公开(公告)号：WO2012082410A3

公开(公告)日：2012-08-16

申请号：PCT/US2011063140

申请日：2011-12-02

Applicant: INTEL CORP ,  JOHNSON SIMON P ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  MCKEEN FRANCIS X ,  ROZAS CARLOS V

Inventor： JOHNSON SIMON P ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  MCKEEN FRANCIS X ,  ROZAS CARLOS V

IPC: G06F21/00 ,  G06F21/22 ,  G06F21/24

CPC classification number: G06F12/1466 ,  G06F21/53 ,  G06F21/6218 ,  G06F21/64 ,  G06F21/645

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract translation: 一种在计算机系统内实现安全应用程序和数据完整性的技术。 在一个实施例中，建立一个或多个安全区域，其中可以存储和执行应用程序和数据。

公开(公告)号：GB2515611A

公开(公告)日：2014-12-31

申请号：GB201405732

申请日：2014-03-31

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  IVANOV ANTON ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN

IPC: G06F12/14 ,  G06F9/30 ,  G06F12/10 ,  G06F21/62

Abstract: A processor has multiple hardware threads and an enclave page cache. The processor has a first instruction to prevent new address translations being created. This instruction takes the address of a page in a secure enclave as a as a parameter. It prevents new entries being made in a translation look-aside buffer for that page. The processor has a second instruction to record the threads accessing an enclave. This instruction specifies the enclave identifier as a parameter and records the number of hardware threads accessing the enclave. The number is decremented whenever a thread exits the enclave. The processor has a third instruction to evict a page from an enclave page cache. The instruction takes the page address to evict as a parameter. It writes the page back to memory if the number of threads accessing the enclave is zero.

公开(公告)号：GB2515611B

公开(公告)日：2015-06-03

申请号：GB201405732

申请日：2014-03-31

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  IVANOV ANTON ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT DION ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN

IPC: G06F12/14 ,  G06F9/30 ,  G06F12/10 ,  G06F21/62

公开(公告)号：BR102014006806A2

公开(公告)日：2014-12-02

申请号：BR102014006806

申请日：2014-03-21

Applicant: INTEL CORP

Inventor： ROSAS CARLOS V ,  BERENZON ALEX ,  IVANOV ANTON ,  MCKEEN FRANCIS X ,  ALEXANDROVICH IIYA ,  MICHAEL A ,  JOHNSON SIMON P ,  NEIGER GILBERT ,  RODGERS SCOTT DION ,  SHANBHOGUE VEDVYAS ,  SAVAGAONKAR UDAY R ,  SMITH WESLEY H ,  ANATI ITTAI ,  HUNTLEY BARRY E ,  LESLIE-HURD REBEKAH M ,  RAPPOPORT RINAT ,  SCARLATA VINCENT R ,  WOOD WILLIAM COLIN

IPC: G06F12/10 ,  G06F12/08

公开(公告)号：EP2647156A4

公开(公告)日：2017-07-05

申请号：EP11844100

申请日：2011-11-11

Applicant: INTEL CORP

Inventor： BRICKELL ERNIE F ,  GUERON SHAY ,  LI JIANGTAO ,  ROZAS CARLOS V ,  NEMIROFF DANIEL ,  SCARLATA VINCENT R ,  SAVAGAONKAR UDAY R ,  JOHNSON SIMON P

IPC: H04L9/08 ,  G06F21/57 ,  G06F21/73 ,  H04L9/14

CPC classification number: H04L9/0816 ,  G06F21/572 ,  G06F21/73

公开(公告)号：EP3025266A4

公开(公告)日：2017-03-01

申请号：EP14829313

申请日：2014-07-15

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ANATI ITTAI ,  GERZON GIDEON ,  GUERON SHAY ,  JOHNSON SIMON P ,  MCKEEN FRANCIS X ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R

IPC: G06F21/00 ,  G06F9/06

CPC classification number: H04L9/3239 ,  G06F12/1441 ,  G06F21/71 ,  G06F2221/2111

Abstract: Embodiments of an invention for measuring a secure enclave are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first, a second, and a third instruction. The execution unit is to execute the first, the second, and the third instruction. Execution of the first instruction includes initializing a measurement field in a control structure of a secure enclave with an initial value. Execution of the second instruction includes adding a region to the secure enclave. Execution of the third instruction includes measuring a subregion of the region.

