公开(公告)号：AU2003223438A1

公开(公告)日：2003-11-03

申请号：AU2003223438

申请日：2003-04-02

Applicant: INTEL CORP

Inventor： POISNER DAVID ,  GRAWROCK DAVID ,  SUTTON JAMES II

IPC: G06F21/00 ,  G06F1/00

Abstract: A method and apparatus to communicate with a token using a previously reserved binary number in the start field of a cycle, wherein the cycle is not echoed on any bus other than the bus through which the communication is received.

公开(公告)号：AU2003213080A8

公开(公告)日：2003-09-09

申请号：AU2003213080

申请日：2003-02-13

Applicant: INTEL CORP

Inventor： KOZUCH MICHAEL ,  GRAWROCK DAVID ,  SUTTON JAMES II

IPC: G06F21/00

Abstract: The method involves loading a component of an operating system into a specific region (275) of a memory by the active one of the CPUs (210,220,230) of a multi-processor system (200). The identity of the loaded component is registered. The active CPU is made to jump to a known entry point in the specific region. Independent claims are also included for the following: (1) article of manufacture comprising computer readable medium storing operating system loading program; (2) method of securing a region in computer memory; and (3) apparatus to load trustable operating system.

公开(公告)号：GB2381626A

公开(公告)日：2003-05-07

申请号：GB0303644

申请日：2001-07-13

Applicant: INTEL CORP

Inventor： GOLLIVER ROGER A ,  SUTTON JAMES II ,  LIN DERRICK ,  THAKKAR SHREEKANT ,  NEIGER GILBERT ,  MCKEEN FRANCIS ,  HERBERT HOWARD ,  RENERIS KENNETH ,  ELLISON CARL

IPC: G06F12/14

Abstract: The present invention provides a method, apparatus, and system for controlling memory accesses to multiple isolated memory areas in an isolated execution environment. A page manager is used to distribute a plurality of pages to a plurality of different areas of a memory, respectively. The memory is divided into non-isolated areas and isolated areas. The page manager is located in an isolated area of memory. Further, a memory ownership page table describes each page of memory and is also located in an isolated area of memory. The page manager assigns an isolated attribute to a page if the page is distributed to an isolated are of memory. On the other hand, the page manager assigns a non-isolated attribute to a page if the page is distributed to a non-isolated area of memory. The memory ownership page table records the attribute for each page. In one embodiment, a processor having a normal execution mode and an isolated execution mode generates an access transaction. The access transaction is configured using a configuration storage that contains configuration settings related to a page and access information. An access checking circuit coupled to the configuration settings and the access information and generates an access grant signal if the access transaction is valid.

公开(公告)号：AU7199601A

公开(公告)日：2002-01-30

申请号：AU7199601

申请日：2001-07-13

Applicant: INTEL CORP

Inventor： GOLLIVER ROGER ,  SUTTON JAMES II ,  LIN DERRICK ,  THAKKAR SHREEKANT ,  NEIGER GILBERT ,  MCKEEN FRANCIS ,  HERBERT HOWARD ,  RENERIS KENNETH ,  ELLISON CARL

IPC: G06F12/14 ,  G06F1/00

公开(公告)号：DE112005001654B4

公开(公告)日：2011-07-21

申请号：DE112005001654

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/30

Abstract: Verfahren, das umfaßt: Erzeugen einer verschlüsselten Datenstruktur (514), die einer Vorrichtung (506) zugeordnet ist, wobei die verschlüsselte Datenstruktur (514) einen Privatschlüssel (516) und einen Privatschlüssel-Digest (518) umfaßt; Erzeugen eines Kennzeichners anhand eines pseudozufällig erzeugten Werts (508) für die verschlüsselte Datenstruktur (514); Speichern des Kennzeichners und der verschlüsselten Datenstruktur (514) auf einem entnehmbaren Speichermedium (522) zur Verteilung mit einem System (504), das die Vorrichtung (506) umfasst, wobei das entnehmbare Speichermedium (522) eine Vielzahl von Kennzeichnern und verschlüsselten Datenstrukturen (514) für Vorrichtungen aus einer Klasse von Vorrichtungen umfasst, die die Vorrichtung (506) umfasst; und Speichern des pseudozufälligen Werts (508) in einem nichtflüchtigen Speicher in der Vorrichtung (506), wobei der pseudozufällige Wert (508) zum Erzeugen des Kennzeichners im System (504) verwendet wird, um die verschlüsselte Daten (522) zu extrahieren.

公开(公告)号：DE60331646D1

公开(公告)日：2010-04-22

申请号：DE60331646

申请日：2003-03-28

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  GRAWROCK DAVID

IPC: G06F21/00 ,  G06F21/24 ,  G06F1/00 ,  G06F21/20 ,  H04L9/08 ,  H04L9/10 ,  H04L29/06

Abstract: In one embodiment, a method comprises generating a cryptographic key pair associated with a data center. The method also includes storing a private key of the cryptographic key pair within a platform. The private key is used to sign a value stored in the platform for validation of inclusion of the platform into the data center. In an embodiment, the private key is revoked upon determining that the platform has been compromised. In one embodiment, the private key may be revoked in each of the platforms of the data center.

公开(公告)号：GB2419990A

公开(公告)日：2006-05-10

申请号：GB0602345

申请日：2003-03-28

Applicant: INTEL CORP

Inventor： SUTTON JAMES II

IPC: G06F21/02 ,  G06F9/445 ,  G06F21/00

Abstract: A system comprising: a processor having microcode and an embedded key; and a microcode patch package residing in at least one of a storage device and a basic input-output system (BIOS) coupled with the processor, the microcode patch package including a microcode patch to patch the microcode and a digital signature used to validate the microcode patch using the processors' embedded key. The microcode patch may further be in an encrypted form in the microcode patch package. The system may further comprise a secure memory to contain the microcode patch during validation.

公开(公告)号：GB2402788B

公开(公告)日：2006-04-05

申请号：GB0422078

申请日：2003-03-20

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  GRAWROCK DAVID W

IPC: G06F12/14 ,  G06F21/00 ,  G06F1/00 ,  G06F21/24

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.

公开(公告)号：DE10392528T5

公开(公告)日：2005-09-15

申请号：DE10392528

申请日：2003-03-28

Applicant: INTEL CORP

Inventor： SUTTON JAMES II

IPC: G06F21/00 ,  G06F12/14

Abstract: Microcode patches are encoded before delivery to a target processor that is to install the microcode patches. The target processor validates the microcode patches before installation. The security of the process may be enhanced by one or more of: 1) performing the validation in a secure memory, 2) using a public/private key pair for encryption and decryption of the microcode patch, 3) using at least one key that is embedded in the target processor and that cannot be read by non-secure software, and 4) using a hash value that is embedded in the target processor to validate at least one non-embedded key.

公开(公告)号：HK1068430A1

公开(公告)日：2005-04-29

申请号：HK05100531

申请日：2005-01-20

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  GRAWROCK DAVID

IPC: G06F12/14 ,  G06F1/00 ,  G06F21/24 ,  G06F

Abstract: A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations.