公开(公告)号：WO2014004123A1

公开(公告)日：2014-01-03

申请号：PCT/US2013/045853

申请日：2013-06-14

Applicant: INTEL CORPORATION ,  ZMUDZINSKI, Krystof ,  HOEKSTRA, Matthew, E. ,  MANFERDELLI, John ,  XING, Bin

Inventor： ZMUDZINSKI, Krystof ,  HOEKSTRA, Matthew, E. ,  MANFERDELLI, John ,  XING, Bin

IPC: G06F21/81

CPC classification number: G06F12/1408 ,  G06F1/3206 ,  G06F1/3237 ,  G06F1/3243 ,  G06F1/3287 ,  G06F9/4418 ,  G06F21/57 ,  G06F21/6209 ,  G06F21/81 ,  G06F2221/2107 ,  G06F2221/2143 ,  Y02D10/128 ,  Y02D10/152 ,  Y02D10/171 ,  Y02D50/20

Abstract: Methods and apparatus for a secure sleep state are disclosed. An example method includes, in response to an initiation of a sleep state of a computing platform, encrypting a memory of the computing platform; and decrypting the memory when resuming the computing platform from the sleep state, wherein placing the computing platform in the sleep state includes powering down a portion of the computing platform and preserving a state of the computing platform.

Abstract translation: 公开了用于安全睡眠状态的方法和装置。 响应于计算平台的睡眠状态的启动，示例性方法包括加密计算平台的存储器; 以及当将所述计算平台从所述睡眠状态恢复时将所述存储器解密，其中将所述计算平台置于所述睡眠状态包括关闭所述计算平台的一部分并且保留所述计算平台的状态。

公开(公告)号：WO2014163912A1

公开(公告)日：2014-10-09

申请号：PCT/US2014/018842

申请日：2014-02-27

Applicant: INTEL CORPORATION ,  LAL, Reshma ,  HOEKSTRA, Matthew E.

Inventor： LAL, Reshma ,  HOEKSTRA, Matthew E.

IPC: G06F21/45 ,  H04L9/32

CPC classification number: G06F21/72 ,  G06F21/31 ,  G06F21/57

Abstract: Various embodiments are generally directed to the provision and use of a secure enclave defined within a storage of a computing device by a processor element thereof to store executable instructions of an OTP component implementing logic to generate and use one-time passwords (OTPs) to enable access to services provided by another computing device. An apparatus includes a storage; a first processor element; and first logic to receive a one-time password (OTP) routine, store the OTP routine within a first secure enclave defined by the first processor element within the storage, obtain a measure of the contents of the first secure enclave with the OTP routine stored therein, transmit the first measure to a computing device, and receive an OTP seed. Other embodiments are described and claimed.

Abstract translation: 各种实施例通常涉及提供和使用通过其处理器元件在计算设备的存储器内定义的安全空间，以存储实现逻辑的OTP组件的可执行指令，以生成和使用一次性密码（OTP）来实现 访问由另一计算设备提供的服务。 一种装置包括存储装置; 第一处理器元件; 以及接收一次密码（OTP）例程的第一逻辑，将OTP例程存储在由存储器内的第一处理器元件定义的第一安全空间内，获得存储有OTP例程的第一安全飞地的内容的度量 在其中将第一测量发送到计算设备，并且接收OTP种子。 描述和要求保护其他实施例。

公开(公告)号：WO2015094277A1

公开(公告)日：2015-06-25

申请号：PCT/US2013/076525

申请日：2013-12-19

Applicant: INTEL CORPORATION ,  SMITH, Ned M. ,  HELDT-SHELLER, Nathan ,  LAL, Reshma ,  SHELLER, Micah J. ,  HOEKSTRA, Matthew E.

Inventor： SMITH, Ned M. ,  HELDT-SHELLER, Nathan ,  LAL, Reshma ,  SHELLER, Micah J. ,  HOEKSTRA, Matthew E.

IPC: G06F21/10

CPC classification number: H04L63/10 ,  G06F21/10 ,  G06F2221/0708 ,  H04L67/42

Abstract: Technologies for supporting and implementing multiple digital rights management protocols on a client device are described. In some embodiments, the technologies include a client device having an architectural enclave which may function to identify one of a plurality of digital rights management protocols for protecting digital information to be received from a content provider or a sensor. The architectural enclave select a preexisting secure information processing environment (SIPE) to process said digital information, if a preexisting SIPE supporting the DRM protocol is present on the client. If a preexisting SIPE supporting the DRM protocol is not present on the client, the architectural enclave may general a new SIPE that supports the DRM protocol on the client. Transmission of the digital information may then be directed to the selected preexisting SIPE or the new SIPE, as appropriate.

Abstract translation: 描述了在客户端设备上支持和实现多个数字版权管理协议的技术。 在一些实施例中，这些技术包括具有架构区域的客户端设备，其可以用于识别用于保护要从内容提供商或传感器接收的数字信息的多个数字版权管理协议中的一个。 如果在客户端上存在支持DRM协议的预先存在的SIPE，那么建筑飞地选择预先存在的安全信息处理环境（SIPE）来处理所述数字信息。 如果客户端上不存在支持DRM协议的预先存在的SIPE，那么该架构可以通用一个支持客户端DRM协议的新SIPE。 然后可以适当地将数字信息的传输指向所选择的预先存在的SIPE或新的SIPE。

公开(公告)号：WO2014105130A1

公开(公告)日：2014-07-03

申请号：PCT/US2013/046191

申请日：2013-06-17

Applicant: INTEL CORPORATION ,  XING, Bin ,  HOEKSTRA, Matthew E. ,  GOLDSMITH, Michael A. ,  ROZAS, Carlos V. ,  SCARLATA, Vincent R. ,  JOHNSON, Simon P. ,  SAVAGAONKAR, Uday R. ,  MCKEEN, Francis X. ,  TOLOPKA, Stephen J.

Inventor： XING, Bin ,  HOEKSTRA, Matthew E. ,  GOLDSMITH, Michael A. ,  ROZAS, Carlos V. ,  SCARLATA, Vincent R. ,  JOHNSON, Simon P. ,  SAVAGAONKAR, Uday R. ,  MCKEEN, Francis X. ,  TOLOPKA, Stephen J.

IPC: G06F21/52 ,  G06F9/44

CPC classification number: G06F21/53 ,  G06F21/71 ,  G06F2221/2101 ,  G06F2221/2149

Abstract: Embodiments of an invention for measuring applications loaded in secure enclaves at runtime are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to extend a first measurement of a secure enclave with a second measurement. The execution unit is to execute the instruction after initialization of the secure enclave.

Abstract translation: 公开了用于在运行时测量加载在安全空间中的应用的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元将接收用于通过第二测量来扩展安全飞地的第一测量的指令。 执行单元将在安全飞地初始化后执行指令。