公开(公告)号：US20160149912A1

公开(公告)日：2016-05-26

申请号：US14554467

申请日：2014-11-26

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Annapurna Dasari ,  Willard M. Wiseman

IPC: H04L29/06

CPC classification number: H04L63/0876 ,  G06F21/57 ,  H04L63/0457 ,  H04L63/0853

Abstract: In an embodiment, at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，至少一个计算机可读介质具有存储在其上的指令，用于使系统在计算系统的安全平台服务飞地（PSE）处进行密码地签名，并使用安全认证密钥（SGX AK），公共部分 与物理平台的可信计算基础相关联的可信平台模块认证密钥（TPM AK），以形成认证的TPM AK公共部分。 还包括用于将经认证的TPM AK公共部分存储在PSE中的指令，以及响应于从虚拟机（VM）相关联的虚拟可信平台模块（vTPM）处从请求者接收到的认证请求的指令，所述虚拟可信平台模块（vTPM）已迁移到 物理平台，向请求者提供存储在PSE中的认证TPM AK公共部分。 描述和要求保护其他实施例。

公开(公告)号：US20150286582A1

公开(公告)日：2015-10-08

申请号：US14725903

申请日：2015-05-29

Applicant: INTEL CORPORATION

Inventor： Mark E. Scott-Nash

IPC: G06F12/14 ,  G06F9/455 ,  G06F21/64

CPC classification number: G06F12/1408 ,  G06F9/455 ,  G06F9/45558 ,  G06F21/57 ,  G06F21/64 ,  G06F2009/45587

Abstract: Embodiments of techniques and systems associated with roots-of-trust (RTMs) for measurement of virtual machines (VMs) are disclosed. In some embodiments, a computing platform may provide a virtual machine RTM (vRTM) in a first secure enclave of the computing platform. The computing platform may be configured to perform an integrity measurement of the first secure enclave. The computing platform may provide a virtual machine trusted platform module (vTPM), for a guest VM, outside the first secure enclave of the computing platform. The computing platform may initiate a chain of integrity measurements between the vRTM and a resource of the guest VM. Other embodiments may be described and/or claimed.

Abstract translation: 公开了用于测量虚拟机（VM）的与信任根（RTM）相关联的技术和系统的实施例。 在一些实施例中，计算平台可以在计算平台的第一安全空间中提供虚拟机RTM（vRTM）。 计算平台可以被配置为执行第一安全飞地的完整性测量。 计算平台可以为计算平台的第一安全飞地之外的客VM提供虚拟机可信平台模块（vTPM）。 计算平台可以启动vRTM和客户VM的资源之间的一系列完整性测量。 可以描述和/或要求保护其他实施例。

公开(公告)号：US09461994B2

公开(公告)日：2016-10-04

申请号：US14554467

申请日：2014-11-26

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Annapurna Dasari ,  Willard M. Wiseman

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0876 ,  G06F21/57 ,  H04L63/0457 ,  H04L63/0853

Abstract: In an embodiment, at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，至少一个计算机可读介质具有存储在其上的指令，用于使系统在计算系统的安全平台服务飞地（PSE）处进行密码地签名，并使用安全认证密钥（SGX AK），公共部分 与物理平台的可信计算基础相关联的可信平台模块认证密钥（TPM AK），以形成认证的TPM AK公共部分。 还包括用于将经认证的TPM AK公共部分存储在PSE中的指令，以及响应于从虚拟机（VM）相关联的虚拟可信平台模块（vTPM）处从请求者接收到的认证请求的指令，所述虚拟可信平台模块（vTPM）已迁移到 物理平台，向请求者提供存储在PSE中的认证TPM AK公共部分。 描述和要求保护其他实施例。

公开(公告)号：US09053059B2

公开(公告)日：2015-06-09

申请号：US13997138

申请日：2013-03-06

Applicant: INTEL CORPORATION

Inventor： Mark E. Scott-Nash

IPC: G06F7/04 ,  G06F12/14 ,  G06F21/64 ,  G06F9/455

CPC classification number: G06F12/1408 ,  G06F9/455 ,  G06F9/45558 ,  G06F21/57 ,  G06F21/64 ,  G06F2009/45587

Abstract: Embodiments of techniques and systems associated with roots-of-trust (RTMs) for measurement of virtual machines (VMs) are disclosed. In some embodiments, a computing platform may provide a virtual machine RTM (vRTM) in a first secure enclave of the computing platform. The computing platform may be configured to perform an integrity measurement of the first secure enclave. The computing platform may provide a virtual machine trusted platform module (vTPM), for a guest VM, outside the first secure enclave of the computing platform. The computing platform may initiate a chain of integrity measurements between the vRTM and a resource of the guest VM. Other embodiments may be described and/or claimed.

