611

申请日：2022-12-13

Applicant: Intel Corporation

Inventor： ARDHI WIRATAMA BASKARA YUDHA ,  RESHMA LAL

IPC: G06F21/60 ,  H04L9/08

CPC classification number: G06F21/602 ,  H04L9/085

Abstract: An apparatus comprises a local computer readable memory, a compute processor comprising one or more processing resources to execute a compute process, and a cryptographic processor to prefetch encrypted compute data for the compute processor and decrypt the compute data prior to making the compute data accessible to the compute processor.

公开(公告)号：US20180004982A1

公开(公告)日：2018-01-04

申请号：US15709342

申请日：2017-09-19

Applicant: Intel Corporation

Inventor： JEFFREY C. SEDAYAO ,  IVAN JIBAJA ,  SRIKANTH VARADARAJAN ,  RESHMA LAL ,  SOHAM JAYESH DESAI

IPC: G06F21/84 ,  G06F21/12

CPC classification number: G06F21/84 ,  G06F21/123 ,  G06F2221/2125

Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.

公开(公告)号：US20170046509A1

公开(公告)日：2017-02-16

申请号：US15243655

申请日：2016-08-22

Applicant: INTEL CORPORATION

Inventor： RESHMA LAL ,  PRADEEP M. PAPPACHAN

IPC: G06F21/44 ,  G06F21/60 ,  G06F21/32 ,  H04L9/14 ,  H04L9/08

CPC classification number: G06F21/44 ,  G06F21/32 ,  G06F21/602 ,  G06F21/606 ,  G06F21/6218 ,  H04L9/0816 ,  H04L9/083 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/10 ,  H04L2209/127

Abstract: Systems and methods include establishing a secure communication between an application module and a sensor module. The application module is executing on an information-handling machine, and the sensor module is coupled to the information-handling machine. The establishment of the secure communication is at least partially facilitated by a mutually trusted module.

Abstract translation: 系统和方法包括建立应用模块和传感器模块之间的安全通信。 应用模块正在信息处理机上执行，传感器模块耦合到信息处理机。 安全通信的建立至少部分地由相互信任的模块促成。

公开(公告)号：US20160283747A1

公开(公告)日：2016-09-29

申请号：US14667916

申请日：2015-03-25

Applicant: Intel Corporation

Inventor： BIN CEDRIC XING ,  RESHMA LAL ,  DHEERAJ SUBBAREDDY

IPC: G06F21/71 ,  G06F21/60 ,  G06F21/74

CPC classification number: G06F21/71 ,  G06F21/53 ,  G06F21/602 ,  G06F21/6281 ,  G06F21/74 ,  G06F21/78 ,  G06F2221/2105 ,  G06F2221/2107 ,  G06F2221/2113 ,  G06F2221/2125 ,  G06F2221/2149

Abstract: Technologies for hardening encryption operations are disclosed. In some embodiments, the technologies harden encryption operations typically performed by kernel mode programs with a secure enclave that may run in user mode and/or in a pre-boot context. In some embodiments, the technologies leverage a shared buffer and a proxy to enable the use of a secure enclave hosted in user mode to perform encryption operations. In additional embodiments, the technologies utilize one or more pre-boot applications to enable the use of a secure enclave in a pre-boot phase, e.g., so as to enable the use of a secure enclave to decrypt data that may be needed to boot a computing device.

Abstract translation: 公开了加密操作的技术。 在一些实施例中，技术硬化通常由内核模式程序执行的加密操作，其中安全飞地可以以用户模式和/或在引导前的上下文中运行。 在一些实施例中，技术利用共享缓冲器和代理来使得能够使用以用户模式托管的安全飞地来执行加密操作。 在另外的实施例中，这些技术利用一个或多个预引导应用来在预引导阶段使用安全飞行器，例如，以便能够使用安全飞地来解密可能需要引导的数据 计算设备。

公开(公告)号：US20160147982A1

公开(公告)日：2016-05-26

申请号：US14550959

申请日：2014-11-22

Applicant: Intel Corporation

Inventor： JEFFREY C. SEDAYAO ,  IVAN JIBAJA ,  SRIKANTH VARADARAJAN ,  RESHMA LAL ,  SOHAM JAYESH DESAI

IPC: G06F21/12

CPC classification number: G06F21/84 ,  G06F21/123 ,  G06F2221/2125

Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.

Abstract translation: 本申请旨在透明地执行秘密内容。 设备可能能够下载可以包括至少一个秘密部分的内容，其中内容的任何秘密部分可以被引导到设备操作系统组件，应用，用户等不可访问的设备中的安全工作场所。该设备 然后可以以允许内容的秘密部分执行而不需要直接访问的方式呈现内容。 例如，设备可以下载内容，并且设备中的引导器模块可以将下载的内容的任何秘密部分引导到安全的工作空间。 在执行内容期间，秘密部分所需的任何输入可以被提供给安全工作空间，然后可以在内容呈现期间使用秘密部分的任何结果输出。