公开(公告)号：US09087200B2

公开(公告)日：2015-07-21

申请号：US13527547

申请日：2012-06-19

Applicant: Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/72 ,  G06F21/60 ,  G06F21/53 ,  G06F12/14

CPC classification number: G06F21/60 ,  G06F21/53 ,  G06F21/72

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract translation: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中，建立一个或多个安全空间，其中可以存储和执行应用和数据。

公开(公告)号：US20140297962A1

公开(公告)日：2014-10-02

申请号：US13854107

申请日：2013-03-31

Applicant: CARLOS V ROZAS ,  ILYA ALEXANDROVICH ,  ITTAI ANATI ,  ALEX BERENZON ,  MICHAEL A GOLDSMITH ,  BARRY E HUNTLEY ,  ANTON IVANOV ,  SIMON P JOHNSON ,  REBEKAH M. LESLIE-HURD ,  FRANCIS X. MCKEEN ,  GILBERT NEIGER ,  RINAT RAPPOPORT ,  SCOTT DION RODGERS ,  UDAY R. SAVAGAONKAR ,  VINCENT R. SCARLATA ,  VEDVYAS SHANBHOGUE ,  WESLEY H SMITH ,  WILLIAM COLIN WOOD

Inventor： CARLOS V ROZAS ,  ILYA ALEXANDROVICH ,  ITTAI ANATI ,  ALEX BERENZON ,  MICHAEL A GOLDSMITH ,  BARRY E HUNTLEY ,  ANTON IVANOV ,  SIMON P JOHNSON ,  REBEKAH M. LESLIE-HURD ,  FRANCIS X. MCKEEN ,  GILBERT NEIGER ,  RINAT RAPPOPORT ,  SCOTT DION RODGERS ,  UDAY R. SAVAGAONKAR ,  VINCENT R. SCARLATA ,  VEDVYAS SHANBHOGUE ,  WESLEY H SMITH ,  WILLIAM COLIN WOOD

IPC: G06F12/08 ,  G06F12/10

CPC classification number: G06F12/0875 ,  G06F12/0808 ,  G06F12/1027 ,  G06F2212/1016 ,  G06F2212/402

Abstract: Instructions and logic provide advanced paging capabilities for secure enclave page caches. Embodiments include multiple hardware threads or processing cores, a cache to store secure data for a shared page address allocated to a secure enclave accessible by the hardware threads. A decode stage decodes a first instruction specifying said shared page address as an operand, and execution units mark an entry corresponding to an enclave page cache mapping for the shared page address to block creation of a new translation for either of said first or second hardware threads to access the shared page. A second instruction is decoded for execution, the second instruction specifying said secure enclave as an operand, and execution units record hardware threads currently accessing secure data in the enclave page cache corresponding to the secure enclave, and decrement the recorded number of hardware threads when any of the hardware threads exits the secure enclave.

Abstract translation: 说明和逻辑为安全的飞地页面缓存提供了高级分页功能。 实施例包括多个硬件线程或处理核心，用于存储分配给由硬件线程可访问的安全空间的共享页面地址的安全数据的高速缓存。 解码级将指定所述共享页地址的第一指令解码为操作数，并且执行单元标记对应于共享页地址的飞地页高速缓存映射的条目，以阻止所述第一或第二硬件线程中的任一个的新转换的创建 访问共享页面。 第二指令被解码以执行，第二指令指定所述安全飞地作为操作数，并且执行单元记录当前访问与安全飞地相对应的飞地页面缓存中的安全数据的硬件线程，并且当任何 的硬件线程退出安全飞地。

公开(公告)号：US20140267332A1

公开(公告)日：2014-09-18

申请号：US13832435

申请日：2013-03-15

Applicant: Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  Michael A. Goldsmith ,  David M. Durham

Inventor： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Prashant Dewan ,  Michael A. Goldsmith ,  David M. Durham

IPC: G06T1/60

CPC classification number: G06T1/60 ,  G06F3/147 ,  G06F21/84 ,  G06T1/20 ,  G09G2358/00 ,  H04N21/42653 ,  H04N21/4318 ,  H04N21/4367 ,  H04N21/44004 ,  H04N21/4408

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

Abstract translation: 受保护的图形模块可以将其输出安全地发送到显示引擎。 与显示器的安全通信可以提供受保护图形模块生成的内容对软件和硬件攻击的机密性。

