公开(公告)号：JP2011010277A

公开(公告)日：2011-01-13

申请号：JP2010092556

申请日：2010-04-13

Applicant: Intel Corp ,  インテル・コーポレーション

Inventor： NEMIROFF DANIEL

IPC: H04L9/08

CPC classification number: H04L9/0869 ,  G06F7/582 ,  G06F7/588 ,  H04L9/0662 ,  H04L9/0861 ,  H04L9/3249 ,  H04L2209/24 ,  H04L2209/72

Abstract: PROBLEM TO BE SOLVED: To reduce cost by providing a function of re-generating one or more specific cryptographic keys, since an information processing system uses one or more cryptographic keys to encrypt/decrypt information, but when these keys are large keys (e.g., a pair of RSA keys of 2,048 bits), storage of the keys in a storage device increases the cost per system.SOLUTION: A method of cryptographic key generation makes use of a stored input value and a stored count value. A processor 100 includes a nonvolatile storage 140 storing an input value and a counted value, and a logic 122 to generate a cryptographic key, based on the stored input value and the stored counted value, and generates the cryptographic key.

Abstract translation: 要解决的问题：为了通过提供重新生成一个或多个特定加密密钥的功能来降低成本，由于信息处理系统使用一个或多个加密密钥来加密/解密信息，而是当这些密钥是大密钥（例如， 一对2048位的RSA密钥），存储设备中的密钥的存储增加了每个系统的成本。解决方案：密码密钥生成的方法利用存储的输入值和存储的计数值。 处理器100包括存储输入值和计数值的非易失性存储器140，以及基于存储的输入值和存储的计数值生成密码密钥的逻辑122，并生成密码密钥。

公开(公告)号：JP2009003933A

公开(公告)日：2009-01-08

申请号：JP2008160992

申请日：2008-06-19

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： NEMIROFF DANIEL ,  HEBERT HOWARD C

IPC: G06F12/00 ,  G06F21/24

CPC classification number: G06F21/6209 ,  G06F21/64

Abstract: PROBLEM TO BE SOLVED: To provide a method for providing encryption, integrity, and anti-replay protection of data in a fault tolerant manner. SOLUTION: A data blob and an anti-replay table blob are copied to a temporary storage area in a nonvolatile memory. In an atomic operation, a status indicator is set and a monotonic counter is incremented after the data blob and the anti-replay table blob are copied to the temporary storage area. If a fault occurs while the status indicator is set, the data blob and the anti-replay table blob may be recovered from the temporary storage area. COPYRIGHT: (C)2009,JPO&INPIT

Abstract translation: 要解决的问题：提供以容错方式提供数据的加密，完整性和反重放保护的方法。 解决方案：将数据块和反重放表blob复制到非易失性存储器中的临时存储区域。 在原子操作中，设置状态指示符，并且在将数据块和反重放表blob复制到临时存储区域之后，增加单调计数器。 如果在状态指示器设置时出现故障，则可以从临时存储区域恢复数据块和反重放表blob。 版权所有（C）2009，JPO＆INPIT

公开(公告)号：DE102008025197A1

公开(公告)日：2009-01-08

申请号：DE102008025197

申请日：2008-05-27

Applicant: INTEL CORP

Inventor： NEMIROFF DANIEL ,  HERBERT HOWARD C

IPC: G06F21/00 ,  G06F12/14 ,  H04L9/00

Abstract: According to some embodiments, a method for providing encryption, integrity, and anti-replay protection of data in a fault tolerant manner is disclosed. A data blob and an anti-replay table blob are copied to a temporary storage region in a non-volatile memory. In an atomic operation, a status indicator is set and a monotonic counter is incremented after the data blob and the anti-replay table blob are copied to the temporary storage region. If a fault occurs while the status indicator is set, the data blob and the anti-replay table blob may be recovered from the temporary storage region.

公开(公告)号：DE102018004786A1

公开(公告)日：2018-12-20

申请号：DE102018004786

申请日：2018-06-14

Applicant: INTEL CORP

Inventor： NEMIROFF DANIEL ,  BRANDT JASON W

IPC: G06F21/12

Abstract: In einer Ausführungsform umfasst eine Vorrichtung einen ersten Prozessor, um einen ersten kryptografischen Schlüssel ansprechend auf eine Anforderung von einer Software-Anwendung zu generieren; einen zweiten kryptografischen Schlüssel zu empfangen, der von einem zweiten Prozessor generiert wird; den ersten kryptografischen Schlüssel unter Verwendung des zweiten kryptografischen Schlüssels zu verschlüsseln; und den verschlüsselten ersten kryptografischen Schlüssel für die Verwendung durch die Software-Anwendung zu liefern.

