-
61.发明授权Secure vault service for software components within an execution environment 有权为执行环境中的软件组件提供安全的保管库服务公开(公告)号:US09361471B2
公开(公告)日:2016-06-07
申请号:US14557079
申请日:2014-12-01
Applicant: Intel Corporation
Inventor: David M. Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
CPC classification number: G06F21/6209 , G06F12/1408 , G06F12/1466 , G06F12/1475 , G06F21/52 , G06F21/53
Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
Abstract translation: 这里一般地描述用于执行环境中的软件组件的安全保险库服务的装置,物品,方法和系统的实施例。 一个实施例包括虚拟机监视器,操作系统监视器或其他底层平台功能的能力,以限制存储器区域,以便仅通过特定认证的,授权的和已验证的软件组件进行访问,即使在其他受损的操作系统环境的一部分。 代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。 可以描述和要求保护其他实施例。
-
公开(公告)号:US09275225B2
公开(公告)日:2016-03-01
申请号:US13838091
申请日:2013-03-15
Applicant: INTEL CORPORATION
Inventor: Rekha N. Bachwani , Ravi L. Sahita , David M. Durham
CPC classification number: G06F21/56 , G06F9/45558 , G06F21/554 , G06F21/563 , G06F21/566 , G06F2009/45583 , G06F2009/45587
Abstract: Technologies for securing an electronic device include determining addresses of one or more memory pages, injecting for each memory page a portion of identifier data into the memory page, storing an indication of the identifier data injected into each of the memory pages, determining an attempt to access at least one of the memory pages, determining any of the identifier data present on a memory page associated with the attempt, comparing the indication of the identifier data with the determined identifier data present on the memory page, and, based on the comparison, determining whether to allow the access.
Abstract translation: 用于确保电子设备的技术包括确定一个或多个存储器页面的地址,将每个存储器页面的一部分标识符数据注入存储器页面,存储注入到每个存储器页面中的标识符数据的指示, 访问存储器页面中的至少一个,确定存在于与尝试相关联的存储器页面上的任何标识符数据,将标识符数据的指示与存储在页面上的确定的标识符数据进行比较,并且基于该比较, 确定是否允许访问。
-
公开(公告)号:US20150278514A1
公开(公告)日:2015-10-01
申请号:US14739133
申请日:2015-06-15
Applicant: Intel Corporation
Inventor: Xiaozhu Kang , Alpa T. Narendra Trivedi , Siddhartha Chhabra , Prashant Dewan , Uday R. Savagaonkar , David M. Durham
Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.
Abstract translation: 入口/出口架构可能是保护框架的关键组成部分,使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境(入口体系结构)并脱离可信执行环境(退出体系结构)的步骤,同时防止任何安全信息泄露到不受信任的环境中。
-
公开(公告)号:US09087202B2
公开(公告)日:2015-07-21
申请号:US13891255
申请日:2013-05-10
Applicant: Intel Corporation
Inventor: Xiaozhu Kang , Alpa T. Narendra Trivedi , Siddhartha Chhabra , Prashant Dewan , Uday R. Savagaonkar , David M. Durham
Abstract: The entry/exit architecture may be a critical component of a protection framework using a secure enclaves-like trust framework for coprocessors. The entry/exit architecture describes steps that may be used to switch securely into a trusted execution environment (entry architecture) and out of the trusted execution environment (exit architecture), at the same time preventing any secure information from leaking to an untrusted environment.
Abstract translation: 入口/出口架构可能是保护框架的关键组成部分,使用协同处理器的安全的类似信任框架。 入口/出口架构描述了可用于将安全切换到受信任的执行环境(入口体系结构)并脱离可信执行环境(退出体系结构)的步骤,同时防止任何安全信息泄露到不受信任的环境中。
-
65.发明授权公开(公告)号:US12254203B2
公开(公告)日:2025-03-18
申请号:US18145095
申请日:2022-12-22
Applicant: Intel Corporation
Inventor: Sergej Deutsch , Christoph Dobraunig , Rajat Agarwal , David M. Durham , Santosh Ghosh , Karanvir Grewal , Krystian Matusiewicz
Abstract: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.
