公开(公告)号：KR20100109485A

公开(公告)日：2010-10-08

申请号：KR20100028392

申请日：2010-03-30

Applicant: INTEL CORP

Inventor： KHOSRAVI HORMUZD M ,  GOKULRANGAN VENKAT R ,  RASHEED YASSER ,  LONG MEN

IPC: G06F21/20 ,  G06F9/44 ,  G06F13/14

CPC classification number: G06F21/561 ,  G06F21/51 ,  G06F21/56 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/034 ,  G06F2221/2101 ,  G06F2221/2105

Abstract: PURPOSE: A platform based verification of contents of input/output devices for deleting an infected part is provided to supply an alarm about the infected parts by verifying the contents of I/O device. CONSTITUTION: A platform hardware receives an interruption from I/O(Input/Output) device(210). The platform hardware detects the contents of the I/O device before the contents of the I/O device is exposed to a host OS(Operating System)(250). If there are the infected parts, the platform hardware offers the emergency signal to a user or the platform hardware deletes the infected parts(280).

Abstract translation: 目的：通过验证输入/输出设备内容的删除感染部分的基于平台的验证，通过验证I / O设备的内容来提供有关感染部位的警报。 构成：平台硬件从I / O（输入/输出）设备（210）接收中断。 平台硬件在将I / O设备的内容暴露给主机OS（操作系统）（250）之前检测I / O设备的内容。 如果有感染部分，平台硬件向用户提供紧急信号，或者平台硬件会删除受感染部分（280）。

公开(公告)号：JP2012182812A

公开(公告)日：2012-09-20

申请号：JP2012096711

申请日：2012-04-20

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： KOLAR SUNDER DIVYA NAIDU ,  DEWAN PRASHANT ,  LONG MEN

IPC: H04L9/08 ,  G06F21/20

CPC classification number: H04L63/0435 ,  H04L9/083 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/20

Abstract: PROBLEM TO BE SOLVED: To provide a method, a device, and a system, which can continuously and dynamically distribute symmetric keys from a dedicated key distribution server to each client on the Internet.SOLUTION: A method comprises: a step for receiving measured health information from a client 100 on a key distribution server 124; a step for validating the measured health information on the server; a step for sending a session key to the client on the server when the measured health information is validated; and a step for initiating encrypted and authenticated connection with an application server 106 in a domain 102 using the session key, on the client, when the client receives the session key.

Abstract translation: 要解决的问题：提供一种方法，设备和系统，其可以将专用密钥分发服务器中的对称密钥连续且动态地分发到因特网上的每个客户端。 解决方案：一种方法，包括：从密钥分发服务器124上的客户端100接收测量的健康信息的步骤; 验证服务器上测得的健康信息的步骤; 当测量的健康信息被验证时，将会话密钥发送到服务器上的客户端的步骤; 以及当客户端接收到会话密钥时，在客户端上使用会话密钥发起与域102中的应用服务器106的加密和认证连接的步骤。 版权所有（C）2012，JPO＆INPIT

公开(公告)号：JP2010157998A

公开(公告)日：2010-07-15

申请号：JP2009271249

申请日：2009-11-30

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： LONG MEN ,  WALKER JESSE ,  GREWAL KARANVIR

IPC: H04L9/08

CPC classification number: H04L9/0866 ,  H04L9/0631 ,  H04L63/0428 ,  H04L63/06 ,  H04L2209/125

Abstract: PROBLEM TO BE SOLVED: To construct a system for achieving both end-to-end security and traffic visibility. SOLUTION: Both end-to-end security and traffic visibility can be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes derivation key to information technology monitoring devices and a server to provide traffic visibility. Furthermore, a client key and a client identifier can also be used so that end-to-end security can be achieved. COPYRIGHT: (C)2010,JPO&INPIT

Abstract translation: 要解决的问题：构建实现端到端安全性和流量可视性的系统。 解决方案：可以通过使用控制器的系统来实现端到端安全性和流量可视性，该控制器基于导出密钥和每个数据中传达的客户端标识符来导出每个客户端不同的加密密钥 包。 控制器将派生密钥分配给信息技术监控设备和服务器，以提供流量可视性。 此外，还可以使用客户端密钥和客户端标识符，以便可以实现端到端的安全性。 版权所有（C）2010，JPO＆INPIT