公开(公告)号：DE112006003260T5

公开(公告)日：2008-10-30

申请号：DE112006003260

申请日：2006-12-08

Applicant: INTEL CORP

Inventor： NEMIROFF DANIEL ,  CORRADO FRAN

IPC: G06F11/14

Abstract: A method and apparatus for storing and protecting a restore environment is provided. The restore environment is stored in a redundant array of independent disks (RAID) volume which is hidden from an operating system during runtime operations. Upon detecting that a restore operation is required due to a corrupted or missing image, the RAID volume storing the restore environment is dynamically exposed so that it can be accessed by the restore operation.

公开(公告)号：WO2012082411A2

公开(公告)日：2012-06-21

申请号：PCT/US2011063160

申请日：2011-12-02

Applicant: INTEL CORP ,  WONG KAR LEONG ,  KAREENAHALLI SURYAPRASAD ,  NEMIROFF DANIEL

Inventor： WONG KAR LEONG ,  KAREENAHALLI SURYAPRASAD ,  NEMIROFF DANIEL

IPC: G06F21/10 ,  G06F21/60 ,  H04L9/14

CPC classification number: G06F21/10 ,  G06F21/602 ,  H04L63/0428 ,  H04L63/10

Abstract: In some embodiments an embedded processor is to participate in cryptographic key exchange with an audio software application, and a key exchange communication path is coupled between the audio software application and the embedded processor. Other embodiments are described and claimed.

Abstract translation: 在一些实施例中，嵌入式处理器将参与与音频软件应用的加密密钥交换，并且密钥交换通信路径耦合在音频软件应用和嵌入式处理器之间。 描述和要求保护其他实施例。

公开(公告)号：WO2011139476A3

公开(公告)日：2012-03-08

申请号：PCT/US2011031699

申请日：2011-04-08

Applicant: INTEL CORP ,  NEMIROFF DANIEL ,  VEMBU BALAJI ,  GUTIERREZ RAUL ,  KAREENAHALLI SURYAPRASAD

Inventor： NEMIROFF DANIEL ,  VEMBU BALAJI ,  GUTIERREZ RAUL ,  KAREENAHALLI SURYAPRASAD

IPC: G11B20/12 ,  H04N7/26

CPC classification number: G11B27/3027 ,  G11B27/28

Abstract: Encoded data decoding techniques. A data decoding agent determines a data segment size for a packet that includes a header and a data segment. The data decoding agent determines a segment end location based, at least in part, on the data segment size. The data decoding agent processes subblocks of data from the data segment. The data decoding agent compares a current location to the segment end location to determine if a current subblock of data from the data segments contains the segment end location. The data decoding agent triggers an exception handler if the current subblock contains the segment end location.

Abstract translation: 编码数据解码技术。 数据解码代理确定包括报头和数据段的分组的数据段大小。 数据解码代理至少部分地基于数据段大小来确定段结束位置。 数据解码代理处理来自数据段的数据的子块。 数据解码代理将当前位置与段结束位置进行比较，以确定来自数据段的当前数据子块是否包含段结束位置。 如果当前子块包含段结束位置，则数据解码代理触发异常处理程序。

公开(公告)号：WO2012094196A3

公开(公告)日：2013-01-24

申请号：PCT/US2011067472

申请日：2011-12-28

Applicant: INTEL CORP ,  PENDAKUR RAMESH ,  GINTZ WALTER C ,  NEMIROFF DANIEL ,  HAZRA MOUSUMI M

Inventor： PENDAKUR RAMESH ,  GINTZ WALTER C ,  NEMIROFF DANIEL ,  HAZRA MOUSUMI M

CPC classification number: H04N21/4367 ,  G06F21/123 ,  G06F21/72 ,  H04L9/3234 ,  H04N21/4181 ,  H04N21/43635 ,  H04N21/4408 ,  H04N21/63345

Abstract: A system architecture provides a hardware-based root of trust solution for supporting distribution and playback of premium digital content. In an embodiment, hardware root of trust for digital content and services is a solution where the basis of trust for security purposes is rooted in hardware and firmware mechanisms in a client computing system, rather than in software. From this root of trust, the client computing system constructs an entire media processing pipeline that is protected for content authorization and playback. In embodiments of the present invention, the security of the client computing system for content processing is not dependent on the operating system (OS), basic input/output system (BIOS), media player application, or other host software.