-
Patent Agency Ranking
公开(公告)号:US12182317B2
公开(公告)日:2024-12-31
申请号:US17357963
申请日:2021-06-24
Applicant: Intel Corporation
Inventor: Michael LeMay , David M. Durham
IPC: G06F21/00 , G06F12/0871 , G06F12/0882 , G06F21/55 , G06F21/60 , G06F21/79
Abstract: Methods and apparatus relating to techniques for region-based deterministic memory safety are described. In some embodiment, one or more instructions may be used to encrypt, decrypt, and/or check a pointer to a portion of the data stored in memory. The portion of the data is stored in a first region of the memory. The first region of the memory includes a plurality of identically sized allocation slots. Other embodiments are also disclosed and claimed.
-
公开(公告)号:US20240329861A1
公开(公告)日:2024-10-03
申请号:US18129822
申请日:2023-03-31
Applicant: Intel Corporation
Inventor: Yonghae Kim , David M. Durham , Michael LeMay
IPC: G06F3/06
CPC classification number: G06F3/0631 , G06F3/0604 , G06F3/0656 , G06F3/0673
Abstract: An apparatus includes circuitry to receive a memory access request based on a memory address in a memory allocation of a program. The memory allocation is assigned to a slot of memory apportioned into a plurality of slots. The circuitry is to calculate an index based, at least in part, on whether a size of the slot exceeds a slot threshold size, and determine whether a buffer communicatively coupled to the circuitry includes a buffer entry corresponding to the index and containing a set of metadata associated with the memory allocation. Based on the slot size, the circuitry is to calculate the index by either determining a metadata virtual address or by determining a virtual address of a midpoint of the slot. The indexed data may include bounds and tag information for the circuitry to determine if a memory access is within the bounds and matches the tag value.
-
68.发明授权公开(公告)号:US12045128B1
公开(公告)日:2024-07-23
申请号:US18147521
申请日:2022-12-28
Applicant: Intel Corporation
Inventor: David M. Durham , Sergej Deutsch , Karanvir Grewal
CPC classification number: G06F11/1044 , H04L9/0816
Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.
-
公开(公告)号:US20240220423A1
公开(公告)日:2024-07-04
申请号:US18147510
申请日:2022-12-28
Applicant: Intel Corporation
Inventor: Michael LeMay , David M. Durham , Salmin Sultana , Andrew V. Anderson , Hans Goran Liljestrand
CPC classification number: G06F12/1408 , H04L9/0819
Abstract: Techniques disclosed include selecting a first key identifier (ID) for a first compartment of a compartmentalized process of a computing system, the first compartment including first private data; assigning a first extended page table (EPT) having at least one memory address including the first key ID; encrypting the first private data with a first key associated with the first key ID; and storing the encrypted first private data in a memory starting at the at least one memory address of the first EPT.
-
公开(公告)号:US20240069955A1
公开(公告)日:2024-02-29
申请号:US18463829
申请日:2023-09-08
Applicant: Intel Corporation
Inventor: David M. Durham , Siddhartha Chhabra , Michael E. Kounavis
CPC classification number: G06F9/45558 , G06F12/0891 , G06F12/1408 , G06F21/53 , G06F21/79 , H04L63/0227 , H04L63/0428 , H04L63/0435 , H04L63/0471 , H04L69/04 , H04L63/123
Abstract: Systems and methods for memory isolation are provided. The methods include receiving a request to write a data line to a physical memory address, where the physical memory address includes a key identifier, selecting an encryption key from a key table based on the key identifier of the physical memory address, determining whether the data line is compressible, compressing the data line to generate a compressed line in response to determining that the data line is compressible, where the compressed line includes compression metadata and compressed data, adding encryption metadata to the compressed line, where the encryption metadata is indicative of the encryption key, encrypting a part of the compressed line with the encryption key to generate an encrypted line in response to adding the encryption metadata, and writing the encrypted line to a memory device at the physical memory address. Other embodiments are described and claimed.
-
-
-
-
-
-
-
-
-
Search Results
338
records
(took 0.022 seconds)
