-
公开(公告)号:WO2014004151A3
公开(公告)日:2014-03-13
申请号:PCT/US2013046169
申请日:2013-06-17
Applicant: INTEL CORP , HILDESHEIM GUR , RAIKIN SHLOMO , ANATI ITTAI , GERZON GIDEON , SAVAGAONKAR UDAY , MCKEEN FRANCIS , ROZAS CARLOS , GOLDSMITH MICHAEL , DEWAN PRASHANT
Inventor: HILDESHEIM GUR , RAIKIN SHLOMO , ANATI ITTAI , GERZON GIDEON , SAVAGAONKAR UDAY , MCKEEN FRANCIS , ROZAS CARLOS , GOLDSMITH MICHAEL , DEWAN PRASHANT
IPC: G06F12/08
CPC classification number: G06F12/109 , G06F12/0284 , G06F12/1036 , G06F2212/656 , G06F2212/657
Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.
Abstract translation: 公开了包括虚拟地址存储器范围寄存器的装置和方法的实施例。 在一个实施例中,处理器包括存储器接口,地址转换硬件和虚拟存储器地址比较硬件。 存储器接口使用物理存储器地址访问系统存储器。 地址转换硬件支持将虚拟存储器地址转换为物理存储器地址。 虚拟内存地址被软件用来访问处理器的虚拟内存地址空间中的虚拟内存位置。 虚拟内存地址比较硬件用于确定虚拟内存地址是否在虚拟内存地址范围内。
-
2.发明申请CONTROLLING ACCESS TO MULTIPLE ISOLATED MEMORIES IN AN ISOLATED EXECUTION ENVIRONMENT 审中-公开控制在隔离执行环境中访问多个隔离的记忆
公开(公告)号:WO0206929A2
公开(公告)日:2002-01-24
申请号:PCT/US0122027
申请日:2001-07-13
Applicant: INTEL CORP
Inventor: GOLLIVER ROGER , SUTTON JAMES II , LIN DERRICK , THAKKAR SHREEKANT , NEIGER GILBERT , MCKEEN FRANCIS , HERBERT HOWARD , RENERIS KENNETH , ELLISON CARL
CPC classification number: G06F12/1475
Abstract: The present invention provides a method, apparatus, and system for controlling memory accesses to multiple isolated memory areas in an isolated execution environment. A page manager is used to distribute a plurality of pages to a plurality of different areas of a memory, respectively. The memory is divided into non-isolated areas and isolated areas. The page manager is located in an isolated area of memory. Further, a memory ownership page table describes each page of memory and is also located in an isolated area of memory. The page manager assigns an isolated attribute to a page if the page is distributed to an isolated are of memory. On the other hand, the page manager assigns a non-isolated attribute to a page if the page is distributed to a non-isolated area of memory. The memory ownership page table records the attribute for each page. In one embodiment, a processor having a normal execution mode and an isolated execution mode generates an access transaction. The access transaction is configured using a configuration storage that contains configuration settings related to a page and access information. An access checking circuit coupled to the configuration settings and the access information and generates an access grant signal if the access transaction is valid.
Abstract translation: 本发明提供一种用于控制对隔离执行环境中的多个隔离存储器区域的存储器访问的方法,装置和系统。 页面管理器用于分别将多个页面分发到存储器的多个不同区域。 记忆分为非隔离区和隔离区。 页面管理器位于隔离区内。 此外,存储器所有权页表描述了存储器的每一页,并且还位于存储器的隔离区域中。 页面管理器将分离的属性分配给页面,如果页面分发到隔离的内存。 另一方面,如果页面被分发到存储器的非隔离区域,则页面管理器将非隔离属性分配给页面。 内存所有权页表记录每个页面的属性。 在一个实施例中,具有正常执行模式和隔离执行模式的处理器生成访问事务。 访问事务使用包含与页面和访问信息相关的配置设置的配置存储进行配置。 访问检查电路,其耦合到配置设置和访问信息,并且如果访问事务有效则生成访问许可信号。
-
3.发明专利
公开(公告)号:GB2515611A
公开(公告)日:2014-12-31
申请号:GB201405732
申请日:2014-03-31
Applicant: INTEL CORP
Inventor: ROZAS CARLOS V , ALEXANDROVICH ILYA , ANATI ITTAI , BERENZON ALEX , GOLDSMITH MICHAEL A , HUNTLEY BARRY E , IVANOV ANTON , JOHNSON SIMON P , LESLIE-HURD REBEKAH M , MCKEEN FRANCIS , NEIGER GILBERT , RAPPOPORT RINAT , RODGERS SCOTT , SAVAGAONKAR UDAY R , SCARLATA VINCENT R , SHANBHOGUE VEDVYAS , SMITH WESLEY H , WOOD WILLIAM COLIN
Abstract: A processor has multiple hardware threads and an enclave page cache. The processor has a first instruction to prevent new address translations being created. This instruction takes the address of a page in a secure enclave as a as a parameter. It prevents new entries being made in a translation look-aside buffer for that page. The processor has a second instruction to record the threads accessing an enclave. This instruction specifies the enclave identifier as a parameter and records the number of hardware threads accessing the enclave. The number is decremented whenever a thread exits the enclave. The processor has a third instruction to evict a page from an enclave page cache. The instruction takes the page address to evict as a parameter. It writes the page back to memory if the number of threads accessing the enclave is zero.