Abstract translation: 系统架构提供了一种基于硬件的信任根基，用于支持高级数字内容的分发和播放。 在一个实施例中，用于数字内容和服务的信任的硬件根源是用于安全目的的信任基础植根于客户端计算系统中的硬件和固件机制而不是软件的解决方案。 从这个信任根源，客户端计算系统构建了一个受保护内容授权和播放的整个媒体处理流水线。 在本发明的实施例中，用于内容处理的客户端计算系统的安全性不依赖于操作系统（OS），基本输入/输出系统（BIOS），媒体播放器应用或其他主机软件。

公开(公告)号：WO2012009150A3

公开(公告)日：2012-04-05

申请号：PCT/US2011041987

申请日：2011-06-27

Applicant: INTEL CORP ,  NEMIROFF DANIEL ,  VEMBU BALAJI ,  GUTIERREZ RAHUL ,  KAREENAHALLI SURYAPRASAD

Inventor： NEMIROFF DANIEL ,  VEMBU BALAJI ,  GUTIERREZ RAHUL ,  KAREENAHALLI SURYAPRASAD

IPC: G06F12/00 ,  G06F9/06 ,  G06F13/28

CPC classification number: G06F9/5027

Abstract: The architecture and techniques described herein can improve system performance with respect to the following. Communication between two interdependent hardware engines, that are part of pipeline, such that the engines are synchronized to consume resources when the engines are done with the work. Reduction of the role of software/firmware from feeding each stage of the hardware pipeline when the previous stage of the pipeline has completed. Reduction in the memory allocation for software-initialized hardware descriptors to improve performance by reducing pipeline stalls due to software interaction.

Abstract translation: 本文描述的架构和技术可以改善系统性能。 两个相互依赖的硬件引擎之间的通信是管道的一部分，使得引擎在引擎完成工作时同步以消耗资源。 当管道的上一个阶段完成时，减少软件/固件从硬件管道的每个阶段的角色。 减少用于软件初始化的硬件描述符的内存分配，以通过减少由于软件交互而导致的流水线停顿来提高性能。

公开(公告)号：WO2011156066A3

公开(公告)日：2012-02-16

申请号：PCT/US2011035412

申请日：2011-05-05

Applicant: INTEL CORP ,  VEMBU BALAJI ,  KAREENAHALLI SURYAPRASAD ,  NEMIROFF DANIEL ,  BOGIN ZOHAR ,  GUTIERREZ RAUL

Inventor： VEMBU BALAJI ,  KAREENAHALLI SURYAPRASAD ,  NEMIROFF DANIEL ,  BOGIN ZOHAR ,  GUTIERREZ RAUL

IPC: G06F21/24 ,  H04N7/167

CPC classification number: H04N21/4405 ,  G06F21/10 ,  H04N21/4181 ,  H04N21/42623 ,  H04N21/4408

Abstract: An apparatus for secured playback is presented. In one embodiment, the apparatus includes a controller that includes a key derivation module to manage authentication and key derivation. In one embodiment, the apparatus provides a video decryption key to a graphics engine if video data portions in a data stream are retrievable without having to decrypt the data stream. In one embodiment, the apparatus also includes a decryption module to decrypt a part of data in conjunction with an encryption key to generate video information and video data. The controller then writes an encrypted version of the video data to a video buffer of a graphics engine.

Abstract translation: 提出了一种用于安全播放的设备。 在一个实施例中，该装置包括控制器，其包括用于管理认证和密钥推导的密钥导出模块。 在一个实施例中，如果可以检索数据流中的视频数据部分而不必对数据流进行解密，则该装置向图形引擎提供视频解密密钥。 在一个实施例中，该装置还包括解密模块，用于结合加密密钥对一部分数据进行解密以产生视频信息和视频数据。 然后，控制器将视频数据的加密版本写入图形引擎的视频缓冲器。