公开(公告)号：US10353831B2

公开(公告)日：2019-07-16

申请号：US14998065

申请日：2015-12-24

申请人： Intel Corporation

发明人： Scott H. Robinson ,  Ravi L. Sahita ,  Mark W. Shanahan ,  Karanvir S. Grewal ,  Nitin V. Sarangdhar ,  Carlos V. Rozas ,  Bo Zhang ,  Shanwei Cen

IPC分类号： G06F12/00 ,  G06F12/14 ,  G06F9/455 ,  G06F21/57

摘要： Systems, apparatuses and methods may provide for verifying, from outside a trusted computing base of a computing system, an identity an enclave instance prior to the enclave instance being launched in the trusted computing base, determining a memory location of the enclave instance and confirming that the memory location is local to the computing system. In one example, the enclave instance is a proxy enclave instance, wherein communications are conducted with one or more additional enclave instances in the trusted computing base via the proxy enclave instance and an unencrypted channel.

公开(公告)号：US10192054B2

公开(公告)日：2019-01-29

申请号：US14026372

申请日：2013-09-13

申请人： Intel Corporation

发明人： Shanwei Cen ,  Kirk D. Brannock

IPC分类号： G06F21/57 ,  G06F21/82

摘要： Methods and systems may provide for receiving at a secure element of a system, during a boot process of the system, a first pairing authentication value from a pairing agent. In addition, a pairing key may be received from the pairing agent, wherein the first pairing authentication value and the pairing key may be used to establish a trusted channel between the secure element and an input output (IO) device coupled to the system. In one example, the first pairing authentication value is accepted only if the first pairing authentication value is received prior to a predetermined stage of the boot process.

公开(公告)号：US20170185776A1

公开(公告)日：2017-06-29

申请号：US14998065

申请日：2015-12-24

申请人： Intel Corporation

发明人： Scott H. Robinson ,  Ravi L. Sahita ,  Mark W. Shanahan ,  Karanvir S. Grewal ,  Nitin V. Sarangdhar ,  Carlos V. Rozas ,  Bo Zhang ,  Shanwei Cen

IPC分类号： G06F21/56 ,  G06F12/08 ,  G06F12/14 ,  G06F9/455

CPC分类号： G06F12/145 ,  G06F9/45558 ,  G06F21/575 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2221/034

摘要： Systems, apparatuses and methods may provide for verifying, from outside a trusted computing base of a computing system, an identity an enclave instance prior to the enclave instance being launched in the trusted computing base, determining a memory location of the enclave instance and confirming that the memory location is local to the computing system. In one example, the enclave instance is a proxy enclave instance, wherein communications are conducted with one or more additional enclave instances in the trusted computing base via the proxy enclave instance and an unencrypted channel.