公开(公告)号：US12261941B2

公开(公告)日：2025-03-25

申请号：US18040245

申请日：2021-08-27

Applicant: Intel Corporation

Inventor： Jason W. Brandt ,  Steven L. Grobman ,  Vedvyas Shanbhogue

IPC: H04L9/08 ,  H04L9/32

Abstract: System, method, and apparatus embodiments for creating, using, and managing protected cryptography keys are described. In an embodiment, an apparatus includes a decoder, an execution unit, and a cache. The decoder is to decode a single instruction into a decoded single instruction, the single instruction having a first source operand to specify encrypted data and a second source operand to specify a handle including a first including ciphertext of an encryption key, an integrity tag, and additional authentication data. The execution unit is to execute the decoded single instruction to perform a first check of the integrity tag against the ciphertext and the additional authentication data for any modification to the ciphertext or the additional authentication data, perform a second check of a current request against one or more restrictions specified by the additional authentication data of the handle, decrypt the ciphertext to generate an encryption key only when the first check indicates no modification to the ciphertext or the additional authentication data and the second check indicates the one or more restrictions are not violated, decrypt the encrypted data with the encryption key to generate unencrypted data, and provide the unencrypted data as a result of the single instruction. The cache is to store the handle, wherein only a portion of the integrity tag is to be used in a lookup of the handle.

公开(公告)号：US11366906B2

公开(公告)日：2022-06-21

申请号：US16665656

申请日：2019-10-28

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Steven L. Grobman ,  Craig T. Owen

IPC: G06F21/57 ,  G06F9/4401 ,  G06F9/455 ,  G06F21/53 ,  G06F21/74 ,  G06F21/88 ,  H04L9/40

Abstract: A method, apparatus, system, and computer program product for domain-authenticated control of platform resources. Resources under the control of the platform are managed in accordance with access control rules that are centrally managed by a directory service. Security policies are uniformly applied by requiring authorization of the user's access to platform resources including hard drives, flash memory, sensors, network controllers and power state controllers.

公开(公告)号：US20200065496A1

公开(公告)日：2020-02-27

申请号：US16665656

申请日：2019-10-28

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Steven L. Grobman ,  Craig T. Owen

IPC: G06F21/57 ,  G06F21/53 ,  G06F21/88 ,  G06F9/455 ,  G06F21/74 ,  G06F9/4401

Abstract: A method, apparatus, system, and computer program product for domain-authenticated control of platform resources. Resources under the control of the platform are managed in accordance with access control rules that are centrally managed by a directory service. Security policies are uniformly applied by requiring authorization of the user's access to platform resources including hard drives, flash memory, sensors, network controllers and power state controllers.

公开(公告)号：US10097349B2

公开(公告)日：2018-10-09

申请号：US14827004

申请日：2015-08-14

Applicant: Intel Corporation

Inventor： Steven L. Grobman ,  Jason W. Brandt

IPC: G06F21/00 ,  H04L9/08 ,  H04L9/06 ,  G06F21/60

Abstract: Systems and methods for protecting symmetric encryption keys when performing encryption are described. In one embodiment, a computer-implemented method includes retrieving at least one real key from a secure area and executing, with a processor, a key transform instruction to generate at least one transformed key based on receiving the at least one real key. The at least one transformed key is an encrypted version of at least one round key that is encrypted by the processor using the at least one real key. The processor is able to decrypt the at least one transformed key and encrypt the at least one round key.