公开(公告)号：US20140189326A1

公开(公告)日：2014-07-03

申请号：US13729371

申请日：2012-12-28

Applicant: Rebekah Leslie ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith

Inventor： Rebekah Leslie ,  Carlos V. Rozas ,  Vincent R. Scarlata ,  Simon P. Johnson ,  Uday R. Savagaonkar ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Ittai Anati ,  Francis X. Mckeen ,  Michael A. Goldsmith ,  Ilya Alexandrovich ,  Alex Berenzon ,  Wesley H. Smith

IPC: G06F9/30

CPC classification number: G06F9/3004 ,  G06F9/30047 ,  G06F9/30076 ,  G06F9/44 ,  G06F12/084 ,  G06F12/0875 ,  G06F12/1483 ,  G06F2212/452

Abstract: Embodiments of an invention for memory management in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction and a second instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes allocating a page in an enclave page cache to a secure enclave. The execution unit is also to execute the second instruction, wherein execution of the second instruction includes confirming the allocation of the page.

Abstract translation: 公开了用于安全飞行器中的存储器管理的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一指令和第二指令。 执行单元执行第一指令，其中第一指令的执行包括将飞地页面缓存中的页面分配到安全飞地。 执行单元还执行第二指令，其中第二指令的执行包括确认页的分配。

公开(公告)号：US20140189325A1

公开(公告)日：2014-07-03

申请号：US13729277

申请日：2012-12-28

Applicant: Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon

Inventor： Francis X. Mckeen ,  Michael A. Goldsmith ,  Barry E. Huntley ,  Simon P. Johnson ,  Rebekah Leslie ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Vincent R. Scarlata ,  Vedvyas Shanbhogue ,  Wesley H. Smith ,  Ittai Anati ,  Ilya Alexandrovich ,  Alex Berenzon

IPC: G06F9/30

CPC classification number: G06F12/0804 ,  G06F9/30047 ,  G06F12/0875 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/402

Abstract: Embodiments of an invention for paging in secure enclaves are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction. The execution unit is to execute the first instruction, wherein execution of the first instruction includes evicting a first page from an enclave page cache.

Abstract translation: 公开了用于在安全飞行器中寻呼的发明的实施例。 在一个实施例中，处理器包括指令单元和执行单元。 指令单元接收第一条指令。 执行单元执行第一指令，其中第一指令的执行包括从飞地页面缓存中逐出第一页。

公开(公告)号：US20140013422A1

公开(公告)日：2014-01-09

申请号：US13540869

申请日：2012-07-03

Applicant: Scott Janus ,  Kenneth T. Layton ,  Michael A. Goldsmith

Inventor： Scott Janus ,  Kenneth T. Layton ,  Michael A. Goldsmith

IPC: G06F21/31

CPC classification number: G06F21/31 ,  G06F21/32 ,  G06F21/6245 ,  G06F21/84 ,  H04L63/0861 ,  H04L2463/082

Abstract: A method and computing device for continuous multi-factor authentication are included in which a plurality of valid authentication credentials may be detected. Also, an authorized user may be detected within a viewing area. Additionally, an unauthorized object may be detected in the viewing area. Furthermore, a display device may be prevented from displaying content.

Abstract translation: 包括用于连续多因素认证的方法和计算装置，其中可以检测多个有效的认证证书。 此外，可以在观看区域内检测到授权用户。 此外，可以在观看区域中检测到未经授权的对象。 此外，可以防止显示装置显示内容。

公开(公告)号：US20130159726A1

公开(公告)日：2013-06-20

申请号：US13527547

申请日：2012-06-19

Applicant: Francis X. MCKEEN ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

Inventor： Francis X. MCKEEN ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/72

CPC classification number: G06F21/60 ,  G06F21/53 ,  G06F21/72

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract translation: 一种在计算机系统内实现安全应用和数据完整性的技术。 在一个实施例中，建立一个或多个安全空间，其中可以存储和执行应用和数据。

公开(公告)号：US07340179B2

公开(公告)日：2008-03-04

申请号：US10334501

申请日：2002-12-31

Applicant: Michael A. Goldsmith

Inventor： Michael A. Goldsmith

IPC: H04B10/00

CPC classification number: H04L29/06 ,  H04L69/03 ,  H04L69/18

Abstract: A system and method for supporting two infrared signaling protocols in a single computing device is provided. The computing system operates in a default mode unless a priority signaling request is generated by an application program. Priority signaling requests are given processing priority, and default mode transmission packets may be dropped during priority mode processing. Handling of dropped default mode packets is relinquished to an upper protocol layer of a network stack, which recovers and sends the dropped transmissions to the infrared device when the computing device returns to the default mode.

