公开(公告)号：WO2023058828A1

公开(公告)日：2023-04-13

申请号：PCT/KR2022/001511

申请日：2022-01-27

Applicant: 삼성전자 주식회사

Inventor： 정문규 ,  이우용 ,  황진하

IPC: G06F21/64 ,  G06F21/53 ,  H04N21/266 ,  H04N5/77 ,  H04N5/232

Abstract: 전자 장치는, 적어도 하나의 메모리, 카메라 및 적어도 하나의 프로세서를 포함하고, 적어도 하나의 프로세서는, 보안 환경에서, 카메라로부터 외부 객체에 대한 원시 이미지를 획득하고 획득된 원시 이미지를 적어도 하나의 메모리에 저장하고, 보안 환경에서, 저장된 원시 이미지에 대한 제1 이미지 처리 및 제2 이미지 처리를 통해, 원시 이미지로부터 제1 이미지를 획득하고, 일반 환경으로부터의 검증 요청이 획득됨에 기반하여: 일반 환경에서 저장된 원시 이미지에 대한 제2 이미지 처리를 통해 원시 이미지로부터 획득된 제2 이미지를 보안 환경에서 획득하고, 보안 환경에서, 획득된 제2 이미지에 대한 제1 이미지 처리를 통해 제2 이미지로부터 제3 이미지를 획득하고, 획득된 제1 이미지 및 획득된 제3 이미지에 기반하여, 제2 이미지의 무결성을 확인하도록 설정될 수 있다.

公开(公告)号：WO2023057652A1

公开(公告)日：2023-04-13

申请号：PCT/EP2022/078066

申请日：2022-10-10

Applicant: CYFERALL

Inventor： OLIE, Jean-Louis

IPC: G06F21/31 ,  G06F21/53 ,  G06F21/602

Abstract: La présente invention concerne un système de sécurité (100) pour des dispositifs informatiques (150), le système de sécurité étant adapté pour : - permettre à une application de sécurité (104) de définir une enclave de la mémoire vive (RAM) à laquelle seule l'application de sécurité (104) peut avoir accès, cette enclave étant éventuellement située au sein d'un zone protégée plus large résultant de la mise en œuvre d'une machine virtuelle capable d'abriter des logiciels tiers devant coopérer avec les services sécurisés et les pilotes des périphériques de création et de restitution de l'information; et - exploiter cette application de sécurité (104) sur la machine physique ou sur la machine virtuelle, dans laquelle l'application de sécurité contrôle l'accès à l'enclave et l'utilise pour y stocker les données en clair à protéger.

公开(公告)号：WO2023036672A1

公开(公告)日：2023-03-16

申请号：PCT/EP2022/074265

申请日：2022-09-01

Applicant: SIEMENS AKTIENGESELLSCHAFT

Inventor： KNIERIM, Christian

IPC: G06F21/53 ,  G06F9/455 ,  G06F11/30 ,  G06F21/64

Abstract: Ausführen von privilegierten Operationen in einem Container Verfahren zum Ausführen von privilegierten Operationen eines in einem Container auf einem Gastrechner (10) ausgeführten Anwendungsprogramms, bei der zum Ausführen der privilegierten Operation in Bezug auf nicht-privilegierte Operationen des Anwendungsprogramms eine erweiterte Ausführungsberechtigung für den Container auf einem Gastrechner (10) erforderlich sind, umfassend - Empfangen (S1) einer mindestens eine privilegierte Operation enthaltende Privilegierungsrichtline (R) beim Starten eines Hauptcontainers (18) in einem Gastrechner (10), - Überwachen (S2) von aufgerufenen Operationen des Anwendungsprogramms, die in dem Hauptcontainer (18) ausgeführt werden, durch eine Laufzeitumgebung (13) des Gastrechners (10), - Starten (S3) eines separaten, die erweiterte Ausführungsberechtigung umfassenden Nebencontainers (19), wenn eine in der Privilegierungsrichtlinie (R) enthaltene privilegierte Operation innerhalb des Hauptcontainers (18) aufgerufen wird, - Ausführen (S4) der privilegierten Operation im Nebencontainer (18) stellvertretend für den Hauptcontainer (18), - Beenden (S5) des Nebencontainers (19) nach Ausführung der privilegierten Operation, und - Weiterführen (S6) des Hauptcontainers (18) abhängig von einer Rückmeldung des Nebencontainers (19) und/oder der Privilegierungsrichtlinie (R).

公开(公告)号：WO2023012075A1

公开(公告)日：2023-02-09

申请号：PCT/EP2022/071454

申请日：2022-07-29

Applicant: THALES DIS FRANCE SAS

Inventor： FOKLE KOKOU, Milas

IPC: G06F21/51 ,  G06F21/53

Abstract: The present invention relates to a method for generating a signed container image from a base container image comprising a plurality of container image layers, and for pushing said signed container image to an image registry of a container hosting environment, wherein said environment comprises a pipeline server of an image provider, a master node configured for acting as orchestrator and a plurality of worker nodes configured for running a container instantiating said signed container image after pulling said signed container image from said image registry, and comprising performed by said pipeline server : - generating a signed container image by adding a first layer and a second layer to said base container image, said first layer comprising a manifest of said base container image and said second layer comprising a digital signature of a digest of said manifest generated using a private key of said image provider, - pushing said signed container image to said image registry.