-
公开(公告)号:DE112004002209T5
公开(公告)日:2006-10-12
申请号:DE112004002209
申请日:2004-11-10
Applicant: INTEL CORP
Inventor: BAJIKAR SUNDEEP , GIRARD LUKE , REDDY RAMGOPAL , MCKEEN FRANCIS , SILVESTER KELAN
Abstract: An approach for providing Subscriber Identity Module (SIM) capabilities in an open platform without the need for a discrete, physical SIM device. For one aspect, a computing system provides for secure provisioning of SIM data and algorithms, for example, protected storage of SIM secret data objects, and protected execution of SIM algorithms that provide for Authentication, Authorization and Accounting (AAA) capabilities currently associated with discrete hardware SIM devices.
-
公开(公告)号:EP3213250A4
公开(公告)日:2018-06-20
申请号:EP15854843
申请日:2015-10-01
Applicant: INTEL CORP
Inventor: MCKEEN FRANCIS , SCARLATA VINCENT , ROZAS CARLOS , ANATI ITTAI , SHANBHOGUE VEDVYAS
CPC classification number: G06F12/1416 , G06F9/4418 , G06F12/0804 , G06F12/0875 , G06F12/1408 , G06F12/1441 , G06F21/53 , G06F2212/1016 , G06F2212/1028 , G06F2212/1052 , G06F2212/152 , G06F2212/452 , Y02D10/13
Abstract: Embodiments of an invention for maintaining a secure processing environment across power cycles are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to evict a root version array page entry from a secure cache. The execution unit is to execute the instruction. Execution of the instruction includes generating a blob to contain information to maintain a secure processing environment across a power cycle and storing the blob in a non-volatile memory.
-
Patent Agency Ranking
公开(公告)号:PL4020156T3
公开(公告)日:2025-02-24
申请号:PL21197114
申请日:2021-09-16
Applicant: INTEL CORP
-
公开(公告)号:ES2781826T3
公开(公告)日:2020-09-08
申请号:ES14194144
申请日:2014-11-20
Applicant: INTEL CORP
Inventor: JOHNSON SIMON , MCKEEN FRANCIS , SCARLATA VINCENT , ROZAS CARLOS , SAVAGAONKAR UDAY , GOLDSMITH MICHAEL , BRICKELL ERNIE
Abstract: Un procesador (200) que comprende: una unidad de instrucción (214) para recibir una primera instrucción, en donde la primera instrucción es inicializar un enclave seguro, y en donde la primera instrucción también incluye establecer un bit de atributo específico de funcionalidad para el enclave seguro; y una unidad de ejecución (270) para ejecutar la primera instrucción, en donde la ejecución de la primera instrucción incluye verificar que una clave de estructura de firma coincida con una clave digital (216) incorporada en el procesador para permitir que el software que se ejecuta dentro del enclave seguro utilice software o hardware para realizar una función fuera del enclave seguro; y en donde la unidad de instrucción (214) sirve también para recibir una segunda instrucción desde dentro del enclave seguro, y la unidad de ejecución (270) sirve para ejecutar la segunda instrucción, en donde la ejecución de la segunda instrucción incluye proporcionar una clave específica de funcionalidad si se activa el bit de atributo específico de funcionalidad.
-
公开(公告)号:DE10196440T5
公开(公告)日:2004-04-29
申请号:DE10196440
申请日:2001-07-13
Applicant: INTEL CORP
Inventor: GOLLIVER ROGER , SUTTON II JAMES , LIN DERRICK , THAKKAR SHREEKANT , NEIGER GILBERT , MCKEEN FRANCIS , HERBERT HOWARD , RENERIS KENNETH , ELLISON CARL
-
公开(公告)号:DE102018126731A1
公开(公告)日:2019-06-27
申请号:DE102018126731
申请日:2018-10-26
Applicant: INTEL CORP
Inventor: ROZAS CARLOS , ANATI ITTAI , MCKEEN FRANCIS , ZMUDZINSKI KRYSTOF , ALEXANDROVICH ILYA , CHAKRABARTI SOMNATH , CASPI DROR , OZSOY MELTEM
IPC: G06F12/14
Abstract: Eine sichere Enklavenschaltung speichert eine Enklave-Page-Cache-Map, um Inhalte einer sicheren Enklave in Systemspeicher zu verfolgen, der sichere Daten speichert, die eine Seite mit einer virtuellen Adresse umfassen. Eine Ausführungseinheit soll, als Reaktion auf eine Anforderung, die Seite von der sicheren Enklave zu räumen: die Erzeugung von Übersetzungen der virtuellen Adresse blocken; einen oder mehrere aktuell auf die sicheren Daten in der sicheren Enklave zugreifende Hardware-Threads aufzeichnen; einen Inter-Processor-Interrupt an einen oder mehrere dem einen oder den mehreren Hardware-Threads zugeordnete Kerne senden, um den einen oder die mehreren Hardware-Threads dazu zu veranlassen, die sichere Enklave zu verlassen und Translation-Lookaside-Buffer des einen oder der mehreren Kerne zu leeren; und als Reaktion auf das Erkennen eines der virtuellen Adresse für die Seite in der sicheren Enklave zugeordneten Seitenfehlers, die Erzeugung von Übersetzungen der virtuellen Adresse freigeben.
-
公开(公告)号:DE102006015106A1
公开(公告)日:2006-11-09
申请号:DE102006015106
申请日:2006-03-31
Applicant: INTEL CORP
Inventor: MCKEEN FRANCIS , CHENG ANTONIO
IPC: G06F12/14
Abstract: In one embodiment, the present invention provides for extended memory protection for memory of a system. The embodiment includes a method for associating a protection indicator of a protection record maintained outside of an application's data space with a memory location, and preventing access to the memory location based on the status of the protection indicator. In such manner, more secure operation is provided, as malicious code or other malware is prevented from accessing protected memory locations. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
19
records
(took 0.023 seconds)
