公开(公告)号：WO0175595A3

公开(公告)日：2002-07-25

申请号：PCT/US0108374

申请日：2001-03-14

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/00 ,  G06F12/14

CPC classification number: G06F21/53 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/567 ,  G06F21/71 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2145

Abstract: An access transaction generated by a processor is configured using a configuration storage containing a configuration setting. The processor has a normal execution mode and an isolated execution mode. The access transaction has access information. Access to the configuration storage is controlled. An access grant signal is generated using the configuration setting and the access information. The access grant signal indicates if the access transaction is valid.

Abstract translation: 使用包含配置设置的配置存储来配置由处理器生成的访问事务。 处理器具有正常执行模式和隔离执行模式。 访问事务具有访问信息。 控制对配置存储的访问。 使用配置设置和访问信息生成访问许可信号。 访问许可信号指示访问事务是否有效。

公开(公告)号：WO0175563A3

公开(公告)日：2002-05-23

申请号：PCT/US0108365

申请日：2001-03-14

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

CPC classification number: G06F21/53 ,  G06F21/57 ,  G06F2221/2101 ,  G06F2221/2105

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

Abstract translation: 本发明是一种用于生成在受保护平台的隔离执行环境中使用的密钥层级的方法，装置和系统。 为了将秘密绑定到在隔离执行中操作的特定代码，使用包括用于标准对称密码的一系列对称密钥的密钥层次。 受保护平台包括被配置为正常执行模式和隔离执行模式之一的处理器。 密钥存储存储该平台独有的初始密钥。 位于受保护平台中的加密密钥创建者基于初始密钥创建密钥的层次结构。 密码密钥创建者创建一系列对称密钥，以保护加载的软件代码的秘密。

公开(公告)号：WO0175564A3

公开(公告)日：2003-01-16

申请号：PCT/US0108891

申请日：2001-03-21

Applicant: INTEL CORP ,  HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

CPC classification number: G06F21/305 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/35 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2105 ,  G06F2221/2149

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

Abstract translation: 在一个实施例中，用于特殊操作模式的远程证明的方法。 该方法包括将审核日志存储在平台的受保护的存储器内。 审计日志是表示加载到平台中的多个IsoX软件模块中的每一个的数据的列表。 响应于从远程位置的平台接收远程认证请求，从受保护的内存中检索审核日志。 然后，检索的审核日志进行数字签名，以产生数字签名，以转移到位于远程的平台。

公开(公告)号：WO0175565A3

公开(公告)日：2002-06-27

申请号：PCT/US0109371

申请日：2001-03-23

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F9/46 ,  G06F1/00 ,  G06F9/48 ,  G06F21/00

CPC classification number: G06F21/53 ,  G06F2221/2105

Abstract: A technique is provided to execute isolated instructions according to an embodiment of the present invention. An execution unit executes an isolated instruction in a processor operating in a platform. The processor is configured in one of a normal execution mode and an isolated execution mode. A parameter storage containing at least one parameter to support execution of the isolated instruction when the processor is configured in the isolated execution mode.

Abstract translation: 提供了根据本发明的实施例的执行隔离指令的技术。 执行单元在平台中操作的处理器中执行隔离指令。 处理器配置为正常执行模式和隔离执行模式之一。 当处理器被配置为隔离执行模式时，包含至少一个参数以支持执行隔离指令的参数存储器。

公开(公告)号：DE10196007B4

公开(公告)日：2010-08-12

申请号：DE10196007

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

公开(公告)号：HK1050255A1

公开(公告)日：2003-06-13

申请号：HK03102201

申请日：2003-03-26

Applicant: INTEL CORP

Inventor： HOWARD C HERBERT ,  GRAWROCK DAVID W ,  ELLISN CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F

公开(公告)号：DE10196006T1

公开(公告)日：2003-04-03

申请号：DE10196006

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

公开(公告)号：GB2378794A

公开(公告)日：2003-02-19

申请号：GB0225043

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

公开(公告)号：AU4368301A

公开(公告)日：2001-10-15

申请号：AU4368301

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

公开(公告)号：DE10195999B3

公开(公告)日：2017-05-04

申请号：DE10195999

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F9/00 ,  G06F12/14 ,  G06F21/00

Abstract: Computersystem (100) mit (a) wenigstens einem Prozessor (110), der in einem normalen und in einem isolierten Ausführungsmodus betrieben werden kann, wobei der Inhalt eines Prozessorsteuerregisters (252) anzeigt, ob sich der Prozessor (110) in dem isolierten Ausführungsmodus befindet, (b) einem Systemspeicher (140) mit einem isolierten physikalischen Speicherbereich (70), auf den der Prozessor (110) nur in dem isolierten Ausführungsmodus zugreifen kann, und (c) einem mit dem Prozessor (110) und dem Systemspeicher (140) gekoppelten Chipsatz (130, 150, 160), der eine mit dem Systemspeicher (140) gekoppelte Zugriffssteuereinrichtung (135) enthält, wobei der isolierte Ausführungsmodus durch Ausführung eines privilegierten Befehls (iso_init) in dem Prozessor (110) initialisiert wird, der einen Prozessor-Nub-Lader (52) aufruft und in den isolierten Speicherbereich (70) lädt, wobei der Prozessor-Nub-Lader (52) ein in dem Chipsatz (130, 150, 160) gehaltener geschützter Bootstrap-Lader-Code ist, der ein Prozessor-Nub-Softwaremodul (18) in den isolierten Speicherbereich (70) lädt und dessen Integrität überprüft, wobei das Prozessor-Nub-Softwaremodul (18) hardwarebezogene Dienste für die isolierte Ausführung zur Verfügung stellt, wobei die Zugriffssteuereinrichtung (135) aufweist: (c1) einen von dem Prozessor (110) konfigurierbaren Konfigurationsspeicher (610), der eine den isolierten physikalischen Speicherbereich (70) definierende Konfigurationseinstellung (612) in Speicherbereichsregistern (620, 630) speichert, (c2) einen Zugriffsgewährungsgenerator (650), der bei einer Zugriffstransaktion von dem Prozessor (110) Zugriffsinformationen (660) empfängt, die eine physikalische ...