Abstract translation: 提供了一种用于在单个计算设备中支持两个红外信令协议的系统和方法。 除非由应用程序生成优先级信令请求，否则计算系统以默认模式运行。 优先级信令请求被赋予处理优先权，并且在优先模式处理期间可能丢弃默认模式传输分组。 丢弃的默认模式数据包的处理被放弃到网络堆栈的上层协议层，当计算设备返回到默认模式时，它将恢复并发送丢弃的传输到红外设备。

公开(公告)号：US20140096068A1

公开(公告)日：2014-04-03

申请号：US13631288

申请日：2012-09-28

Applicant: Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Xiaozhu Kang ,  Xiaoning Li ,  Uday R. Savagaonkar ,  David M. Durham ,  Paul S. Schmitz ,  Michael A. Goldsmith ,  Jason Martin

IPC: G06F3/0481 ,  G06F3/041

CPC classification number: G06F3/0481 ,  G06F3/041 ,  G06F3/04883 ,  G06F21/74 ,  G06F21/82

Abstract: A device and method for securely rendering content on a gesture-enabled computing device includes initializing a secure execution environment on a processor graphics of the computing device. The computing device transfers view rendering code and associated state data to the secure execution environment. An initial view of the content is rendered by executing the view rendering code in the secure execution environment. A gesture is recognized, and an updated view of the content is rendered in the secure execution environment in response to the gesture. The gesture may include a touch gesture recognized on a touch screen, or a physical gesture of the user recognized by a camera. After the updated view of the content is rendered, the main processor of the computing device may receive updated view data from the secure execution environment.

Abstract translation: 用于在启用姿势的计算设备上安全地呈现内容的设备和方法包括在计算设备的处理器图形上初始化安全执行环境。 计算设备将视图呈现代码和相关联的状态数据传送到安全执行环境。 通过在安全执行环境中执行视图呈现代码来呈现内容的初始视图。 识别手势，并且响应于手势在安全执行环境中呈现内容的更新视图。 手势可以包括在触摸屏上识别的触摸手势，或者由相机识别的用户的身体手势。 在呈现内容的更新视图之后，计算设备的主处理器可以从安全执行环境接收更新的视图数据。

公开(公告)号：US07454756B2

公开(公告)日：2008-11-18

申请号：US10794752

申请日：2004-03-05

Applicant: Philip R. Lantz ,  Michael A. Goldsmith ,  David J. Cowperthwaite ,  Kiran S. Panesar

Inventor： Philip R. Lantz ,  Michael A. Goldsmith ,  David J. Cowperthwaite ,  Kiran S. Panesar

IPC: G06F9/46

CPC classification number: G06F9/45558 ,  G06F2009/45579

Abstract: A method, apparatus and system are described for seamlessly sharing I/O devices amongst multiple virtual machines (“VMs”) on a host computer. Specifically, according to one embodiment of the invention, the virtual machine manager (“VMM”) on the host cycles access to the I/O devices amongst the VMs according to a round robin or other such allocation scheme. In order to provide direct access to the devices, the VMM may save the device state pertaining to the currently active VM, store the state in a memory region allocated to the currently active VM, retrieve a device state for a new VM from its memory region and restore the device using the retrieved device state, thus providing the illusion that each VM has direct, full-speed, exclusive access to the I/O device.

Abstract translation: 描述了用于在主计算机上的多个虚拟机（“VM”）之间无缝共享I / O设备的方法，装置和系统。 具体地说，根据本发明的一个实施例，主机上的虚拟机管理器（“VMM”）根据轮询或其他此类分配方案来循环访问VM中的I / O设备。 为了提供对设备的直接访问，VMM可以保存与当前活动的VM相关的设备状态，将状态存储在分配给当前活动的VM的存储器区域中，从其存储区域检索新的VM的设备状态 并使用检索到的设备状态恢复设备，从而提供每个虚拟机具有对I / O设备的直接，全速独占访问的错觉。