公开(公告)号：US11677730B2

公开(公告)日：2023-06-13

申请号：US16024469

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Yu-Yuan Chen ,  Wojciech S. Powiertowski ,  Srikanth Varadarajan ,  David J. Harriman

IPC: H04L9/40 ,  G06F13/42 ,  G06F21/44 ,  G06F21/73 ,  G06F21/85 ,  H04L9/08 ,  H04L9/32 ,  G06F13/16 ,  G06F15/167 ,  H04L9/00

CPC classification number: H04L63/08 ,  G06F13/4282 ,  G06F21/44 ,  G06F21/73 ,  G06F21/85 ,  H04L9/088 ,  H04L9/3234 ,  H04L9/3239 ,  H04L9/3265 ,  H04L9/3271 ,  H04L63/0823 ,  H04L63/0876 ,  G06F2213/0026 ,  G06F2213/0042 ,  G06F2221/2103 ,  H04L9/50

Abstract: A device includes a microcontroller, memory including secure memory to store a private key, a set of registers, and an authentication engine. The set of registers includes a write mailbox register and a read mailbox register, and message data is to be written to the write mailbox register by a host system. The message data includes at least a portion of a challenge request, and the challenge request includes a challenge by the host system to authenticity of the device. The authentication engine generates a response to the challenge, where the response includes data to identify attributes of the device and a signature generated using the private key. The authentication engine causes at least a portion of the response to be written to the read mailbox register to be read by the host system.

公开(公告)号：US09767324B2

公开(公告)日：2017-09-19

申请号：US14550959

申请日：2014-11-22

Applicant: Intel Corporation

Inventor： Jeffrey C Sedayao ,  Ivan Jibaja ,  Srikanth Varadarajan ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F21/12 ,  G06F21/84

CPC classification number: G06F21/84 ,  G06F21/123 ,  G06F2221/2125

Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.

公开(公告)号：US09444627B2

公开(公告)日：2016-09-13

申请号：US14582980

申请日：2014-12-24

Applicant: INTEL CORPORATION

Inventor： Srikanth Varadarajan ,  Reshma Lal ,  Krystof C. Zmudzinski

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/54 ,  G06F9/48 ,  G06F9/44 ,  G06F9/455

CPC classification number: H04L9/3234 ,  G06F9/4406 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/4843 ,  G06F9/54 ,  G06F21/74 ,  G06F2009/45587 ,  G09C1/00 ,  H04L2209/127

Abstract: Method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) starts with main processor executing an application stored in memory device. Application includes client application (CA) and trusted application (TA). Executing the application includes running CA in client process and TA in TEE host process. Client process and TEE host process are separate. Using TEE host process, a request including identifier of the TA is received from client process to open session. Using GP Trusted Services enclave included in TEE host process, TA enclave associated with the identifier is determined and loaded in the TEE host process using the GP Trusted Services enclave to establish the session. Using TEE host process, commands to be invoked in TA enclave and set of parameters needed for commands are received from client process. Using GP Internal APIs, commands in TA enclave associated with identifier are executed. Other embodiments are also described.

Abstract translation: 提供全球平台（GP）兼容的可执行环境（TEE）的方法从执行存储在存储设备中的应用程序的主处理器开始。 应用程序包括客户端应用程序（CA）和可信应用程序（TA）。 执行应用程序包括在客户端进程中运行CA，在TEE主机进程中运行TA。 客户端进程和TEE主机进程是分开的。 使用TEE主机进程，从客户端进程接收到包括TA标识符的请求以打开会话。 使用包含在TEE主机进程中的GP可信服务飞地，使用GP可信服务飞地来确定和加载与TID主机进程相关联的TA标识符以建立会话。 使用TEE主机进程，可以从客户端进程接收在TA包中调用的命令和命令所需的参数集。 使用GP Internal API，执行与标识符相关联的TA包层中的命令。 还描述了其它实施例。

