公开(公告)号：WO2016122751A3

公开(公告)日：2016-10-13

申请号：PCT/US2015060879

申请日：2015-11-16

Applicant: INTEL CORP

Inventor： NESHER NADAV ,  BERENZON ALEX ,  CHAIKIN BARUCH

IPC: H04L9/00 ,  H04L12/12

CPC classification number: G06F21/53 ,  G06F21/57 ,  G06F21/71 ,  H04L2209/127

Abstract: An embodiment includes a processor coupled to memory to perform operations comprising: creating a first trusted execution environment (TXE), in protected non-privileged user address space of the memory, which makes a first measurement for at least one of first data and first executable code and which encrypts the first measurement with a persistent first hardware based encryption key while the first measurement is within the first TXE; creating a second TXE, in the non-privileged user address space, which makes a second measurement for at least one of second data and second executable code; creating a third TXE in the non- privileged user address space; creating a first secure communication channel between the first and third TXEs and a second secure communication channel between the second and third TXEs; and communicating the first measurement between the first and third TXEs via the first secure communication channel.

Abstract translation: 实施例包括耦合到存储器以执行操作的处理器，其包括：在存储器的受保护非特权用户地址空间中创建第一可信执行环境（TXE），其对第一数据和第一可执行文件中的至少一个进行第一测量 代码，并且其在第一测量在第一TXE内时利用持久的基于硬件的第一硬件加密密钥对第一测量进行加密; 在非特权用户地址空间中创建第二TXE，其为第二数据和第二可执行代码中的至少一个进行第二测量; 在非特权用户地址空间中创建第三个TXE; 在第一和第三TXE之间创建第一安全通信信道，以及第二和第三TXE之间的第二安全通信信道; 以及经由所述第一安全通信信道在所述第一和第三TXE之间传送所述第一测量。

公开(公告)号：DE102014004563A1

公开(公告)日：2014-10-02

申请号：DE102014004563

申请日：2014-03-28

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  BERENZON ALEX ,  IVANOV ANTON ,  MCKEEN FRANCIS X ,  ALEXANDROVICH ILYA ,  GOLDSMITH MICHAEL ,  JOHNSON SIMON P ,  NEIGER GILBERT ,  ANATI ITTAI ,  HUNTLEY BARRY E ,  LESLIE-HURD REBEKAH M ,  RAPPOPORT RINAT ,  SHANBHOGUE VEDVYAS ,  SAVAGAONKAR UDAY R ,  SMITH WESLEY H ,  RODGERS SCOTT DION ,  SCARLATA VINCENT R ,  WOOD WILLIAM COLIN

IPC: G06F9/34

Abstract: Befehle und Logik zur Bereitstellung verbesserter Paging-Fähigkeiten für Secure Enclave-Seitencaches. Ausführungsformen beinhalten mehrere Hardware-Threads oder Prozessorkerne, einen Cache zum Speichern sicherer Daten für gemeinsame Seitenadressen, die einer Secure Enclave zugeordnet sind, und für die Hardware-Threads zugänglich sind. Eine Decode-Stufe dekodiert einen ersten Befehl, der besagte gemeinsame Seitenadresse als einen Operand festlegt, und Ausführungseinheiten markieren einen Eintrag entsprechend einer Enclave-Seitencache-Zuordnung für die gemeinsame Seitenadresse, um die Erstellung einer neuen Übersetzung für entweder besagten ersten oder zweiten Hardware-Thread für den Zugriff auf die gemeinsame Seite zu blockieren. Ein zweiter Befehl wird zur Ausführung dekodiert, wobei der zweite Befehl besagte Secure Enclave als einen Operand festlegt, und Ausführungseinheiten Hardware-Threads aufzeichnet, die gerade auf sichere Daten im Enclave-Seitencache entsprechend der Secure Enclave zugreifen, und die aufgezeichnete Anzahl an Hardware-Threads dekrementiert, wenn einer der Hardware-Threads die Secure Enclave verlässt.

公开(公告)号：GB2515611A

公开(公告)日：2014-12-31

申请号：GB201405732

申请日：2014-03-31

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  IVANOV ANTON ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN

IPC: G06F12/14 ,  G06F9/30 ,  G06F12/10 ,  G06F21/62

Abstract: A processor has multiple hardware threads and an enclave page cache. The processor has a first instruction to prevent new address translations being created. This instruction takes the address of a page in a secure enclave as a as a parameter. It prevents new entries being made in a translation look-aside buffer for that page. The processor has a second instruction to record the threads accessing an enclave. This instruction specifies the enclave identifier as a parameter and records the number of hardware threads accessing the enclave. The number is decremented whenever a thread exits the enclave. The processor has a third instruction to evict a page from an enclave page cache. The instruction takes the page address to evict as a parameter. It writes the page back to memory if the number of threads accessing the enclave is zero.

