公开(公告)号：JP2007265434A

公开(公告)日：2007-10-11

申请号：JP2007150997

申请日：2007-06-06

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： SUTTON II JAMES ,  GRAWROCK DAVID ,  UHLIG RICHARD ,  POISNER DAVID ,  GLEW ANDREW ,  HALL CLIFFORD ,  SMITH III LAWRENCE ,  NEIGER GILBERT ,  KOZUCH MICHAEL ,  GEORGE ROBERT ,  BURGESS BRADLEY

IPC: G06F1/00 ,  G06F21/22 ,  G06F9/46 ,  G06F9/48 ,  G06F12/14 ,  G06F21/00

CPC classification number: G06F21/53 ,  G06F12/1491 ,  G06F21/57 ,  G06F2221/2105

Abstract: PROBLEM TO BE SOLVED: To provide a system and a method for allowing execution of a system management mode (SMM) code during secure operations in a microprocessor system. SOLUTION: In one embodiment, a system management interruption (SMI) may be first directed to a handler in a secured virtual machine monitor (SVMM). The SMI may then be re-directed to an SMM code located in a virtual machine (VM) that is under the security control of the SVMM. This redirection can be accomplished by allowing reading from and writing to the system management (SM) base register in the processor. COPYRIGHT: (C)2008,JPO&INPIT

Abstract translation: 要解决的问题：提供一种用于在微处理器系统中的安全操作期间允许执行系统管理模式（SMM）代码的系统和方法。 解决方案：在一个实施例中，可以将系统管理中断（SMI）首先定向到安全虚拟机监视器（SVMM）中的处理程序。 然后，SMI可以被重定向到位于SVMM的安全控制下的虚拟机（VM）中的SMM代码。 这种重定向可以通过读取和写入处理器中的系统管理（SM）基址寄存器来实现。 版权所有（C）2008，JPO＆INPIT

公开(公告)号：WO2006023151A2

公开(公告)日：2006-03-02

申请号：PCT/US2005024374

申请日：2005-07-08

Applicant: INTEL CORP ,  SUTTON JAMES II ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

Inventor： SUTTON JAMES II ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

CPC classification number: H04L9/0844 ,  H04L2209/127

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo­random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

Abstract translation: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有直接证明私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在由客户端计算机系统可访问的受保护的在线服务器上。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果没有，系统将使用安全协议从受保护的在线服务器获取相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构，以获得直接证明私钥。 如果私钥有效，则可以用于客户端计算机系统中的设备的后续认证处理。

公开(公告)号：WO2006019614A3

公开(公告)日：2006-12-07

申请号：PCT/US2005024253

申请日：2005-07-08

Applicant: INTEL CORP ,  SUTTON JAMES II ,  HALL CLIFFORD ,  BRICKELL ERNIE ,  GRAWROCK DAVID

Inventor： SUTTON JAMES II ,  HALL CLIFFORD ,  BRICKELL ERNIE ,  GRAWROCK DAVID

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L63/083 ,  G06F9/4843 ,  G06F12/1036 ,  G06F21/57 ,  G06F21/73 ,  H04L9/0897 ,  H04L9/3218 ,  H04L9/3236 ,  H04L63/04

Abstract: Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

Abstract translation: 在安装在客户端计算机系统中的设备中的签名密钥组中提供直接证明私钥可以以安全的方式实现，而不需要在设备中的显着的非易失性存储。 在制造时生成并存储与设备中的组号一起存储唯一的伪随机值。 伪随机值用于生成用于加密持有Direct Proof私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构被存储在可移动存储介质（例如CD或DVD）上的签名组密钥（例如，签名组记录）中，并且分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果没有，系统从可移动存储介质中获得加密数据结构的关联签名组记录，并验证签名组记录。 该设备使用从其存储的伪随机值重新生成的对称密钥来解密加密的数据结构，以便当组记录有效时获得Direct Proof私钥。 如果私钥有效，则可以用于客户端计算机系统中的设备的后续认证处理。

