公开(公告)号：JP2005346689A

公开(公告)日：2005-12-15

申请号：JP2004259781

申请日：2004-09-07

Applicant: Intel Corp ,  インテル コーポレイション

Inventor： WILSON JOHN H ,  SCHOINAS IOANNIS T ,  YOUSIF MAZIN S ,  RANKIN LINDA J ,  GRAWROCK DAVID W ,  GREINER ROBERT J ,  SUTTON JAMES A ,  VAID KUSHAGRA ,  WISEMAN WILLARD M

IPC: G06F21/24 ,  G06F1/00 ,  G06F9/445 ,  G06F9/46 ,  G06F12/14 ,  G06F15/163 ,  G06F15/177 ,  H04L9/00

CPC classification number: G06F21/575 ,  G06F21/44 ,  G06F21/445 ,  G06F21/50 ,  G06F21/606 ,  G06F21/64 ,  G06F21/71 ,  G06F2221/034

Abstract: PROBLEM TO BE SOLVED: To start a reliable environment in a system. SOLUTION: In one embodiment, this method include steps for: authenticating a start logic processor of the system; evaluating a reliable agent by the start logic processor when the start logic processor is authenticated; and starting the reliable agent by a plurality of processors of the system when the reliable agent is evaluated. In a prescribed embodiment, after the execution of the reliable agent, a secure kernel can be started. For example, the system can be a multiprocessor server system having partially or perfectly connected topology having arbitrary point-to-point interconnection. COPYRIGHT: (C)2006,JPO&NCIPI

Abstract translation: 要解决的问题：在系统中启动可靠的环境。 解决方案：在一个实施例中，该方法包括以下步骤：验证系统的起始逻辑处理器; 当开始逻辑处理器被认证时由起始逻辑处理器评估可靠代理; 以及当评估可靠代理时，由系统的多个处理器启动可靠代理。 在规定的实施例中，在执行可靠代理之后，可以启动安全内核。 例如，该系统可以是具有具有任意点对点互连的部分或完全连接的拓扑的多处理器服务器系统。 版权所有（C）2006，JPO＆NCIPI

公开(公告)号：WO0175595A3

公开(公告)日：2002-07-25

申请号：PCT/US0108374

申请日：2001-03-14

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/00 ,  G06F12/14

CPC classification number: G06F21/53 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/567 ,  G06F21/71 ,  G06F21/74 ,  G06F21/85 ,  G06F2221/2105 ,  G06F2221/2141 ,  G06F2221/2145

Abstract: An access transaction generated by a processor is configured using a configuration storage containing a configuration setting. The processor has a normal execution mode and an isolated execution mode. The access transaction has access information. Access to the configuration storage is controlled. An access grant signal is generated using the configuration setting and the access information. The access grant signal indicates if the access transaction is valid.

Abstract translation: 使用包含配置设置的配置存储来配置由处理器生成的访问事务。 处理器具有正常执行模式和隔离执行模式。 访问事务具有访问信息。 控制对配置存储的访问。 使用配置设置和访问信息生成访问许可信号。 访问许可信号指示访问事务是否有效。

公开(公告)号：WO0175563A3

公开(公告)日：2002-05-23

申请号：PCT/US0108365

申请日：2001-03-14

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/22 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  G06F1/00

CPC classification number: G06F21/53 ,  G06F21/57 ,  G06F2221/2101 ,  G06F2221/2105

Abstract: The present invention is a method, apparatus, and system to generate a key hierarchy for use in an isolated execution environment of a protected platform. In order to bind secrets to particular code operating in isolated execution, a key hierarchy comprising a series of symmetric keys for a standard symmetric cipher is utilized. The protected platform includes a processor that is configured in one of a normal execution mode and an isolated execution mode. A key storage stores an initial key that is unique for the platform. A cipher key creator located in the protected platform creates the hierarchy of keys based upon the initial key. The cipher key creator creates a series of symmetric cipher keys to protect the secrets of loaded software code.

