-
公开(公告)号:WO2012016086A3
公开(公告)日:2012-04-05
申请号:PCT/US2011045798
申请日:2011-07-28
Applicant: INTEL CORP , SMITH NED M , WISEMAN WILLARD M , SHANBHOGUE VEDVYAS , GRAWROCK DAVID W , STRONGIN GEOFFREY S
Inventor: SMITH NED M , WISEMAN WILLARD M , SHANBHOGUE VEDVYAS , GRAWROCK DAVID W , STRONGIN GEOFFREY S
CPC classification number: G06F21/44 , G06F21/50 , G06F21/57 , G06F21/575 , G06F21/85 , H04L63/126 , H04L67/125
Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.
Abstract translation: 在一个实施例中,处理器可以实施黑名单并根据多阶段锁步完整性协议验证耦合到处理器的设备。 这种实施可以防止设备在验证之前访问系统的一个或多个资源。 黑名单可以包括根据多阶段锁步完整性协议未被验证的设备的列表。 描述并要求保护其他实施例。
-
公开(公告)号:WO2017030625A3
公开(公告)日:2017-04-13
申请号:PCT/US2016035195
申请日:2016-06-01
Applicant: INTEL CORP
Inventor: BRANDT JASON W , SHANBHOGUE VEDVYAS
IPC: H04L9/08
CPC classification number: H04L9/0894
Abstract: Embodiments of an invention for loading and virtualizing cryptographic keys are disclosed. In one embodiment, a processor includes a local key storage location, a backup key storage location, and execution hardware. Neither the local key storage location nor the backup key storage location is readable by software. The execution hardware is to perform a first operation and a second operation. The first operation includes loading a cryptographic key into the local key storage location. The second operation includes copying the cryptographic key from the local key storage location to the backup key storage location.
Abstract translation: 公开了用于加载和虚拟化密码密钥的发明的实施例。 在一个实施例中,处理器包括本地密钥存储位置,备份密钥存储位置和执行硬件。 本地密钥存储位置和备份密钥存储位置都不被软件读取。 执行硬件是执行第一操作和第二操作。 第一操作包括将加密密钥加载到本地密钥存储位置。 第二操作包括将加密密钥从本地密钥存储位置复制到备份密钥存储位置。
-
公开(公告)号:WO2017030625A9
公开(公告)日:2017-03-16
申请号:PCT/US2016035195
申请日:2016-06-01
Applicant: INTEL CORP
Inventor: BRANDT JASON W , SHANBHOGUE VEDVYAS
IPC: H04L9/08
CPC classification number: H04L9/0894
Abstract: Embodiments of an invention for loading and virtualizing cryptographic keys are disclosed. In one embodiment, a processor includes a local key storage location, a backup key storage location, and execution hardware. Neither the local key storage location nor the backup key storage location is readable by software. The execution hardware is to perform a first operation and a second operation. The first operation includes loading a cryptographic key into the local key storage location. The second operation includes copying the cryptographic key from the local key storage location to the backup key storage location.
Abstract translation: 公开了用于加载和虚拟化密钥的发明的实施例。 在一个实施例中,处理器包括本地密钥存储位置,备份密钥存储位置和执行硬件。 软件不能读取本地密钥存储位置和备份密钥存储位置。 执行硬件将执行第一操作和第二操作。 第一个操作包括将加密密钥加载到本地密钥存储位置。 第二操作包括将密码密钥从本地密钥存储位置复制到备份密钥存储位置。
-
4.发明申请METHOD AND APPARATUS FOR ENFORCING A MANDATORY SECURITY POLICY ON AN OPERATING SYSTEM (OS) INDEPENDENT ANTI-VIRUS (AV) SCANNER 审中-公开用于执行独立的反病毒(AV)扫描仪的操作系统(OS)上的强制性安全策略的方法和装置
公开(公告)号:WO2012024057A2
公开(公告)日:2012-02-23
申请号:PCT/US2011045158
申请日:2011-07-25
Applicant: INTEL CORP , SMITH NED M , DANNEELS GUNNER D , SHANBHOGUE VEDVYAS , SUGUMAR SURESH
Inventor: SMITH NED M , DANNEELS GUNNER D , SHANBHOGUE VEDVYAS , SUGUMAR SURESH
CPC classification number: G06F21/53 , G06F21/564 , G06F21/575
Abstract: An antivirus (AV) application specifies a fault handler code image, a fault handler manifest, a memory location of the AV application, and an AV application manifest. A loader verifies the fault handler code image and the fault handler manifest, creates a first security domain having a first security level, copies the fault handler code image to memory associated with the first security domain, and initiates execution of the fault handler. The loader requests the locking of memory pages in the guest OS that are reserved for the AV application. The fault handler locks the executable code image of the AV application loaded into guest OS memory by setting traps on selected code segments in guest OS memory.