公开(公告)号：WO2023004261A1

公开(公告)日：2023-01-26

申请号：PCT/US2022/073768

申请日：2022-07-15

Applicant: GOOGLE LLC

Inventor： MOYER, Keith ,  MOORE, Benjamin Seth ,  MEDVINKSY, Ari ,  YAP, Kevin ,  PETROV, Ivan ,  SANTORO, Tiziano ,  FELDMAN, Ariel Joseph ,  ROSU, Marcel Catalin

IPC: H04L9/40 ,  G06F21/53 ,  G06F21/57 ,  H04L9/00 ,  H04L9/08

Abstract: A method (400) for remote attestation includes establishing, using a cryptographic protocol (20), a communication session (22) between a first computing device (10a) and a second computing device (10b). The communication session includes communications encrypted by an ephemeral session key (24). The method includes receiving, at the first communication device via the communication session, from the second computing device, an attestation request (172) requesting the first computing device to provide an attestation report (162). The method includes generating, by the first computing device, the attestation report based on the ephemeral session key and sending, using the communication session, the attestation report to the second computing device.

公开(公告)号：WO2023283004A1

公开(公告)日：2023-01-12

申请号：PCT/US2022/032177

申请日：2022-06-03

Applicant: SIFIVE, INC.

Inventor： LOISEL, Yann ,  EDGAR, Ernest L.

IPC: G06F21/57 ,  G06F11/36 ,  G06F12/02 ,  G06F9/50 ,  G06F21/53 ,  G06F21/74

Abstract: Systems and methods are disclosed for debug in a system on a chip with a securely partitioned memory space. For example, an integrated circuit (e.g., a processor) for executing instructions includes a processor core configured to execute instructions, including a data store configured to store a first world identifier; an outer memory system configured to store instructions and data; a data store configured to store a debug world list that specifies which world identifiers supported by the integrated circuit are authorized for debugging; and a debug enable circuitry configured to generate a debug enable signal based on the first world identifier and the debug world list, wherein the processor core is configured to jump to debug handler instructions in response to a debug exception or ignore the debug exception depending on the debug enable signal.

公开(公告)号：WO2022272064A1

公开(公告)日：2022-12-29

申请号：PCT/US2022/034906

申请日：2022-06-24

Applicant: INTEL CORPORATION

Inventor： RAGHURAM, Yeluri ,  XIA, Haidong ,  SHETTY, Uttam ,  RAO, Anil ,  BANGALORE, Sudhir Subbarao ,  NAGARAJAN, Raghavender ,  HOOMKWAP, Kekuut ,  PENG, Wei

IPC: G06F21/33 ,  G06F21/60 ,  G06F21/64 ,  G06F21/53 ,  H04L9/32

Abstract: Various systems and methods are described for implementing trust authority or trust attestation verification operations, including for Trust-as-a-Service or Attestation-as-a-Service implementations, in accordance with the techniques discussed herein. In various examples, operations and configurations are described to enable service-to-service attestation using a trust authority, to operate an attestation service, and to coordinate trust operations between relying and requesting parties.

公开(公告)号：WO2022271223A1

公开(公告)日：2022-12-29

申请号：PCT/US2022/020027

申请日：2022-03-11

Applicant: INTEL CORPORATION

Inventor： DESAI, Soham Jayesh ,  LAL, Reshma

IPC: G06F9/50 ,  G06F8/61 ,  G06F9/445 ,  G06F21/53 ,  G06F9/455 ,  G06F2009/45562 ,  G06F21/602 ,  G06F21/72 ,  G06F8/63 ,  G06F9/44505 ,  G06F9/4881 ,  G06F9/5038 ,  G06F9/5072

Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.

公开(公告)号：WO2022268150A1

公开(公告)日：2022-12-29

申请号：PCT/CN2022/100659

申请日：2022-06-23

Applicant: 华为技术有限公司

Inventor： 章张锴 ,  姚冬冬 ,  陈谋

IPC: G06F9/455 ,  G06F21/53

Abstract: 本申请实施例公开了一种虚拟机与安全隔离区间的通信方法及相关装置，该方法使得安全隔离区能够主动通知虚拟机执行某种操作，更加方便、灵活；该方法包括：第一安全隔离区SP将请求写入第一SP和第一虚拟机VM的第一共享内存中，第一SP为X个SP中的一个，第一VM为X个VM中与第一SP对应的一个，请求用于指示第一VM执行目标操作。

公开(公告)号：WO2022240905A1

公开(公告)日：2022-11-17

申请号：PCT/US2022/028632

申请日：2022-05-10

Applicant: INTEL CORPORATION

Inventor： BARTFAI-WALCOTT, Katalin ,  ORIOL, Mariusz ,  SRINIVASAN, Vasudevan ,  IRELAN, Peggy ,  STEPKA, Mariusz ,  MURPHY, Kaitlin ,  PILLILLI, Bharat ,  BALDWIN, Mark ,  BRONK, Mateusz ,  KARIM, Fariaz ,  BERENT, Arkadiusz ,  CHILUKURI, Vasuki

IPC: G06F21/53 ,  G06F9/455 ,  G06F9/50 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  G06F21/71 ,  G06F21/73 ,  G06F21/604 ,  G06F21/6218 ,  G06F21/645 ,  G06F2221/2111 ,  G06F9/5088

Abstract: Methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to implement license management solutions for software defined silicon (SDSi) products are disclosed. Example license management solutions disclosed herein include, but are not limited to, virtual resource migration using SDSi, resource configuration management using SDSi, hardware self-configuration using SDSi, reduced footprint agents using SDSi, performing SDSi usage evaluation and corresponding license transfer responsive to detected and/or predicted failures, transferring node locked SDSi licenses, transfer of SDSi licenses without a trusted license server, community license generation, expirable SDSi licenses via a reliable clock, non-node locked licenses via blockchain, and activating hardware features with a pre-generated hardware license.