Abstract translation: 本发明是一种用于生成在受保护平台的隔离执行环境中使用的密钥层级的方法，装置和系统。 为了将秘密绑定到在隔离执行中操作的特定代码，使用包括用于标准对称密码的一系列对称密钥的密钥层次。 受保护平台包括被配置为正常执行模式和隔离执行模式之一的处理器。 密钥存储存储该平台独有的初始密钥。 位于受保护平台中的加密密钥创建者基于初始密钥创建密钥的层次结构。 密码密钥创建者创建一系列对称密钥，以保护加载的软件代码的秘密。

公开(公告)号：WO0175564A3

公开(公告)日：2003-01-16

申请号：PCT/US0108891

申请日：2001-03-21

Applicant: INTEL CORP ,  HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

CPC classification number: G06F21/305 ,  G06F9/30189 ,  G06F12/1491 ,  G06F21/35 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/64 ,  G06F21/74 ,  G06F2221/2101 ,  G06F2221/2103 ,  G06F2221/2105 ,  G06F2221/2149

Abstract: In one embodiment, a method of remote attestation for a special mode of operation. The method comprises storing an audit log within protected memory of a platform. The audit log is a listing of data representing each of a plurality of IsoX software modules loaded into the platform. The audit log is retrieved from the protected memory in response to receiving a remote attestation request from a remotely located platform. Then, the retrieved audit log is digitally signed to produce a digital signature for transfer to the remotely located platform.

Abstract translation: 在一个实施例中，用于特殊操作模式的远程证明的方法。 该方法包括将审核日志存储在平台的受保护的存储器内。 审计日志是表示加载到平台中的多个IsoX软件模块中的每一个的数据的列表。 响应于从远程位置的平台接收远程认证请求，从受保护的内存中检索审核日志。 然后，检索的审核日志进行数字签名，以产生数字签名，以转移到位于远程的平台。

公开(公告)号：WO0175565A3

公开(公告)日：2002-06-27

申请号：PCT/US0109371

申请日：2001-03-23

Applicant: INTEL CORP ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F9/46 ,  G06F1/00 ,  G06F9/48 ,  G06F21/00

CPC classification number: G06F21/53 ,  G06F2221/2105

Abstract: A technique is provided to execute isolated instructions according to an embodiment of the present invention. An execution unit executes an isolated instruction in a processor operating in a platform. The processor is configured in one of a normal execution mode and an isolated execution mode. A parameter storage containing at least one parameter to support execution of the isolated instruction when the processor is configured in the isolated execution mode.

Abstract translation: 提供了根据本发明的实施例的执行隔离指令的技术。 执行单元在平台中操作的处理器中执行隔离指令。 处理器配置为正常执行模式和隔离执行模式之一。 当处理器被配置为隔离执行模式时，包含至少一个参数以支持执行隔离指令的参数存储器。

公开(公告)号：HK1072307A1

公开(公告)日：2005-08-19

申请号：HK05104208

申请日：2003-03-26

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND ,  NEIGER GILBERT

IPC: G06F20060101 ,  G06F

公开(公告)号：GB2377793B

公开(公告)日：2004-12-22

申请号：GB0225049

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/00 ,  G06F12/14

Abstract: An access transaction generated by a processor is configured using a configuration storage containing a configuration setting. The processor has a normal execution mode and an isolated execution mode. The access transaction has access information. Access to the configuration storage is controlled. An access grant signal is generated using the configuration setting and the access information. The access grant signal indicates if the access transaction is valid.

公开(公告)号：DE10196007T1

公开(公告)日：2003-10-09

申请号：DE10196007

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00

公开(公告)号：DE10195999T1

公开(公告)日：2003-04-03

申请号：DE10195999

申请日：2001-03-14

Applicant: INTEL CORP

Inventor： ELLISON CARL M ,  GOLLIVER ROGER A ,  HERBERT HOWARD C ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F21/00 ,  G06F9/00

Abstract: An access transaction generated by a processor is configured using a configuration storage containing a configuration setting. The processor has a normal execution mode and an isolated execution mode. The access transaction has access information. Access to the configuration storage is controlled. An access grant signal is generated using the configuration setting and the access information. The access grant signal indicates if the access transaction is valid.

公开(公告)号：DE10196007B4

公开(公告)日：2010-08-12

申请号：DE10196007

申请日：2001-03-21

Applicant: INTEL CORP

Inventor： HERBERT HOWARD C ,  GRAWROCK DAVID W ,  ELLISON CARL M ,  GOLLIVER ROGER A ,  LIN DERRICK C ,  MCKEEN FRANCIS X ,  NEIGER GILBERT ,  RENERIS KEN ,  SUTTON JAMES A ,  THAKKAR SHREEKANT S ,  MITTAL MILLIND

IPC: G06F1/00 ,  G06F12/14 ,  G06F21/00