公开(公告)号：JP2009151790A

公开(公告)日：2009-07-09

申请号：JP2008322656

申请日：2008-12-18

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： ELDAR AVIGDOR ,  HERBERT HOWARD C ,  GOEL PURUSHOTTAM ,  BLUMENTHAL URI ,  HINES DAVID ,  SMITH CAREY

IPC: G06F21/20 ,  G09C1/00

CPC classification number: H04L41/0869 ,  H04L41/046 ,  H04L41/0806

Abstract: PROBLEM TO BE SOLVED: To provide provisioning of an active management technology AMT in a computer system. SOLUTION: This active management technology AMT may be automatically provisioned in a client device, which may provide the secure connection between a provisioning server and the client device. The client device having the active management technology may support zero-touch provisioning and one-touch provisioning. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：在计算机系统中提供主动管理技术AMT。 解决方案：这种主动管理技术AMT可以在客户端设备中自动配置，这可以提供配置服务器和客户端设备之间的安全连接。 具有主动管理技术的客户端设备可以支持零接触供应和一键供应。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：WO0175563A3

公开(公告)日：2002-05-23

申请号：PCT/US0108365

申请日：2001-03-14

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

CPC classification number: G06F21/53 ,  G06F21/57 ,  G06F2221/2101 ,  G06F2221/2105

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

Abstract translation: 本发明是一种用于生成在受保护平台的隔离执行环境中使用的密钥层级的方法，装置和系统。 为了将秘密绑定到在隔离执行中操作的特定代码，使用包括用于标准对称密码的一系列对称密钥的密钥层次。 受保护平台包括被配置为正常执行模式和隔离执行模式之一的处理器。 密钥存储存储该平台独有的初始密钥。 位于受保护平台中的加密密钥创建者基于初始密钥创建密钥的层次结构。 密码密钥创建者创建一系列对称密钥，以保护加载的软件代码的秘密。

公开(公告)号：WO2010057065A3

公开(公告)日：2010-08-19

申请号：PCT/US2009064493

申请日：2009-11-14

Applicant: INTEL CORP ,  MCKEEN FRANK ,  SAVAGAONKAR UDAY ,  ROZAS CARLOS V ,  GOLDSMITH MICHAEL A ,  HERBERT HOWARD C ,  ALTMAN ASHER ,  GRAUNKE GARY ,  DURHAM DAVID ,  JOHNSON SIMON P ,  KOUNAVIS MICHAEL E ,  SCARLATA VINCENT R ,  CIHULA JOSEPH ,  JEYASINGH STALINSELVARAJ ,  LINT BERNARD ,  NEIGER GIL ,  RODGERS DION ,  BRICKELL ERNIE ,  LI JIANGUO

Inventor： MCKEEN FRANK ,  SAVAGAONKAR UDAY ,  ROZAS CARLOS V ,  GOLDSMITH MICHAEL A ,  HERBERT HOWARD C ,  ALTMAN ASHER ,  GRAUNKE GARY ,  DURHAM DAVID ,  JOHNSON SIMON P ,  KOUNAVIS MICHAEL E ,  SCARLATA VINCENT R ,  CIHULA JOSEPH ,  JEYASINGH STALINSELVARAJ ,  LINT BERNARD ,  NEIGER GIL ,  RODGERS DION ,  BRICKELL ERNIE ,  LI JIANGUO

IPC: G06F3/06 ,  G06F9/06 ,  G06F9/44 ,  G06F21/56

CPC classification number: G06F9/30043 ,  G06F9/30032 ,  G06F21/56

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract translation: 一种在计算机系统内实现安全应用程序和数据完整性的技术。 在一个实施例中，建立一个或多个安全区域，其中可以存储和执行应用程序和数据。

公开(公告)号：WO0175564A3

公开(公告)日：2003-01-16

申请号：PCT/US0108891

申请日：2001-03-21

Applicant: INTEL CORP ,  HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

CPC classification number: G06F21/305 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/35 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2105 ,  G06F2221/2149

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

Abstract translation: 在一个实施例中，用于特殊操作模式的远程证明的方法。 该方法包括将审核日志存储在平台的受保护的存储器内。 审计日志是表示加载到平台中的多个IsoX软件模块中的每一个的数据的列表。 响应于从远程位置的平台接收远程认证请求，从受保护的内存中检索审核日志。 然后，检索的审核日志进行数字签名，以产生数字签名，以转移到位于远程的平台。