公开(公告)号：US20160191246A1

公开(公告)日：2016-06-30

申请号：US14582980

申请日：2014-12-24

Applicant: INTEL CORPORATION

Inventor： Srikanth Varadarajan ,  Reshma Lal ,  Krystof C. Zmudzinksi

IPC: H04L9/32 ,  G06F9/455 ,  G06F9/44 ,  G06F9/54 ,  G06F9/48

CPC classification number: H04L9/3234 ,  G06F9/4406 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/4843 ,  G06F9/54 ,  G06F21/74 ,  G06F2009/45587 ,  G09C1/00 ,  H04L2209/127

Abstract: Method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) starts with main processor executing an application stored in memory device. Application includes client application (CA) and trusted application (TA). Executing the application includes running CA in client process and TA in TEE host process. Client process and TEE host process are separate. Using TEE host process, a request including identifier of the TA is received from client process to open session. Using GP Trusted Services enclave included in TEE host process, TA enclave associated with the identifier is determined and loaded in the TEE host process using the GP Trusted Services enclave to establish the session. Using TEE host process, commands to be invoked in TA enclave and set of parameters needed for commands are received from client process. Using GP Internal APIs, commands in TA enclave associated with identifier are executed. Other embodiments are also described.

Abstract translation: 提供全球平台（GP）兼容的可执行环境（TEE）的方法从执行存储在存储设备中的应用程序的主处理器开始。 应用程序包括客户端应用程序（CA）和可信应用程序（TA）。 执行应用程序包括在客户端进程中运行CA，在TEE主机进程中运行TA。 客户端进程和TEE主机进程是分开的。 使用TEE主机进程，从客户端进程接收到包括TA标识符的请求以打开会话。 使用包含在TEE主机进程中的GP可信服务飞地，使用GP可信服务飞地来确定和加载与TID主机进程相关联的TA标识符以建立会话。 使用TEE主机进程，可以从客户端进程接收在TA包中调用的命令和命令所需的参数集。 使用GP Internal API，执行与标识符相关联的TA包层中的命令。 还描述了其它实施例。

公开(公告)号：US10462135B2

公开(公告)日：2019-10-29

申请号：US14757659

申请日：2015-12-23

Applicant: Intel Corporation

Inventor： Srikanth Varadarajan ,  Reshma Lal ,  Josh Triplett

IPC: H04L29/06 ,  G06F16/901 ,  H04L29/08

Abstract: Various system configurations and methods for maintaining, accessing, and utilizing secure data of a web browser in a hardware-managed secure data store are disclosed herein. In an example, operations for management of sensitive data such as passwords may be provided with the use of secure enclaves operating in a trusted execution environment. For example, such secure enclaves may be used for sealing and persisting sensitive data associated with a remote service, and transmitting the sensitive data to the remote service, while an unsealed form of the sensitive data is not accessible outside of the trusted execution environment. In further examples, operations for generating a password, storing or updating existing passwords, and replacing web browser input fields with secure data are disclosed.

公开(公告)号：US10372656B2

公开(公告)日：2019-08-06

申请号：US15356720

申请日：2016-11-21

Applicant: Intel Corporation

Inventor： Srikanth Varadarajan ,  Reshma Lal ,  Steven B. McGowan ,  Hakan Magnus Eriksson ,  Travis W. Peters

IPC: G06F13/40 ,  H04W12/02 ,  G06F21/57 ,  G06F13/28 ,  G06F21/85 ,  H04L29/06 ,  H04L9/06

Abstract: In one embodiment, an apparatus includes a wireless controller, which may include a byte stream parser to receive a stream of data from one or more wireless devices and parse the stream of data to identify a first data packet associated with a first channel identifier associated with a trusted application, and a cryptographic engine coupled to the byte stream parser to encrypt a payload portion of the first data packet in response to the identification of the first data packet associated with the first channel identifier. Other embodiments are described and claimed.

公开(公告)号：US10198600B2

公开(公告)日：2019-02-05

申请号：US15709342

申请日：2017-09-19

Applicant: Intel Corporation

Inventor： Jeffrey C. Sedayao ,  Ivan Jibaja ,  Srikanth Varadarajan ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F21/12 ,  G06F21/84

Abstract: The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.