公开(公告)号：JP2010244536A

公开(公告)日：2010-10-28

申请号：JP2010074573

申请日：2010-03-29

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： KHOSRAVI HORMUZD M ,  GOKULRANGAN VENKAT R ,  RASHEED YASSER ,  LONG MEN

IPC: G06F21/22

CPC classification number: G06F21/561 ,  G06F21/51 ,  G06F21/56 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/034 ,  G06F2221/2101 ,  G06F2221/2105

Abstract: PROBLEM TO BE SOLVED: To delete a file infected with malware/worm/virus of an input-output device. SOLUTION: A platform includes platform hardware 150, which may verify the contents of the I/O device 190-N. The platform hardware 150 may include components such as a manageability engine 340 and a verification engine that are used to verify the contents of the I/O 190-N device even before the contents of the I/O device 190-N are exposed to an operating system 120 supported by a host. The platform components may delete the infected portions of the contents of I/O device 190-N if the verification process indicates that the contents of the I/O device 190-N include the infected portions. COPYRIGHT: (C)2011,JPO&INPIT

Abstract translation: 要解决的问题：删除感染恶意软件/蠕虫/病毒的输入输出设备的文件。 解决方案：平台包括平台硬件150，其可以验证I / O设备190-N的内容。 平台硬件150可以包括即使在I / O设备190-N的内容暴露于I / O设备190-N之前用于验证I / O 190-N设备的内容的诸如可管理性引擎340和验证引擎的组件 由主机支持的操作系统120。 如果验证过程指示I / O设备190-N的内容包括感染部分，则平台组件可以删除I / O设备190-N的内容的感染部分。 版权所有（C）2011，JPO＆INPIT

公开(公告)号：JP2009153111A

公开(公告)日：2009-07-09

申请号：JP2008284424

申请日：2008-11-05

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： LONG MEN ,  WALKER JESSE ,  DURHAM DAVID ,  MILLIER MARC ,  GREWAL KARANVIR ,  DEWAN PRASHANT ,  SAVAGAONKAR UDAY ,  WILLIAMS STEVEN D

IPC: H04L9/14

CPC classification number: H04L63/0428 ,  H04L9/0631 ,  H04L9/3242 ,  H04L63/08 ,  H04L63/1466 ,  H04L63/168 ,  H04L2209/12 ,  H04L2209/38

Abstract: PROBLEM TO BE SOLVED: To achieve end-to-end security with traffic visibility. SOLUTION: A combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag by using an authentication key, in parallel with the generation of the cipher text using an encryption key, where the authentication key and the encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in an AES-GMAC mode. Using a two key, single-pass combined mode algorithm preserves network performance by using a limited number of HW gates, while allowing an intermediate device to access to the encryption key for deciphering the data, without having to provide to that device the ability to compromise data integrity, which is preserved between the end to end devices. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：实现交通可见性的端到端安全。 解决方案：组合加密认证单元包括密码单元和与密码单元并行耦合的认证单元，并且通过使用认证密钥与使用加密的密文的生成并行地生成认证标签 密钥，其中认证密钥和加密密钥具有不同的密钥值。 在各种实施例中，密码单元以AES计数器模式工作，并且认证单元以AES-GMAC模式并行操作。 使用双键单通组合模式算法通过使用有限数量的HW门来保留网络性能，同时允许中间设备访问加密密钥来解密数据，而不必向该设备提供妥协的能力 数据完整性，保留在端到端设备之间。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：JP2009147927A

公开(公告)日：2009-07-02

申请号：JP2008307458

申请日：2008-12-02

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： KOLAR SUNDER DIVYA NAIDU ,  DEWAN PRASHANT ,  LONG MEN

IPC: H04L9/08 ,  G06F21/20 ,  H04L9/32

CPC classification number: H04L63/0435 ,  H04L9/083 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/20

