公开(公告)号：AU4368301A

公开(公告)日：2001-10-15

申请号：AU4368301

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

公开(公告)号：GB2334866B

公开(公告)日：2001-07-18

申请号：GB9912947

申请日：1997-11-25

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  DAVIS DEREK L

IPC: G06F12/10 ,  G06F1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  G09C1/00 ,  H04L9/00 ,  H04L9/10 ,  H04L9/32

Abstract: A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.

公开(公告)号：AU4184300A

公开(公告)日：2000-11-10

申请号：AU4184300

申请日：2000-03-29

Applicant: INTEL CORP

Inventor： DAVIS DEREK L ,  HERBERT HOWARD C

IPC: G06F1/00 ,  G06F21/00

Abstract: A cryptographic device comprising a processing logic and memory associated with the processing logic. The memory is loaded with a first segment of code to control execution of cryptographic functions and hash functions, and a second segment of code to perform cryptographic functions on behalf of a third party having no physical control of hardware employing the cryptographic device.

公开(公告)号：DE10195999B3

公开(公告)日：2017-05-04

申请号：DE10195999

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F9/00 ,  G06F12/14 ,  G06F21/00

Abstract: Computersystem (100) mit (a) wenigstens einem Prozessor (110), der in einem normalen und in einem isolierten Ausführungsmodus betrieben werden kann, wobei der Inhalt eines Prozessorsteuerregisters (252) anzeigt, ob sich der Prozessor (110) in dem isolierten Ausführungsmodus befindet, (b) einem Systemspeicher (140) mit einem isolierten physikalischen Speicherbereich (70), auf den der Prozessor (110) nur in dem isolierten Ausführungsmodus zugreifen kann, und (c) einem mit dem Prozessor (110) und dem Systemspeicher (140) gekoppelten Chipsatz (130, 150, 160), der eine mit dem Systemspeicher (140) gekoppelte Zugriffssteuereinrichtung (135) enthält, wobei der isolierte Ausführungsmodus durch Ausführung eines privilegierten Befehls (iso_init) in dem Prozessor (110) initialisiert wird, der einen Prozessor-Nub-Lader (52) aufruft und in den isolierten Speicherbereich (70) lädt, wobei der Prozessor-Nub-Lader (52) ein in dem Chipsatz (130, 150, 160) gehaltener geschützter Bootstrap-Lader-Code ist, der ein Prozessor-Nub-Softwaremodul (18) in den isolierten Speicherbereich (70) lädt und dessen Integrität überprüft, wobei das Prozessor-Nub-Softwaremodul (18) hardwarebezogene Dienste für die isolierte Ausführung zur Verfügung stellt, wobei die Zugriffssteuereinrichtung (135) aufweist: (c1) einen von dem Prozessor (110) konfigurierbaren Konfigurationsspeicher (610), der eine den isolierten physikalischen Speicherbereich (70) definierende Konfigurationseinstellung (612) in Speicherbereichsregistern (620, 630) speichert, (c2) einen Zugriffsgewährungsgenerator (650), der bei einer Zugriffstransaktion von dem Prozessor (110) Zugriffsinformationen (660) empfängt, die eine physikalische ...

公开(公告)号：GB2377795B

公开(公告)日：2004-12-01

申请号：GB0225052

申请日：2001-03-23

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F9/46 ,  G06F1/00 ,  G06F9/48 ,  G06F21/00

Abstract: A technique is provided to execute isolated instructions according to an embodiment of the present invention. An execution unit executes an isolated instruction in a processor operating in a platform. The processor is configured in one of a normal execution mode and an isolated execution mode. A parameter storage containing at least one parameter to support execution of the isolated instruction when the processor is configured in the isolated execution mode.

公开(公告)号：GB2378794B

公开(公告)日：2004-07-28

申请号：GB0225043

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

公开(公告)号：GB2377794A

公开(公告)日：2003-01-22

申请号：GB0225050

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  PORSCHE AKTIENGESELLSCHAFT DR ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND ,  NEIGER GILBERT

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

公开(公告)号：AU4760101A

公开(公告)日：2001-10-15

申请号：AU4760101

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

公开(公告)号：HK1022797A1

公开(公告)日：2000-08-18

申请号：HK00101244

申请日：2000-02-29

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  DAVIS DEREK L

IPC: G06F12/10 ,  G06F1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  G09C1/00 ,  H04L9/00 ,  H04L9/10 ,  H04L9/32 ,  H04L

Abstract: A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.

公开(公告)号：GB2334866A

公开(公告)日：1999-09-01

申请号：GB9912947

申请日：1997-11-25

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  DAVIS DEREK L

IPC: G06F12/10 ,  G06F1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  G09C1/00 ,  H04L9/00 ,  H04L9/10 ,  H04L9/32

Abstract: A physically secure environment (1) is coupled to an insecure environment (2). The device includes an integrity check engine (13), a flash memory (15), a processor (16), a random access memory (14), a random number generator (18), an encryption/decryption engine (12), a bus interface (19), an external storage unit (4), an internal bus (17), and an external bus (7). The integrity check engine (13) performs a one-way hash on paging data. The encryption/decryption engine (12) encrypts outgoing pages and decrypts incoming pages.