公开(公告)号：WO2006039202A3

公开(公告)日：2006-07-06

申请号：PCT/US2005034146

申请日：2005-09-21

Applicant: INTEL CORP ,  NEIGER GILBERT NEIGER ,  BENNETT STEVEN ,  COTA-ROBLES ERIK ,  SCHOENBERG SEBASTIAN ,  HALL CLIFFORD ,  RODGERS DION ,  SMITH LAWRENCE ,  ANDERSON ANDREW ,  UHLIG RICHARD ,  KOZUCH MICHAEL ,  GLEW ANDY

Inventor： NEIGER GILBERT NEIGER ,  BENNETT STEVEN ,  COTA-ROBLES ERIK ,  SCHOENBERG SEBASTIAN ,  HALL CLIFFORD ,  RODGERS DION ,  SMITH LAWRENCE ,  ANDERSON ANDREW ,  UHLIG RICHARD ,  KOZUCH MICHAEL ,  GLEW ANDY

IPC: G06F9/455

CPC classification number: G06F9/45558

Abstract: In one embodiment, a method includes transitioning control to a virtual machine (VM) from a virtual machine monitor (VMM), determining that a VMM timer indicator is set to an enabling value, and identifying a VMM timer value configured by the VMM. The method further includes periodically comparing a current value of a timing source with the VMM timer value, generating an internal event if the current value of the timing source has reached the VMM timer value, and transitioning control to the VMM in response to the internal event without incurring an event handling procedure in any one of the VMM and the VM.

Abstract translation: 在一个实施例中，一种方法包括将控制从虚拟机监视器（VMM）转移到虚拟机（VM），确定VMM定时器指示符被设置为启用值，并且识别由VMM配置的VMM定时器值。 该方法还包括周期性地将定时源的当前值与VMM定时器值进行比较，如果定时源的当前值已经达到VMM定时器值，则生成内部事件，并且响应于内部事件将控制转换到VMM 而不会在VMM和VM中的任何一个中引发事件处理过程。

公开(公告)号：WO2007038031A3

公开(公告)日：2007-06-07

申请号：PCT/US2006036151

申请日：2006-09-14

Applicant: INTEL CORP ,  BRICKELL ERNIE ,  HALL CLIFFORD

Inventor： BRICKELL ERNIE ,  HALL CLIFFORD

IPC: G06F21/02

CPC classification number: G06F21/725

Abstract: Providing trusted time in a computing platform, while still supporting privacy, may be accomplished by having a trusted time device provide the trusted time to an application executing on the computing platform. The trusted time device may be reset by determining if a value in a trusted time random number register has been set, and if not, waiting a period of time, generating a new random number, and storing the new random number in the trusted time random number register. The trusted time random number register is set to zero whenever electrical power is first applied to the trusted time device upon power up of the computing platform, and whenever a battery powering the trusted time device is removed and reconnected. By keeping the size of the trusted time random number register relatively small, and waiting the specified period of time, attacks on the computing platform to determine the trusted time may be minimized, while deterring the computing platform from being uniquely identified.

Abstract translation: 在支持隐私的同时，在计算平台中提供可信时间可以通过使可信时间设备向在计算平台上执行的应用程序提供可信时间来实现。 信任时间设备可以通过确定可信时间随机数寄存器中的值是否已经被设置而被重置，如果不是，则等待一段时间，生成新的随机数，并将新的随机数存储在可信时间随机 数字寄存器。 无论何时在计算平台上电时首次对可信时间设备施加电力，并且每当为可信时间设备供电的电池被去除并重新连接时，信任时间随机数寄存器将被设置为零。 通过保持可信时间随机数寄存器的大小相对较小，并且等待指定的时间段，可以最小化计算平台上的攻击以确定可信时间，同时阻止计算平台被唯一标识。

公开(公告)号：WO2006069130A2

公开(公告)日：2006-06-29

申请号：PCT/US2005046303

申请日：2005-12-20

Applicant: INTEL CORP ,  BAXTER BRENT ,  SETHI PRASHANT ,  HALL CLIFFORD ,  CLIFFORD WILLIAM

Inventor： BAXTER BRENT ,  SETHI PRASHANT ,  HALL CLIFFORD ,  CLIFFORD WILLIAM

CPC classification number: G06F12/1072

Abstract: A method and apparatus for matching parent processor address translations to media processors' address translations and providing concurrent memory access to a plurality of media processors through separate translation table information. In particular, a page directory for a given media application is copied to a media processor's page directory when the media application allocates memory that is to be shared by a media application running on the parent processor and media processors.

