公开(公告)号：AT545094T

公开(公告)日：2012-02-15

申请号：AT08250992

申请日：2008-03-20

Applicant: INTEL CORP

Inventor： WISEMAN WILLARD M ,  GRAWROCK DAVID W

IPC: G06F21/00

公开(公告)号：GB2453230A

公开(公告)日：2009-04-01

申请号：GB0817350

申请日：2008-09-23

Applicant: INTEL CORP

Inventor： SMITH NED M ,  BRUTCH TASNEEM ,  WISEMAN WILLARD M ,  KUMAR ALOK ,  SCARLATA VINCENT R ,  SIDDIQI FARAZ A

IPC: G06F21/00

Abstract: A processing system with a trusted platform module (TPM) supports migration of digital keys. An application in the processing system creates a first configuration key 120 as a child of a TPM storage root key (SRK) 110 when the system has a first configuration. The application also creates an upgradeable root user key 130 associated with an upgrade authority as a child of the first configuration key. When the system has a second configuration, the application creates a second configuration key 122 as a child of the SRK and requests migration approval from the upgrade authority. In response to receiving approval from the upgrade authority, the application migrates the root user key 132 to be a child of the second configuration key. Compared to the conventional structure (fig. 2) the upgradeable key structure includes an extra layer (the configuration keys) in the hierarchy between the Root User Key 130 and the SRK.

公开(公告)号：GB2429555A

公开(公告)日：2007-02-28

申请号：GB0620519

申请日：2004-09-23

Applicant: INTEL CORP

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/00 ,  G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  G06F15/80 ,  H04L9/00

Abstract: An initial logical processor is used to construct a spanning tree (300) across a plurality of processors (212), and the spanning tree (300) is used to launch a trusted agent on the processor.

公开(公告)号：EP3235165A4

公开(公告)日：2018-05-23

申请号：EP15863005

申请日：2015-10-22

Applicant: INTEL CORP

Inventor： SCOTT-NASH MARK E ,  DASARI ANNAPURNA ,  WISEMAN WILLARD M

IPC: H04L9/08 ,  G06F9/455 ,  G06F21/57 ,  H04L29/06

CPC classification number: H04L63/0876 ,  G06F21/57 ,  H04L63/0457 ,  H04L63/0853

Abstract: In an embodiment, at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed.

公开(公告)号：EP3087471A4

公开(公告)日：2017-10-11

申请号：EP13900327

申请日：2013-12-27

Applicant: INTEL CORP

Inventor： YAO JIEWEN ,  ZIMMER VINCENT ,  ADAMS NICHOLAS ,  WISEMAN WILLARD M ,  MUDUSURU GIRI ,  ZHANG NUO

IPC: G06F9/445 ,  G06F9/44 ,  G06F21/57

CPC classification number: G06F9/4403 ,  G06F9/4401 ,  G06F9/4411 ,  G06F9/44505 ,  G06F21/572 ,  G06F21/575

公开(公告)号：EP2962241A4

公开(公告)日：2016-09-14

申请号：EP14757417

申请日：2014-02-28

Applicant: INTEL CORP

Inventor： ADAMS NICHOLAS J ,  WISEMAN WILLARD M

IPC: G06F21/57 ,  G06F9/06

CPC classification number: G06F21/575 ,  G06F21/57

Abstract: This disclosure is directed to continuation of trust for platform boot firmware. A device may comprise a processing module and a memory module including read-only memory (ROM) on which is stored platform boot firmware. On activation, the processing module may load the platform boot firmware. The platform boot firmware may cause the processing module to first load a trusted pre-verifier file to load and verify the signature of a hash table loaded from the platform boot firmware. The processing module may then load firmware program files from the platform boot firmware, calculate a hash for each file, and verify whether each program hash is in the hash table. Firmware program files with hashes in the hash table may be allowed to execute. If any firmware program file hash is not in the hash table, the processing module may perform platform specific security actions to prevent the device from being compromised.

公开(公告)号：EP2598994A4

公开(公告)日：2016-06-08

申请号：EP11813213

申请日：2011-07-28

Applicant: INTEL CORP

Inventor： SMITH NED M ,  WISEMAN WILLARD M ,  SHANBHOGUE VEDVYAS ,  GRAWROCK DAVID W ,  STRONGIN GEOFFREY S

IPC: G06F11/16 ,  G06F13/14 ,  G06F21/50 ,  G06F21/57 ,  G06F21/85

CPC classification number: G06F21/44 ,  G06F21/50 ,  G06F21/57 ,  G06F21/575 ,  G06F21/85 ,  H04L63/126 ,  H04L67/125

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

公开(公告)号：EP2864928A4

公开(公告)日：2016-02-17

申请号：EP13807277

申请日：2013-06-10

Applicant: INTEL CORP

Inventor： SMITH NED M ,  JOHNSON SIMON P ,  ORRIN STEVE ,  WISEMAN WILLARD M

IPC: G06F21/62 ,  G06F21/57

CPC classification number: H04L63/107 ,  G06F21/57 ,  G06F21/575 ,  G06F2221/2111 ,  H04W4/021 ,  H04W12/06 ,  H04W12/08