Abstract translation: 公开了用于测量虚拟机（VM）的与信任根（RTM）相关联的技术和系统的实施例。 在一些实施例中，计算平台可以在计算平台的第一安全空间中提供虚拟机RTM（vRTM）。 计算平台可以被配置为执行第一安全飞地的完整性测量。 计算平台可以为计算平台的第一安全飞地之外的客VM提供虚拟机可信平台模块（vTPM）。 计算平台可以启动vRTM和客户VM的资源之间的一系列完整性测量。 可以描述和/或要求保护其他实施例。

公开(公告)号：US11557082B2

公开(公告)日：2023-01-17

申请号：US15087264

申请日：2016-03-31

Applicant: Intel Corporation

Inventor： Simon Hunt ,  Mark E. Scott-Nash

IPC: G06T17/00 ,  G01F17/00

Abstract: There is disclosed in an example, a pourable smart matter having a plurality of compute nodes, the compute nodes having: a mechanical structure having a plurality of faces, the faces having abutting face detectors; a network interface; and one or more logic elements comprising a positional engine to: identify a neighbor compute node abutting at least one of the faces; and build an individual positional profile based at least in part on the identifying. The pourable smart matter may be used, for example, to determine the geometry or volume of a container.

公开(公告)号：US09740882B2

公开(公告)日：2017-08-22

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/60 ,  H04W12/02

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

公开(公告)号：US20150248566A1

公开(公告)日：2015-09-03

申请号：US14482460

申请日：2014-09-10

Applicant: Intel Corporation

Inventor： Mark E. Scott-Nash ,  Scott H. Robinson ,  Howard C. Herbert ,  Geoffrey S. Strongin ,  Stephen J. Allen ,  Tobias M. Kohlenberg ,  Uttam K. Sengupta

IPC: G06F21/62

CPC classification number: G06F21/629 ,  G06F21/604 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2111 ,  H04W12/02

Abstract: Technologies for sensor privacy on a computing device include receiving, by a sensor controller of the computing device, sensor data from a sensor of the computing device; determining a sensor mode for the sensor; and sending privacy data in place of the sensor data in response to a determination that the sensor mode for the sensor is set to a private mode. The technologies may also include receiving, by a security engine of the computing device, a sensor mode change command from a user of the computing device via a trusted input/output path of the computing device; and sending a mode command to the sensor controller to set the sensor mode of the sensor based on the sensor mode change command, wherein the sending the mode command comprises sending the mode command over a private bus established between the security engine and the sensor controller. Other embodiments are described herein.

Abstract translation: 用于计算设备上的传感器隐私的技术包括由计算设备的传感器控制器接收来自计算设备的传感器的传感器数据; 确定传感器的传感器模式; 以及响应于所述传感器的传感器模式被设置为专用模式的确定，发送隐私数据代替所述传感器数据。 这些技术还可以包括由计算设备的安全引擎经由计算设备的信任输入/输出路径从计算设备的用户接收传感器模式改变命令; 并且向传感器控制器发送模式命令以基于传感器模式改变命令来设置传感器的传感器模式，其中发送模式命令包括通过在安全引擎和传感器控制器之间建立的专用总线发送模式命令。 本文描述了其它实施例。

公开(公告)号：US20170284797A1

公开(公告)日：2017-10-05

申请号：US15087264

申请日：2016-03-31

Applicant: Intel Corporation

Inventor： Simon Hunt ,  Mark E. Scott-Nash

IPC: G01B21/02 ,  E21B47/00

CPC classification number: G01F17/00

Abstract: There is disclosed in an example, a pourable smart matter having a plurality of compute nodes, the compute nodes having: a mechanical structure having a plurality of faces, the faces having abutting face detectors; a network interface; and one or more logic elements comprising a positional engine to: identify a neighbor compute node abutting at least one of the faces; and build an individual positional profile based at least in part on the identifying. The pourable smart matter may be used, for example, to determine the geometry or volume of a container.

公开(公告)号：US09678895B2

公开(公告)日：2017-06-13

申请号：US14725903

申请日：2015-05-29

Applicant: INTEL CORPORATION

Inventor： Mark E. Scott-Nash

IPC: G06F7/04 ,  G06F12/14 ,  G06F21/64 ,  G06F9/455 ,  G06F21/57

CPC classification number: G06F12/1408 ,  G06F9/455 ,  G06F9/45558 ,  G06F21/57 ,  G06F21/64 ,  G06F2009/45587

Abstract: Embodiments of techniques and systems associated with roots-of-trust (RTMs) for measurement of virtual machines (VMs) are disclosed. In some embodiments, a computing platform may provide a virtual machine RTM (vRTM) in a first secure enclave of the computing platform. The computing platform may be configured to perform an integrity measurement of the first secure enclave. The computing platform may provide a virtual machine trusted platform module (vTPM), for a guest VM, outside the first secure enclave of the computing platform. The computing platform may initiate a chain of integrity measurements between the vRTM and a resource of the guest VM. Other embodiments may be described and/or claimed.