Abstract translation: 公开了用于测量安全飞地的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元将接收第一，第二和第三指令。 执行单元执行第一条，第二条和第三条指令。 第一指令的执行包括用初始值初始化安全区域的控制结构中的测量字段。 第二条指令的执行包括向安全飞地增加一个区域。 第三条指令的执行包括测量该地区的一个子地区。

公开(公告)号：GB2522137B

公开(公告)日：2015-12-02

申请号：GB201505638

申请日：2015-04-01

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT DION ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN ,  IVANOV ANTON

IPC: G06F12/08 ,  G06F9/30 ,  G06F12/10 ,  G06F21/62

公开(公告)号：GB2522137A

公开(公告)日：2015-07-15

申请号：GB201505638

申请日：2015-04-01

Applicant: INTEL CORP

Inventor： ROZAS CARLOS V ,  ALEXANDROVICH ILYA ,  ANATI ITTAI ,  BERENZON ALEX ,  GOLDSMITH MICHAEL A ,  HUNTLEY BARRY E ,  JOHNSON SIMON P ,  LESLIE-HURD REBEKAH M ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RAPPOPORT RINAT ,  RODGERS SCOTT DION ,  SAVAGAONKAR UDAY R ,  SCARLATA VINCENT R ,  SHANBHOGUE VEDVYAS ,  SMITH WESLEY H ,  WOOD WILLIAM COLIN ,  IVANOV ANTON

IPC: G06F12/08 ,  G06F9/30 ,  G06F21/62

Abstract: A processor has an enclave page cache to cache data from a secure enclave. An instruction (ETRACK) causes it to record the number of hardware threads accessing the data in the cache corresponding to the secure enclave. This may be the threads, which are executing code in the secure enclave. When any of the threads exits the secure enclave, the number is decremented. A second instruction (EWB) may cause the data in the cache to be evicted and written back to main memory when the number reaches zero. A third instruction (EBLOCK) may prevent the creation of new address translation entries for the pages in the cache. The data may be encrypted, when written to main memory, and decrypted, when read from main memory.

公开(公告)号：EP2036251A4

公开(公告)日：2017-04-19

申请号：EP07784505

申请日：2007-06-21

Applicant: INTEL CORP

Inventor： SAHITA RAVI ,  GREWAL KARANVIR S ,  WADEKAR MANOJ K ,  SAVAGAONKAR UDAY R

IPC: H04L12/24 ,  H04B7/26

CPC classification number: H04L47/10 ,  H04L47/14 ,  H04L47/20 ,  H04L47/31 ,  H04L47/32

Abstract: In an embodiment, a method is provided. The method of this embodiment provides monitoring on a system flow statistics to identify one or more non-compliant traffic flows on the system, each of the one or more non-compliant traffic flows having packets; assigning a tag to each of the one or more non-compliant traffic flows, each of the tags corresponding to one of at least one congestion management policy; and applying one of the tags to each of the packets associated with any of the non-compliant traffic flows.

Abstract translation: 在一个实施例中，提供了一种方法。 该实施例的方法提供对系统流统计信息的监视，以识别系统上的一个或多个不符合规定的业务流，所述一个或多个不符合业务流中的每一个具有分组; 将标签分配给所述一个或多个不符合规定的业务流中的每一个，所述标签中的每一个对应于至少一个拥塞管理策略之一; 以及将一个标签应用于与任何不兼容业务流相关联的每个分组。

公开(公告)号：DE112017002044T5

公开(公告)日：2019-01-10

申请号：DE112017002044

申请日：2017-05-30

Applicant: INTEL CORP

Inventor： SCARLATA VINCENT R ,  MCKEEN FRANCIS X ,  ROZAS CARLOS V ,  JOHNSON SIMON P ,  ZHANG BO ,  BEANEY JAMES D ,  ZMIJEWSKI PIOTR ,  SMITH WESLEY HAMILTON ,  CABRE EDUARDO ,  SAVAGAONKAR UDAY R

IPC: G06F21/62 ,  G06F21/50 ,  G06F21/60 ,  H04L9/30

Abstract: Ausführungsformen enthalten Systeme, Verfahren, computerlesbare Medien und Vorrichtungen, die konfiguriert sind, für einen ersten Prozessor einer Plattform einen Plattform-Root-Schlüssel zu generieren; eine Datenstruktur zum Einkapseln des Plattform-Root-Schlüssels zu erstellen, wobei die Datenstruktur einen Plattformbereitstellungsschlüssel und eine Identifizierung eines Registrierungsdienstes umfasst; und auf einer sicheren Verbindung die Datenstruktur zum Registrierungsdienst zu senden, um den Plattform-Root-Schlüssel für den ersten Prozessor der Plattform zu registrieren. Ausführungsformen enthalten Systeme, Verfahren, computerlesbare Medien und Vorrichtungen, die konfiguriert sind, ein Vorrichtungszertifikat zu speichern, das von einer Schlüsselgenerierungseinrichtung empfangen wird; ein Verzeichnis von einer Plattform zu empfangen, wobei das Verzeichnis eine Identifizierung eines Prozessors umfasst, der mit der Plattform verknüpft ist; und den Prozessor unter Verwendung eines gespeicherten Vorrichtungszertifikats zu validieren.