公开(公告)号：WO2006039051A1

公开(公告)日：2006-04-13

申请号：PCT/US2005/031315

申请日：2005-09-01

Applicant: INTEL CORPORATION ,  SCHOINAS, Ioannis ,  MADUKKARUMUKUMANA, Rajesh ,  NEIGER, Gilbert ,  UHLIG, Richard ,  KING, Ku-jei

Inventor： SCHOINAS, Ioannis ,  MADUKKARUMUKUMANA, Rajesh ,  NEIGER, Gilbert ,  UHLIG, Richard ,  KING, Ku-jei

IPC: G06F12/10 ,  G06F13/40

CPC classification number: G06F12/1009 ,  G06F12/1081 ,  G06F13/404

Abstract: An embodiment of the present invention is a technique to perform address translation. A table structure is indexed by a source identifier of an input/output (I/O) transaction specifying a guest physical address and requested by an I/O device to map the I/O device to a domain assigned to the I/O device. An address translation structure translates the guest physical address to a host physical address corresponding to the I/O transaction.

Abstract translation: 本发明的一个实施例是一种执行地址转换的技术。 表结构由指定访客物理地址并由I / O设备请求的输入/输出（I / O）事务的源标识符索引，以将I / O设备映射到分配给I / O设备的域 。 地址转换结构将访客物理地址转换为对应于I / O事务的主机物理地址。

公开(公告)号：WO2009146027A1

公开(公告)日：2009-12-03

申请号：PCT/US2009/038886

申请日：2009-03-31

Applicant: INTEL CORPORATION ,  CHERUKURI, Naveen ,  SCHOINAS, Ioannis, T. ,  KUMAR, Akhilesh ,  PARK, Seungjoon ,  CHOU, Ching-Tsun

Inventor： CHERUKURI, Naveen ,  SCHOINAS, Ioannis, T. ,  KUMAR, Akhilesh ,  PARK, Seungjoon ,  CHOU, Ching-Tsun

IPC: G06F9/06 ,  G06F12/08 ,  G06F9/46

CPC classification number: H04L47/33 ,  H04L45/00 ,  H04L45/40 ,  H04L47/10 ,  H04L47/2433 ,  H04L49/101

Abstract: A method, chip multiprocessor tile, and a chip multiprocessor with amorphous caching are disclosed. An initial processing core 404 may retrieve a data block from a data storage. An initial amorphous cache bank 410 adjacent to the initial processing core 404 may store an initial data block copy 422. A home bank directory 424 may register the initial data block copy 422.

Abstract translation: 公开了一种方法，芯片多处理器瓦片和具有非晶缓存的芯片多处理器。 初始处理核心404可以从数据存储器检索数据块。 与初始处理核心404相邻的初始非晶缓存组410可以存储初始数据块副本422.归属库目录424可以注册初始数据块拷贝422。

公开(公告)号：WO2006039057A2

公开(公告)日：2006-04-13

申请号：PCT/US2005/031471

申请日：2005-09-01

Applicant: INTEL CORPORATION ,  SCHOINAS, Ioannis ,  NEIGER, Gilbert ,  MADUKKARUMUKUMANA, Rajesh ,  KING, Ku-jei ,  UHLIG, Richard ,  ZAHIR, Achmed ,  YAMADA, Koichi

Inventor： SCHOINAS, Ioannis ,  NEIGER, Gilbert ,  MADUKKARUMUKUMANA, Rajesh ,  KING, Ku-jei ,  UHLIG, Richard ,  ZAHIR, Achmed ,  YAMADA, Koichi

IPC: G06F12/10

CPC classification number: G06F12/1081 ,  G06F12/1036 ,  G06F12/109

Abstract: An embodiment of the present invention is a technique to enhance address translation performance. A register stores capability indicators to indicate capability supported by a circuit in a chipset for address translation of a guest physical address to a host physical address. A plurality of multi-level page tables is used for page walking in the address translation. Each of the page tables has page entries. Each of the page table entries has at least an entry specifier corresponding to the capability indicated by the capability indicators.

