公开(公告)号：US20160197724A1

公开(公告)日：2016-07-07

申请号：US15052173

申请日：2016-02-24

Applicant: Intel Corporation

Inventor： Daniel Nemiroff

IPC: H04L9/08 ,  G06F7/58

CPC classification number: H04L9/0869 ,  G06F7/582 ,  G06F7/588 ,  H04L9/0662 ,  H04L9/0861 ,  H04L9/3249 ,  H04L2209/24 ,  H04L2209/72

Abstract: Embodiments of an invention for cryptographic key generation using a stored input value and a stored count value have been described. In one embodiment, a processor includes non-volatile storage storing an input value and a count value, and logic to generate a cryptographic key based on the stored input value and the stored count value.

Abstract translation: 已经描述了使用存储的输入值和存储的计数值的密码密钥生成的发明的实施例。 在一个实施例中，处理器包括存储输入值和计数值的非易失性存储器，以及基于存储的输入值和存储的计数值来产生密码密钥的逻辑。

公开(公告)号：US11816040B2

公开(公告)日：2023-11-14

申请号：US17712109

申请日：2022-04-02

Applicant: Intel Corporation

Inventor： Vidhya Krishnan ,  Siddhartha Chhabra ,  David Puffer ,  Ankur Shah ,  Daniel Nemiroff ,  Utkarsh Y. Kakaiya

IPC: G06F12/00 ,  G06F12/14 ,  G06F11/10 ,  G06F12/02

CPC classification number: G06F12/1433 ,  G06F11/1004 ,  G06F12/0292 ,  G06F12/1408 ,  G06F12/1466 ,  G06F12/1483

Abstract: Device memory protection for supporting trust domains is described. An example of a computer-readable storage medium includes instructions for allocating device memory for one or more trust domains (TDs) in a system including one or more processors and a graphics processing unit (GPU); allocating a trusted key ID for a TD of the one or more TDs; creating LMTT (Local Memory Translation Table) mapping for address translation tables, the address translation tables being stored in a device memory of the GPU; transitioning the TD to a secure state; and receiving and processing a memory access request associated with the TD, processing the memory access request including accessing a secure version of the address translation tables.

公开(公告)号：US20220222340A1

公开(公告)日：2022-07-14

申请号：US17711883

申请日：2022-04-01

Applicant: Intel Corporation

Inventor： Vidhya Krishnan ,  Ankur Shah ,  Bryan White ,  Daniel Nemiroff ,  David Puffer ,  Julien Carreno ,  Scott Janus ,  Ravi Sahita ,  Hema Nalluri ,  Utkarsh Y. Kakaiya

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/60 ,  G06F9/50

Abstract: Security and support for trust domain operation is described. An example of a method includes processing, at an accelerator, one or more compute workloads received from a host system; upon receiving a notification that a trust domain has transitioned to a secure state, transition an original set of privileges for the accelerator to a downgraded set of privileges; upon receiving a command from the host system for the trust domain, processing the command in accordance with the trust domain; and upon receiving a request from the host system to access a register, for a register included in an allowed list of registers for access, allow access to the register, and, for a register that is not within the allowed list of registers for access, disallowing access to the register.

公开(公告)号：US10862680B2

公开(公告)日：2020-12-08

申请号：US16142587

申请日：2018-09-26

Applicant: Intel Corporation

Inventor： Daniel Nemiroff ,  Xiaoyu Ruan ,  William Stevens, Jr.

IPC: H04L9/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  H04L9/32

Abstract: In embodiments, an apparatus for microcontroller (μC) or system-on-chip (SoC) computing includes a set of fuses disposed in a μC or a SoC to store a seed value and M pairs of loop counter values (LCVs) with which to locally generate M private keys from the seed value on the microcontroller or SoC, where M is a positive integer, each private key to decrypt data encrypted with a pre-defined public key cryptosystem, wherein each private key includes two prime numbers p and q (p,q), the LCVs being a number of iterations of a key derivation function (KDF) needed to respectively obtain p and q from the seed value; and a key decoder, disposed in the (μC) or the SoC, and coupled to the set of fuses, to read the seed value and the M pairs of LCVs, and, for each of the M private keys to: respectively generate (p,q) from the seed value by respectively iterating the KDF by the LCVs for that key.