Abstract translation: 一种用于将父处理器地址转换与媒体处理器的地址转换进行匹配并通过单独的转换表信息向多个媒体处理器提供并行存储器存取的方法和装置。 具体地说，当媒体应用程序分配将由父处理器和媒体处理器上运行的媒体应用程序共享的存储器时，给定媒体应用程序的页面目录被复制到媒体处理器的页面目录。

公开(公告)号：WO2006025952A2

公开(公告)日：2006-03-09

申请号：PCT/US2005024486

申请日：2005-07-08

Applicant: INTEL CORP ,  BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

Inventor： BRICKELL ERNEST ,  SUTTON JAMES II ,  HALL CLIFFORD ,  GRAWROCK DAVID

CPC classification number: H04L63/062 ,  G06F21/57 ,  G06F21/73 ,  H04L9/0841 ,  H04L63/0853 ,  H04L2209/125

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo­random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a removable storage medium (such as a CD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the removable storage medium. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

Abstract translation: 将直接证明私钥提供给安装在该领域中的客户端计算机系统中的设备可以以安全的方式来实现，而不需要设备中的显着的非易失性存储。 在制造时产生并存储在设备中的唯一伪随机值。 伪随机值用于生成用于加密持有直接证明私钥和与该设备相关联的私钥摘要的数据结构的对称密钥。 所得到的加密数据结构存储在可移动存储介质（例如CD）上，并被分发给客户端计算机系统的所有者。 当在客户端计算机系统上初始化设备时，系统会检查系统中是否存在本地化的加密数据结构。 如果不是，系统从可移动存储介质中获得相关联的加密数据结构。 设备使用从其存储的伪随机值重新生成的对称密钥来解密加密数据结构，以获得直接证明私钥。 如果私钥有效，则可以用于客户端计算机系统中的设备的后续认证处理。

公开(公告)号：GB2430127B

公开(公告)日：2008-12-31

申请号：GB0700524

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/30 ,  H04L9/08

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-line server accessible by the client computer system.

公开(公告)号：GB2430127A

公开(公告)日：2007-03-14

申请号：GB0700524

申请日：2005-07-08

Applicant: INTEL CORP

Inventor： SUTTON JAMES II ,  BRICKELL ERNEST ,  HALL CLIFFORD ,  GRAWROCK DAVID

IPC: H04L9/30 ,  H04L9/08

Abstract: Delivering a Direct Proof private key to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored in the device at manufacturing time. The pseudorandom value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored on a protected on-liner server accessible by the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated encrypted data structure from the protected on-line server using a secure protocol. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.

公开(公告)号：AT374971T

公开(公告)日：2007-10-15

申请号：AT02753534

申请日：2002-08-23

Applicant: INTEL CORP

Inventor： AJANOVIC JASMIN ,  HARRIMAN DAVID ,  CAMPBELL RANDOLPH ,  VARGAS JOSE ,  HALL CLIFFORD ,  SETHI PRASHANT ,  PAWLOWSKI STEVE

IPC: G06F13/12 ,  G06F3/00 ,  G06F13/00 ,  G06F13/14 ,  G06F13/24 ,  H04L1/18 ,  H04L47/30

Abstract: A storage device is provided to maintain a count of flow control credits to be granted to a device in association with transactions over a channel to be implemented on a data link and control logic is provided to communicate, to the device, an indication of an amount of flow control credits for the device in association with a reset of the data link.