Abstract translation: 本发明的一个实施例是一种增强地址转换性能的技术。 寄存器存储用于指示芯片组中的电路支持的能力指示符，用于将客体物理地址地址转换为主机物理地址。 在地址转换中使用多个多级页表进行页面行走。 每个页表都有页面条目。 每个页表条目至少具有与能力指示符指示的能力对应的条目说明符。

公开(公告)号：EP2858295B1

公开(公告)日：2017-12-13

申请号：EP14178647.5

申请日：2014-07-25

Applicant: Intel Corporation ,  Schoinas, Ioannis T.

Inventor： Schoinas, Ioannis T ,  Mevergnies, Michael N De ,  Sastry, Manoj

IPC: H04L9/00

CPC classification number: H04L63/1475 ,  H04L9/003 ,  H04L2209/34

Abstract: Embodiments of an invention for hardening data transmissions against power side channel attacks are disclosed. In one embodiment, a system includes a first agent and a second agent. The first agent is to transmit an encoded datum through an interface in a plurality of encoded packets. The second agent is to receive each of the plurality of encoded packets from the interface and decode each of the encoded packets to generate a plurality of decoded packets. Each of the encoded packets has the same Hamming weight. The Hamming distance between any two consecutively transmitted encoded packets is constant.

公开(公告)号：WO2014158744A1

公开(公告)日：2014-10-02

申请号：PCT/US2014/019791

申请日：2014-03-03

Applicant: INTEL CORPORATION ,  SASTRY, Manoj R. ,  SCHOINAS, Ioannis T. ,  CERMAK, Daniel M.

Inventor： SASTRY, Manoj R. ,  SCHOINAS, Ioannis T. ,  CERMAK, Daniel M.

IPC: G06F9/06 ,  G06F13/14 ,  G06F21/00

CPC classification number: G06F21/74 ,  G06F21/57 ,  G06F21/78

Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.

Abstract translation: 用于对具有安全属性的CPU事务进行限定的方法，设备和系统。 由CPU或处理器核心为事务发起者生成不可变的安全属性，用于识别CPU /核心被信任或不可信任的执行模式。 这些事务可以被定向到可被访问受保护资产的输入/输出（I / O）设备或系统存储器。 策略执行逻辑块在设备或系统中的不同点实现，其允许或拒绝事务基于为事务生成的不可变安全属性而访问被保护资产。 在一个方面，实现多级安全方案，在该级别下，通过第一事务来更新模式寄存器以指示CPU /核心以可信执行模式运行，并且使用执行模式标记为第二事务生成安全属性 在模式寄存器中验证事务来自可信发起者。

公开(公告)号：WO2008082455A1

公开(公告)日：2008-07-10

申请号：PCT/US2007/024639

申请日：2007-11-30

Applicant: INTEL CORPORATION ,  DATTA, Sham, M. ,  KUMAR, Mohan, J. ,  SUTTON, James, A. ,  BRICKELL, Ernie ,  SCHOINAS, Ioannis, T.

Inventor： DATTA, Sham, M. ,  KUMAR, Mohan, J. ,  SUTTON, James, A. ,  BRICKELL, Ernie ,  SCHOINAS, Ioannis, T.

IPC: G06F9/06 ,  G06F12/14

CPC classification number: G06F21/57

Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub- operating mode code to override the lock.

Abstract translation: 公开了用于重新配置安全系统的装置，方法和系统。 在一个实施例中，装置包括配置存储位置，锁定和锁定超驰逻辑。 配置存储位置是存储信息以配置设备。 该锁是为了防止写入配置存储位置。 锁定覆盖逻辑是允许从子操作模式代码执行的指令来覆盖锁定。

公开(公告)号：WO2013095411A1

公开(公告)日：2013-06-27

申请号：PCT/US2011/066355

申请日：2011-12-21

Applicant: INTEL CORPORATION ,  SASTRY, Manoj R. ,  SCHOINAS, Ioannis T. ,  TOEPFER, Robert J. ,  TRIVEDI, Alpa T. Narendra ,  LONG, Men

Inventor： SASTRY, Manoj R. ,  SCHOINAS, Ioannis T. ,  TOEPFER, Robert J. ,  TRIVEDI, Alpa T. Narendra ,  LONG, Men