Abstract: PROBLEM TO BE SOLVED: To provide a method, device and system, which can continuously and dynamically distributes symmetric keys from a dedicated key distribution server to clients across the Internet. SOLUTION: The disclosed method includes the steps of: receiving measured health information from a client on a key distribution server; validating the measured health information on the server; sending a session key to the client on the server when the measured health information is validated; and on a client, when the client receives the session key, initiating an encrypted and authenticated connection with an application server in the domain using the session key. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：提供一种方法，设备和系统，其可以将来自专用密钥分发服务器的对称密钥连续且动态地分布到互联网上的客户端。 解决方案：所公开的方法包括以下步骤：从密钥分发服务器上的客户端接收测量的健康信息; 验证服务器上测得的健康信息; 当测量的健康信息被验证时，在服务器上向客户端发送会话密钥; 并且在客户端上，当客户端接收会话密钥时，使用会话密钥发起与域中的应用服务器的加密和认证的连接。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：WO2015112224A3

公开(公告)日：2015-09-24

申请号：PCT/US2014063986

申请日：2014-11-05

Applicant: INTEL CORP

Inventor： DURHAM DAVID M ,  LONG MEN

IPC: G06F12/14 ,  G06F12/06

CPC classification number: H04L9/0618 ,  G06F11/1068 ,  G06F12/0868 ,  G06F12/1408 ,  G06F21/554 ,  G06F21/602 ,  G06F21/64 ,  G06F2212/1021 ,  G06F2212/1052 ,  G11C29/52 ,  G11C2029/1804 ,  G11C2029/3602 ,  H04L9/0637 ,  H04L9/3239 ,  H04L9/3242 ,  H04L9/3247 ,  Y02D10/13

Abstract: Systems and methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.

Abstract translation: 系统和方法可以提供用于识别包括多个比特的未加密数据，其中未加密数据可以被加密并存储在存储器中。 另外，可以确定未加密的数据是否包括多个比特的随机分布。 例如，当未加密的数据包括多个比特的随机分布时，可以实现完整性动作。

公开(公告)号：WO2011094096A3

公开(公告)日：2011-12-01

申请号：PCT/US2011021627

申请日：2011-01-19

Applicant: INTEL CORP ,  LONG MEN ,  GREWAL KARANVIR S

Inventor： LONG MEN ,  GREWAL KARANVIR S

IPC: H04L9/14 ,  G06F21/20

CPC classification number: H04L9/0827 ,  H04L9/0838 ,  H04L9/14 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/06 ,  H04L2209/60 ,  H04L2209/76

Abstract: An embodiment may include circuitry to establish, at least in part, a secure communication channel between, at least in part, a client in a first domain and a server in a second domain. The channel may include a first and second domain sessions in the first and second domains. The circuitry may generate first and second domain session keys that may encrypt, at least in part, respectively, the first and second domain sessions. The first domain session key may be generated based upon a first domain key assigned to the first domain and a first data set associated with the first domain session. The second domain session key may be generated based upon a second domain key assigned to the second domain and a second data set associated with the second domain session.

Abstract translation: 实施例可以包括至少部分地在至少部分地建立第一域中的客户端和第二域中的服务器之间的安全通信信道的电路。 频道可以包括第一和第二域中的第一和第二域会话。 电路可以产生可以分别至少部分地加密第一和第二域会话的第一和第二域会话密钥。 可以基于分配给第一域的第一域密钥和与第一域会话相关联的第一数据集来生成第一域会话密钥。 可以基于分配给第二域的第二域密钥和与第二域会话相关联的第二数据集来生成第二域会话密钥。

公开(公告)号：AT531177T

公开(公告)日：2011-11-15

申请号：AT08253837

申请日：2008-11-28

Applicant: INTEL CORP

Inventor： KOLAR SUNDER DIVYA NAIDU ,  DEWAN PRASHANT ,  LONG MEN

IPC: H04L29/06 ,  G06F21/00

公开(公告)号：GB2511975A

公开(公告)日：2014-09-17

申请号：GB201410920

申请日：2011-12-21

Applicant: INTEL CORP

Inventor： SASTRY MANOJ R ,  SCHOINAS IOANNIS T ,  TOEPFER ROBERT J ,  TRIVEDI ALPA T NARENDRA ,  LONG MEN

IPC: G06F13/14 ,  G06F21/76

Abstract: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.