公开(公告)号：US10341099B2

公开(公告)日：2019-07-02

申请号：US15052173

申请日：2016-02-24

Applicant: Intel Corporation

Inventor： Daniel Nemiroff

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  G06F7/58

Abstract: Embodiments of an invention for cryptographic key generation using a stored input value and a stored count value have been described. In one embodiment, a processor includes non-volatile storage storing an input value and a count value, and logic to generate a cryptographic key based on the stored input value and the stored count value.

公开(公告)号：US09800409B2

公开(公告)日：2017-10-24

申请号：US14636717

申请日：2015-03-03

Applicant: Intel Corporation

Inventor： Daniel Nemiroff

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/32 ,  G06F7/58

CPC classification number: H04L9/0869 ,  G06F7/582 ,  G06F7/588 ,  H04L9/0662 ,  H04L9/0861 ,  H04L9/3249 ,  H04L2209/24 ,  H04L2209/72

Abstract: Embodiments of an invention for cryptographic key generation using a stored input value and a stored count value have been described. In one embodiment, a processor includes non-volatile storage storing an input value and a count value, and logic to generate a cryptographic key based on the stored input value and the stored count value.

公开(公告)号：US09781117B2

公开(公告)日：2017-10-03

申请号：US15204799

申请日：2016-07-07

Applicant: Intel Corporation

Inventor： Robert C. Swanson ,  Daniel Nemiroff ,  Vincent J. Zimmer ,  Mallik Bulusu ,  John R. Lindsley ,  Robert W. Cone ,  Malay Trivedi ,  Piotr Kwidzinski

IPC: G06F3/06 ,  H04L29/06 ,  G06F21/55 ,  G06F21/57 ,  G06F13/28

CPC classification number: H04L63/10 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0683 ,  G06F13/28 ,  G06F21/554 ,  G06F21/57 ,  G06F21/572

Abstract: Embodiments of multinode hubs for trust operations are disclosed herein. In some embodiments, a multinode hub may include a plurality of memory regions, a trapping module, and a trusted platform module (TPM) component. Each memory region may be associated with and receive trust operation data from a coherent computing node. The trapping module may generate trap notifications in response to accesses to the plurality of memory regions by the associated coherent computing nodes. The trap notifications may indicate which of the plurality of memory locations has been accessed, and the TPM component may process the trust operation data in a memory region indicated by a trap notification. Other embodiments may be disclosed and/or claimed.

公开(公告)号：US09721104B2

公开(公告)日：2017-08-01

申请号：US14091026

申请日：2013-11-26

Applicant: INTEL CORPORATION

Inventor： Daniel Nemiroff ,  Ben Furman

IPC: G06F21/57

CPC classification number: G06F21/575

Abstract: A measured boot process for an electronic device includes taking a measurement of the early system start up instructions of the electronic device upon a reboot or start-up of the device. A representation of the measurement is stored in a trusted platform module of the electronic device prior to initialization of the trusted platform module. Access is granted to the representation of the measurement stored in the trusted platform module prior to initialization of the trusted platform module thereby enabling the representation of the measurement to serve as the core root of trust for measurement.

公开(公告)号：US20170154009A1

公开(公告)日：2017-06-01

申请号：US15070481

申请日：2016-03-15

Applicant: Intel Corporation

Inventor： Zhenyu Zhu ,  Nobuyuki Suzuki ,  Anoop Mukker ,  Daniel Nemiroff ,  David W. Vogel

IPC: G06F13/42 ,  G06F1/08 ,  G06F1/24 ,  G06F9/44 ,  G06F1/32

CPC classification number: G06F13/4282 ,  G06F1/08 ,  G06F1/24 ,  G06F1/3287 ,  G06F9/4411

Abstract: An example method for initializing an interface includes driving a low voltage signal on data lanes and clock lanes. The method further includes performing a reset sequence and an initialization of a link configuration register. The method also includes driving a high voltage signal to the clock lanes and the data lanes. The method further includes driving a bus turn-around (BTA) sequence on the data lanes. The method also includes detecting that the BTA is acknowledged by a host controller.

公开(公告)号：US09608825B2

公开(公告)日：2017-03-28

申请号：US14542491

申请日：2014-11-14

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Daniel Nemiroff ,  Ned M. Smith ,  Ernie Brickell ,  Jiangtao Li

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04L9/14

CPC classification number: H04L9/3234 ,  G06F21/57 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3263 ,  H04L2209/127

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.