IPC: G06F21/22 ,  G06F13/14

CPC classification number: G06F21/76 ,  G06F13/385

Abstract: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，本发明包括具有知识产权（IP）逻辑的第一代理的芯片系统（SoC），包括目标接口，主接口和边带接口的结构的接口，以及 访问控制插件单元来处理关于传入和传出事务的第一代理的访问控制策略。 该访问控制插件单元可以集成在SoC中，并且不对IP逻辑进行任何修改。 描述和要求保护其他实施例。

公开(公告)号：WO2012040691A1

公开(公告)日：2012-03-29

申请号：PCT/US2011/053216

申请日：2011-09-26

Applicant: INTEL CORPORATION ,  SASTRY, Manoj R. ,  SCHOINAS, Ioannis T ,  CERMAK, Daniel M.

Inventor： SASTRY, Manoj R. ,  SCHOINAS, Ioannis T ,  CERMAK, Daniel M.

IPC: G06F21/22 ,  G06F13/14

CPC classification number: H04L63/10 ,  G06F12/1458 ,  G06F21/6218 ,  G06F21/78

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract translation: 一种执行对系统资源和资产的访问控制的方法和系统。 与系统中启动事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。 安全属性传达分配给每个启动器的访问权限。 在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器，寄存器，地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问 允许请求，允许交易进行。 启动器方案的安全属性提供跨系统设计的模块化，一致的安全访问实施方案。

公开(公告)号：EP2858295A2

公开(公告)日：2015-04-08

申请号：EP14178647.5

申请日：2014-07-25

Applicant: Intel Corporation ,  Schoinas, Ioannis T.

Inventor： Schoinas, Ioannis T ,  Mevergnies, Michael N De ,  Sastry, Manoj

IPC: H04L9/00

CPC classification number: H04L63/1475 ,  H04L9/003 ,  H04L2209/34

Abstract: Embodiments of an invention for hardening data transmissions against power side channel attacks are disclosed. In one embodiment, a system includes a first agent and a second agent. The first agent is to transmit an encoded datum through an interface in a plurality of encoded packets. The second agent is to receive each of the plurality of encoded packets from the interface and decode each of the encoded packets to generate a plurality of decoded packets. Each of the encoded packets has the same Hamming weight. The Hamming distance between any two consecutively transmitted encoded packets is constant.

Abstract translation: 公开了用于加强针对功率侧信道攻击的数据传输的发明的实施例。 在一个实施例中，系统包括第一代理和第二代理。 第一代理是通过多个编码分组中的接口传输编码数据。 第二代理接收来自接口的多个编码分组中的每一个，并解码每个编码分组以产生多个解码分组。 每个编码分组具有相同的汉明权重。 任何两个连续发送的编码数据包之间的汉明距离是恒定的。

公开(公告)号：EP2858295A3

公开(公告)日：2015-04-29

申请号：EP14178647.5

申请日：2014-07-25

Applicant: Intel Corporation ,  Schoinas, Ioannis T.

Inventor： Schoinas, Ioannis T ,  Mevergnies, Michael N De ,  Sastry, Manoj

IPC: H04L9/00

CPC classification number: H04L63/1475 ,  H04L9/003 ,  H04L2209/34

Abstract: Embodiments of an invention for hardening data transmissions against power side channel attacks are disclosed. In one embodiment, a system includes a first agent and a second agent. The first agent is to transmit an encoded datum through an interface in a plurality of encoded packets. The second agent is to receive each of the plurality of encoded packets from the interface and decode each of the encoded packets to generate a plurality of decoded packets. Each of the encoded packets has the same Hamming weight. The Hamming distance between any two consecutively transmitted encoded packets is constant.

Abstract translation: 公开了用于强化针对电源侧信道攻击的数据传输的发明的实施例。 在一个实施例中，系统包括第一代理和第二代理。 第一代理是通过多个编码分组中的接口发送编码的数据。 第二代理是从接口接收多个编码分组中的每一个，并对编码分组中的每一个解码以产生多个解码的分组。 每个编码包具有相同的汉明权重。 任何两个连续发送的编码包之间的汉明距离是恒定的。