公开(公告)号：US09514285B2

公开(公告)日：2016-12-06

申请号：US14498521

申请日：2014-09-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju V. Patel

IPC: G06F21/54 ,  G06F21/00

CPC classification number: G06F21/00 ,  G06F21/52

Abstract: A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack.

Abstract translation: 计算设备包括用于保护由处理器使用以控制程序的执行流程的返回地址的技术。 计算设备使用加密算法以将返回地址绑定到堆栈中的位置的方式为返回地址提供安全性。

公开(公告)号：US20160285892A1

公开(公告)日：2016-09-29

申请号：US14669226

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Eugene M. Kishinevsky ,  Siddhartha Chhabra ,  Men Long ,  Jungju Oh ,  David M. Durham

IPC: H04L29/06 ,  G06F12/14

CPC classification number: G06F12/1408 ,  G06F21/00 ,  G06F2212/1052

Abstract: In an embodiment, a processor includes: at least one core to execute instructions; and a memory protection logic to encrypt data to be stored to a memory coupled to the processor, generate a message authentication code (MAC) based on the encrypted data, the MAC to have a first value according to a first key, obtain the encrypted data from the memory and validate the encrypted data using the MAC, where the MAC is to be re-keyed to have a second value according to a second key and without the encrypted data. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，处理器包括：执行指令的至少一个核心; 以及存储器保护逻辑，用于加密要存储到耦合到处理器的存储器的数据的存储器保护逻辑，基于加密数据生成消息认证码（MAC），MAC根据第一密钥具有第一值，获得加密数据 并且使用MAC验证加密数据，其中MAC将被重新键入以具有根据第二密钥的第二值并且没有加密数据。 描述和要求保护其他实施例。

公开(公告)号：US20160254905A1

公开(公告)日：2016-09-01

申请号：US14967545

申请日：2015-12-14

Applicant: Intel Corporation

Inventor： David M. Durham ,  Men Long

IPC: H04L9/06 ,  G06F12/14 ,  G06F12/08 ,  G06F11/10 ,  G11C29/52

CPC classification number: H04L9/0618 ,  G06F11/1068 ,  G06F12/0868 ,  G06F12/1408 ,  G06F21/554 ,  G06F21/602 ,  G06F21/64 ,  G06F2212/1021 ,  G06F2212/1052 ,  G11C29/52 ,  G11C2029/1804 ,  G11C2029/3602 ,  H04L9/0637 ,  H04L9/3239 ,  H04L9/3242 ,  H04L9/3247 ,  Y02D10/13

Abstract: Systems and methods may provide for identifying unencrypted data including a plurality of bits, wherein the unencrypted data may be encrypted and stored in memory. In addition, a determination may be made as to whether the unencrypted data includes a random distribution of the plurality of bits. An integrity action may be implemented, for example, when the unencrypted data includes a random distribution of the plurality of bits.

公开(公告)号：US09245141B2

公开(公告)日：2016-01-26

申请号：US14557079

申请日：2014-12-01

Applicant: Intel Corporation

Inventor： David M. Durham ,  Hormuzd M. Khosravi ,  Uri Blumenthal ,  Men Long

IPC: H04L9/32 ,  G06F21/00 ,  G06F21/62 ,  G06F12/14 ,  G06F21/53 ,  G06F21/52

Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

公开(公告)号：US20160012565A1

公开(公告)日：2016-01-14

申请号：US14864183

申请日：2015-09-24

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  Michael A. Goldsmith ,  David M. Durham

IPC: G06T1/60 ,  G06T1/20 ,  G06F21/84 ,  G06F3/147

CPC classification number: G06T1/60 ,  G06F3/147 ,  G06F21/84 ,  G06T1/20 ,  G09G2358/00 ,  H04N21/42653 ,  H04N21/4318 ,  H04N21/4367 ,  H04N21/44004 ,  H04N21/4408

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

Abstract translation: 受保护的图形模块可以将其输出安全地发送到显示引擎。 与显示器的安全通信可以提供受保护图形模块生成的内容对软件和硬件攻击的机密性。

公开(公告)号：US09134878B2

公开(公告)日：2015-09-15

申请号：US13631288

申请日：2012-09-28

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

IPC: G06F3/041 ,  G06F3/0481 ,  G06F3/0488 ,  G06F21/74 ,  G06F21/82

CPC classification number: G06F3/0481 ,  G06F3/041 ,  G06F3/04883 ,  G06F21/74 ,  G06F21/82

Abstract: A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

Abstract translation: 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势，并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势，或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后，计算设备的主处理器可以从安全执行环境接收更新的视图数据。

公开(公告)号：US12277234B2

公开(公告)日：2025-04-15

申请号：US17791000

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael D. LeMay ,  Salmin Sultana ,  Karanvir S. Grewal ,  Michael E. Kounavis ,  Sergej Deutsch ,  Andrew James Weiler ,  Abhishek Basak ,  Dan Baum ,  Santosh Ghosh

IPC: G06F21/00 ,  G06F21/54 ,  G06F21/60 ,  G06F21/79

Abstract: A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system miming on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.

公开(公告)号：US12267423B2

公开(公告)日：2025-04-01

申请号：US17485146

申请日：2021-09-24

Applicant: Intel Corporation

Inventor： David M. Durham ,  Siddhartha Chhabra

IPC: H04L29/06 ,  G06F9/455 ,  H04L9/08

Abstract: In one embodiment, an apparatus includes a processor comprising at least one core to execute instructions of a plurality of virtual machines (VMs) and a virtual machine monitor (VMM), and a cryptographic engine to protect data associated with the plurality of VMs through use of a plurality of private keys and a trusted transformer key, where each of the plurality of private keys are to protect program instructions and data of a respective VM and the trusted transformer key is to protect management structure data for the plurality of VMs. The processor is further to provide, to the VMM, read and write access to the management structure data through an untrusted transformer key.

公开(公告)号：US20250068776A1

公开(公告)日：2025-02-27

申请号：US18948099

申请日：2024-11-14

Applicant: Intel Corporation

Inventor： Michael LeMay ,  David M. Durham

IPC: G06F21/79 ,  G06F12/0871 ,  G06F12/0882 ,  G06F21/55 ,  G06F21/60

Abstract: Methods and apparatus relating to techniques for region-based deterministic memory safety are described. In some embodiment, one or more instructions may be used to encrypt, decrypt, and/or check a pointer to a portion of the data stored in memory. The portion of the data is stored in a first region of the memory. The first region of the memory includes a plurality of identically sized allocation slots. Other embodiments are also disclosed and claimed.

公开(公告)号：US20250005138A1

公开(公告)日：2025-01-02

申请号：US18346222

申请日：2023-07-01

Applicant: Intel Corporation

Inventor： Michael LeMay ,  David M. Durham

IPC: G06F21/54 ,  G06F21/78

Abstract: Techniques for explicit integrity check value initialization are described. In an embodiment, an apparatus includes an instruction decoder to decode a single instruction to set an integrity check value ICV corresponding to a destination location in a memory; and execution circuitry coupled to the instruction decoder, the execution circuitry to perform one or more operations corresponding to the single instruction, including storing data indicated by the single instruction into the destination location, and storing the ICV in the memory.