Abstract translation: 防病毒(AV)应用程序指定故障处理程序代码映像,故障处理程序清单,AV应用程序的存储位置和AV应用程序清单。 加载程序验证故障处理程序代码映像和故障处理程序清单,创建具有第一安全级别的第一安全域,将故障处理程序代码映像复制到与第一安全域相关联的存储器,并启动故障处理程序的执行。 加载程序请求锁定为AV应用程序保留的访客操作系统中的内存页面。 故障处理器通过在客户机操作系统内存中的选定代码段上设置陷阱来锁定加载到客户机操作系统内存中的AV应用程序的可执行代码映像。
-
5.发明申请PROVIDING INTEGRITY VERIFICATION AND ATTESTATION IN A HIDDEN EXECUTION ENVIRONMENT 审中-公开提供隐私执行环境中的完整性验证和验证
公开(公告)号:WO2011084210A3
公开(公告)日:2011-09-09
申请号:PCT/US2010054312
申请日:2010-10-27
Applicant: INTEL CORP , SMITH NED , SHANBHOGUE VEDVYAS , KUMAR ARVIND , GOEL PURUSHOTTAM
Inventor: SMITH NED , SHANBHOGUE VEDVYAS , KUMAR ARVIND , GOEL PURUSHOTTAM
CPC classification number: G06F21/554 , G06F21/44 , G06F21/57 , G06F21/64
Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.
Abstract translation: 在一个实施例中,处理器包括微代码存储器,其包括处理器指令,用于创建和执行在系统软件不可见的隐藏环境中执行的隐藏资源管理器(HRM)。 处理器还可以包括扩展寄存器,用于存储包括隐藏环境的至少一个内核代码模块的测量值和至少一个内核代码模块的验证状态的安全信息。 描述和要求保护其他实施例。
-
Patent Agency Ranking
公开(公告)号:WO2010078143A2
公开(公告)日:2010-07-08
申请号:PCT/US2009069136
申请日:2009-12-22
Applicant: INTEL CORP , SHANBHOGUE VEDVYAS , KUMAR ARVIND , GOEL PURUSHOTTAM
Inventor: SHANBHOGUE VEDVYAS , KUMAR ARVIND , GOEL PURUSHOTTAM
CPC classification number: G06F12/1408 , G06F9/45558 , G06F9/4812 , G06F9/5077 , G06F2009/45579 , G06F2212/1052 , H04L9/14 , H04L9/3242 , H04L63/168 , H04L2209/24 , Y02D10/22 , Y02D10/24 , Y02D10/36
Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as "OI") architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.