公开(公告)号：WO0175565A3

公开(公告)日：2002-06-27

申请号：PCT/US0109371

申请日：2001-03-23

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F9/46 ,  G06F1/00 ,  G06F9/48 ,  G06F21/00

CPC classification number: G06F21/53 ,  G06F2221/2105

Abstract: A technique is provided to execute isolated instructions according to an embodiment of the present invention. An execution unit executes an isolated instruction in a processor operating in a platform. The processor is configured in one of a normal execution mode and an isolated execution mode. A parameter storage containing at least one parameter to support execution of the isolated instruction when the processor is configured in the isolated execution mode.

Abstract translation: 提供了根据本发明的实施例的执行隔离指令的技术。 执行单元在平台中操作的处理器中执行隔离指令。 处理器配置为正常执行模式和隔离执行模式之一。 当处理器被配置为隔离执行模式时，包含至少一个参数以支持执行隔离指令的参数存储器。

公开(公告)号：WO2011078855A1

公开(公告)日：2011-06-30

申请号：PCT/US2009069212

申请日：2009-12-22

Applicant: INTEL CORP ,  MCKEEN FRANCIS X ,  ROZAS CARLOS V ,  SAVAGANKAR UDAY R ,  JOHNSON SIMON P ,  SCARLATA VINCENT R ,  GOLDSMITH MICHAEL A ,  BRICKELL ERNIE ,  LI JIANGTAO ,  HERBERT HOWARD C ,  DEWAN PRASHANT ,  TOLOPKA STEPHEN J ,  NEIGER GILBERT ,  DURHAM DAVID ,  GRAUNKE GARY ,  LINT BERNARD ,  VAN DYKE DON A ,  CIHULA JOSEPH ,  JEYASINGH STALINSELVARAJ ,  VAN DOREN STEPHEN R ,  RODGERS DION ,  GARNEY JOHN

Inventor： MCKEEN FRANCIS X ,  ROZAS CARLOS V ,  SAVAGANKAR UDAY R ,  JOHNSON SIMON P ,  SCARLATA VINCENT R ,  GOLDSMITH MICHAEL A ,  BRICKELL ERNIE ,  LI JIANGTAO ,  HERBERT HOWARD C ,  DEWAN PRASHANT ,  TOLOPKA STEPHEN J ,  NEIGER GILBERT ,  DURHAM DAVID ,  GRAUNKE GARY ,  LINT BERNARD ,  VAN DYKE DON A ,  CIHULA JOSEPH ,  JEYASINGH STALINSELVARAJ ,  VAN DOREN STEPHEN R ,  RODGERS DION ,  GARNEY JOHN

IPC: G06F9/44 ,  G06F12/02 ,  G06F13/14 ,  G06F21/72 ,  G06F21/74

CPC classification number: G06F12/1491 ,  G06F12/0802 ,  G06F12/10 ,  G06F21/72 ,  G06F21/74 ,  G06F2221/2105

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract translation: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中，建立一个或多个安全空间，其中可以存储和执行应用和数据。

公开(公告)号：WO0175595A3

公开(公告)日：2002-07-25

申请号：PCT/US0108374

申请日：2001-03-14

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/00 ,  G06F12/14

CPC classification number: G06F21/53 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/567 ,  G06F21/71 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2145

Abstract: An access transaction generated by a processor is configured using a configuration storage containing a configuration setting. The processor has a normal execution mode and an isolated execution mode. The access transaction has access information. Access to the configuration storage is controlled. An access grant signal is generated using the configuration setting and the access information. The access grant signal indicates if the access transaction is valid.

Abstract translation: 使用包含配置设置的配置存储来配置由处理器生成的访问事务。 处理器具有正常执行模式和隔离执行模式。 访问事务具有访问信息。 控制对配置存储的访问。 使用配置设置和访问信息生成访问许可信号。 访问许可信号指示访问事务是否有效。

公开(公告)号：DE10196007B4

公开(公告)日：2010-08-12

申请号：DE10196007

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

公开(公告)号：DE10196006T1

公开(公告)日：2003-04-03

申请号：DE10196006

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

公开(公告)号：GB2378794A

公开(公告)日：2003-02-19

申请号：GB0225043

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.