公开(公告)号：EP2856377A4

公开(公告)日：2016-01-27

申请号：EP12877666

申请日：2012-06-01

Applicant: INTEL CORP

Inventor： GOFFMAN SERGEI ,  BERENZON ALEX ,  LENZ ORON ,  DEVOR TEVI ,  ZHANG BO ,  ZAHAVI YORAM ,  MAOR MOSHE

IPC: G06F21/10 ,  G06F9/44 ,  G06F21/53 ,  G06F21/54

CPC classification number: G06F21/602 ,  G06F21/125 ,  G06F21/53 ,  G06F21/54

公开(公告)号：EP3235161A4

公开(公告)日：2018-06-13

申请号：EP15880627

申请日：2015-11-16

Applicant: INTEL CORP

Inventor： NESHER NADAV ,  BERENZON ALEX ,  CHAIKIN BARUCH

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F21/57 ,  G06F21/71 ,  H04L2209/127

Abstract: An embodiment includes a processor coupled to memory to perform operations comprising: creating a first trusted execution environment (TXE), in protected non-privileged user address space of the memory, which makes a first measurement for at least one of first data and first executable code and which encrypts the first measurement with a persistent first hardware based encryption key while the first measurement is within the first TXE; creating a second TXE, in the non-privileged user address space, which makes a second measurement for at least one of second data and second executable code; creating a third TXE in the non-privileged user address space; creating a first secure communication channel between the first and third TXEs and a second secure communication channel between the second and third TXEs; and communicating the first measurement between the first and third TXEs via the first secure communication channel. Other embodiments are described herein.

公开(公告)号：DE102019123253A1

公开(公告)日：2020-05-07

申请号：DE102019123253

申请日：2019-08-29

Applicant: INTEL CORP

Inventor： BERENZON ALEX ,  LENZ ORON ,  NAYSHTUT ALEX ,  NADLER ISHAI ,  WOLF YONI

IPC: G06F21/00

Abstract: Ein System und eine Einrichtung für Datenvertraulichkeit im Distributed Ledger werden offenbart. Das System und die Einrichtung bewahren die Qualitäten von Distributed Ledgers, etwa Transparenz, Integrität und Redundanz, und bieten gleichzeitig Vertraulichkeit, Skalierbarkeit und Sicherheit, wie sie zuvor in Distributed Ledgers nicht zu finden waren. Das System weist ein Datenvertraulichkeitsmodul auf, das eine vertrauenswürdige Ausführungsumgebung sowohl für die Transaktionsverarbeitung als auch für die Schlüsselsynchronisation nutzt. Die Einrichtung, die auf das Distributed Ledger zugreift, ermöglicht, dass neue Knoten dem Netz beitreten, vorhandene Knoten Transaktionen an das Ledger senden, die Transaktion unter Nutzung der vertrauenswürdigen Ausführungsumgebung sicher zu verarbeiten, die Übertragung an die Logikschicht zur Anwendung von Geschäftslogik zu schützen, das Lesen und Schreiben von Daten in einen lokalen Speicher und das Lesen von verschlüsselten Transaktionen.

公开(公告)号：GB2522137B

公开(公告)日：2015-12-02

申请号：GB201505638

申请日：2015-04-01

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT DION ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN ,  IVANOV ANTON

IPC: G06F12/08 ,  G06F9/30 ,  G06F12/10 ,  G06F21/62

公开(公告)号：GB2522137A

公开(公告)日：2015-07-15

申请号：GB201505638

申请日：2015-04-01

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT DION ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN ,  IVANOV ANTON

IPC: G06F12/08 ,  G06F9/30 ,  G06F21/62

Abstract: A processor has an enclave page cache to cache data from a secure enclave. An instruction (ETRACK) causes it to record the number of hardware threads accessing the data in the cache corresponding to the secure enclave. This may be the threads, which are executing code in the secure enclave. When any of the threads exits the secure enclave, the number is decremented. A second instruction (EWB) may cause the data in the cache to be evicted and written back to main memory when the number reaches zero. A third instruction (EBLOCK) may prevent the creation of new address translation entries for the pages in the cache. The data may be encrypted, when written to main memory, and decrypted, when read from main memory.

公开(公告)号：GB2528796A

公开(公告)日：2016-02-03

申请号：GB201515835

申请日：2015-04-01

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT DION

IPC: G06F12/14 ,  G06F9/30 ,  G06F12/1027 ,  G06F21/62

Abstract: A processor has multiple hardware threads and an enclave page cache. The processor has a first instruction to prevent new address translations being created. This instruction takes the address of a page in a secure enclave as a as a parameter. It prevents new entries being made in a translation look-aside buffer for that page. The processor has a second instruction to record the threads accessing an enclave. This instruction specifies the enclave identifier as a parameter and records the number of hardware threads accessing the enclave. The number is decremented whenever a thread exits the enclave. The processor has a third instruction to evict a page from an enclave page cache. The instruction takes the page address to evict as a parameter. It writes the page back to memory if the number of threads accessing the enclave is zero.

公开(公告)号：GB2515611B

公开(公告)日：2015-06-03

申请号：GB201405732

申请日：2014-03-31

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  IVANOV ANTON ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT DION ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN

IPC: G06F12/14 ,  G06F9/30 ,  G06F12/10 ,  G06F21/62