Abstract translation: 描述了与用于执行安全嵌入式容器的处理器扩展相关的方法和设备。 在一个实施例中,提供了用于可管理性功能的可扩展解决方案,例如,用于UMPC环境或以其他方式利用专用处理器或微控制器进行可管理性不适当或不切实际的情况。 例如,在一个实施例中,OS(操作系统)或VMM(虚拟机管理器)独立(在本文中通常称为“OI”)体系结构涉及通过动态地分配资源(例如处理器周期)来在处理器上创建一个或多个容器 ,内存,设备)在主机OS / VMM和OI容器之间。 其他实施例也被描述和要求保护。
-
公开(公告)号:DE112017001825T5
公开(公告)日:2018-12-27
申请号:DE112017001825
申请日:2017-03-03
Applicant: INTEL CORP
Inventor: SHANBHOGUE VEDVYAS , ROBINSON STEPHEN J , BRYANT CHRISTOPHER D , BRANDT JASON W
IPC: G06F9/30
Abstract: Ein Prozessor enthält einen breitesten Satz von Datenregistern, der einem gegebenen logischen Prozessor entspricht. Jedes der Datenregister des breitesten Satzes hat eine erste Breite (in Bits). Eine Decodiereinheit, die dem gegebenen logischen Prozessor entspricht, dazu dient, Instruktionen zu decodieren, welche die Datenregister des breitesten Satzes spezifizieren, und soll eine atomische Speicherinstruktion decodieren. Die atomische Speicherinstruktion dazu dient, Daten anzugeben, die eine zweite Breite (in Bits) haben sollen, die breiter ist als die erste Breite (in Bits). Die atomische Speicherinstruktion dazu dient, Speicheradressinformationen anzugeben, die mit einem Speicherort verknüpft sind. Eine Ausführungseinheit ist mit der Decodiereinheit gekoppelt. Die Ausführungseinheit soll, in Reaktion auf die atomische Speicherinstruktion, die angegebenen Daten an dem Speicherort atomisch speichern.
-
公开(公告)号:DE112016005919T5
公开(公告)日:2018-09-13
申请号:DE112016005919
申请日:2016-12-14
Applicant: INTEL CORP
Inventor: SHANBHOGUE VEDVYAS , BRYANT CHRISTOPHER , WIEDEMEIER JEFF
IPC: G06F12/14
Abstract: Eine Vorrichtung und ein Verfahren zum Schutz von Sub-Seiten von erweiterten Seitentabellen. Zum Beispiel umfasst eine Ausführungsform einer Vorrichtung: einen Seiten-Fehlschlag-Handhaber zum Durchführen eines Seitenlaufs unter Verwendung einer physikalischen Gastadresse (GPA) und zum Erkennen, ob eine mit der GPA identifizierte Seite mit Sub-Seiten-Berechtigungen abgebildet ist; einen Sub-Seiten-Steuerspeicher zum Speichern mindestens einer GPA und anderer Sub-Seitebezogener Daten; wobei der Seiten-Fehlschlag-Handhaber vorgesehen ist, um zu bestimmen, ob die GPA in dem Sub-Seiten-Steuerspeicher programmiert ist; und der Seiten-Fehlschlag-Handhaber vorgesehen ist, eine Übersetzung an einen Adressenübersetzungspuffer (TLB) mit einer Sub-Seiten-Schutzangabe zu senden, die eingestellt ist, um eine Übereinstimmung der Sub-Seiten-bezogenen Daten zu bewirken, wenn ein TLB-Treffer vorliegt.
-
公开(公告)号:BRPI0920788A2
公开(公告)日:2015-12-22
申请号:BRPI0920788
申请日:2009-12-22
Applicant: INTEL CORP
Inventor: KUMAR ARVIND , GOEL PURUSHOTTAM , SHANBHOGUE VEDVYAS
-
10.发明专利
公开(公告)号:GB2515611B
公开(公告)日:2015-06-03
申请号:GB201405732
申请日:2014-03-31
Applicant: INTEL CORP
Inventor: ROZAS CARLOS V , ALEXANDROVICH ILYA , ANATI ITTAI , BERENZON ALEX , GOLDSMITH MICHAEL A , HUNTLEY BARRY E , IVANOV ANTON , JOHNSON SIMON P , LESLIE-HURD REBEKAH M , MCKEEN FRANCIS , NEIGER GILBERT , RAPPOPORT RINAT , RODGERS SCOTT DION , SAVAGAONKAR UDAY R , SCARLATA VINCENT R , SHANBHOGUE VEDVYAS , SMITH WESLEY H , WOOD WILLIAM COLIN
-
-
-
-
-
-
-
-
-
Search Results
42
records
(took 0.023 seconds)
