公开(公告)号：US20190045016A1

公开(公告)日：2019-02-07

申请号：US16023233

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta ,  Howard C. Herbert

IPC: H04L29/08 ,  H04L29/06

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

公开(公告)号：US10885202B2

公开(公告)日：2021-01-05

申请号：US16123593

申请日：2018-09-06

Applicant: Intel Corporation

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

公开(公告)号：US09124635B2

公开(公告)日：2015-09-01

申请号：US13690666

申请日：2012-11-30

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Jason Martin ,  Howard C. Herbert ,  Michael LeMay ,  Karanvir Ken S. Grewal ,  Keith L. Shippy ,  Geoffrey Strongin

IPC: H04L29/06

CPC classification number: H04L63/20 ,  G06K9/00228 ,  H04L63/105 ,  H04L67/24

Abstract: Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.

Abstract translation: 传感器数据可能会在安全的环境中进行过滤。 滤波可能会限制传感器数据的分布。 过滤可以修改传感器数据，例如，以防止识别拍摄图像中描绘的人，或阻止获取用户的精确位置。 过滤还可以添加或要求其他数据使用控制来访问数据。 也可以提供过滤器策略正在应用和正常工作的证明。

公开(公告)号：US09740882B2

公开(公告)日：2017-08-22

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/60 ,  H04W12/02

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

公开(公告)号：US20150248566A1

公开(公告)日：2015-09-03

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/62

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

Abstract translation: 用于计算设备上的传感器隐私的技术包括由计算设备的传感器控制器接收来自计算设备的传感器的传感器数据; 确定传感器的传感器模式; 以及响应于所述传感器的传感器模式被设置为专用模式的确定，发送隐私数据代替所述传感器数据。 这些技术还可以包括由计算设备的安全引擎经由计算设备的信任输入/输出路径从计算设备的用户接收传感器模式改变命令; 并且向传感器控制器发送模式命令以基于传感器模式改变命令来设置传感器的传感器模式，其中发送模式命令包括通过在安全引擎和传感器控制器之间建立的专用总线发送模式命令。 本文描述了其它实施例。

公开(公告)号：US11765239B2

公开(公告)日：2023-09-19

申请号：US17591116

申请日：2022-02-02

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta ,  Howard C. Herbert

IPC: G06F13/40 ,  G06F12/14 ,  H04L67/142 ,  H04L9/40

CPC classification number: H04L67/142 ,  H04L63/0435 ,  H04L63/105 ,  H04L63/1466 ,  H04L63/20

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

公开(公告)号：US11258861B2

公开(公告)日：2022-02-22

申请号：US16023233

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta ,  Howard C. Herbert

IPC: H04L29/06 ,  G06F21/54 ,  G06F21/30 ,  H04L67/142

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

公开(公告)号：US10104122B2

公开(公告)日：2018-10-16

申请号：US14825645

申请日：2015-08-13

Applicant: Intel Corporation

Inventor： Scott H. Robinson ,  Jason Martin ,  Howard C. Herbert ,  Michael LeMay ,  Karanvir Ken S. Grewal ,  Keith L. Shippy ,  Geoffrey Strongin

IPC: H04L29/06 ,  H04L29/08 ,  G06K9/00

Abstract: Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.

公开(公告)号：US20220159081A1

公开(公告)日：2022-05-19

申请号：US17591116

申请日：2022-02-02

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta ,  Howard C. Herbert

IPC: H04L67/142 ,  H04L9/40

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

公开(公告)号：US10102380B2

公开(公告)日：2018-10-16

申请号：US13802272

申请日：2013-03-13

Applicant: INTEL CORPORATION

Inventor： Francis X. McKeen ,  Carlos V. Rozas ,  Uday R. Savagaonkar ,  Simon P. Johnson ,  Vincent Scarlata ,  Michael A. Goldsmith ,  Ernie Brickell ,  Jiang Tao Li ,  Howard C. Herbert ,  Prashant Dewan ,  Stephen J. Tolopka ,  Gilbert Neiger ,  David Durham ,  Gary Graunke ,  Bernard Lint ,  Don A. Van Dyke ,  Joseph Cihula ,  Stalinselvaraj Jeyasingh ,  Stephen R. Van Doren ,  Dion Rodgers ,  John Garney ,  Asher Altman

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/53

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.