公开(公告)号：US11489678B2

公开(公告)日：2022-11-01

申请号：US16856968

申请日：2020-04-23

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L9/40 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US20220103365A1

公开(公告)日：2022-03-31

申请号：US17548577

申请日：2021-12-12

Applicant: Intel Corporation

Inventor： Arkadiusz Berent ,  Mateusz Bronk ,  Piotr Zmijewski

IPC: H04L9/32 ,  H04L65/60

Abstract: A method comprises generating an original digital content, generating a first set of rules pertaining to permissible changes to the original digital content, generating a cryptographically signed certificate comprising the first set of rules and a hash of the original digital content, and publishing the original digital content and the associated cryptographically signed certificate.

公开(公告)号：US20220108008A1

公开(公告)日：2022-04-07

申请号：US17551690

申请日：2021-12-15

Applicant: Intel Corporation

Inventor： Mateusz Bronk ,  Arkadiusz Berent ,  Piotr Zmijewski

IPC: G06F21/55

Abstract: A method comprises issuing a challenge to a target computing device, receiving, from the target computing device, a response to the challenge, the response comprising a self-attestation proof, a root of trust (RoT) certificate, and a set of current attestation measurements, and generating a signal indicative of a security status of the target based upon a determination of whether the set of current attestation measurements match a set of expected attestation measurements for the target computing device.

公开(公告)号：US20210006416A1

公开(公告)日：2021-01-07

申请号：US16856968

申请日：2020-04-23

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US20220201007A1

公开(公告)日：2022-06-23

申请号：US17693070

申请日：2022-03-11

Applicant: Intel Corporation

Inventor： Piotr Zmijewski ,  Arkadiusz Berent ,  Mateusz Bronk

IPC: H04L9/40

Abstract: A system and method of authenticating a development environment include receiving, by one or more processors associated with a source code repository, a development profile from a development environment. Sending the development profile to a trusted profile verifier to be registered as a trusted development profile. Receiving a pending source file commit request, where the pending source file commit request includes source code files and a current development profile. Facilitating verification of whether the current development profile matches the trusted development profile. When it is verified that the current development profile matches the trusted development profile, accepting the source code files.

公开(公告)号：US10708067B2

公开(公告)日：2020-07-07

申请号：US15201400

申请日：2016-07-02

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  G09C1/00 ,  H04L29/06 ,  H04L9/14

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.

公开(公告)号：US20170353319A1

公开(公告)日：2017-12-07

申请号：US15279527

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/32 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3252 ,  G06F21/44 ,  G06F21/53 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/302 ,  H04L9/3066 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3249 ,  H04L63/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/12 ,  H04L2209/127

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US20220104025A1

公开(公告)日：2022-03-31

申请号：US17546413

申请日：2021-12-09

Applicant: Intel Corporation

Inventor： Arkadiusz Berent ,  Mateusz Bronk ,  Piotr Zmijewski ,  Krystian Matusiewicz

IPC: H04W12/50 ,  H04W12/033 ,  H04L9/08

Abstract: A method comprises discovering, in a controller device, one or more target devices that are in a pairing mode, generating, in the controller device, a first signal comprising a pattern, transmitting, from the controller device to a first remote device, the first signal comprising the pattern, receiving, in the controller device, a second signal from a second remote device, the second signal comprising a authentication code, and authenticating the one or more target devices when the first authentication signal and the second authentication signal match.

公开(公告)号：US10135622B2

公开(公告)日：2018-11-20

申请号：US15279527

申请日：2016-09-29

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P. Johnson ,  Bo Zhang ,  James D. Beaney, Jr. ,  Piotr Zmijewski ,  Wesley H. Smith ,  Eduardo Cabre

IPC: H04L9/36 ,  H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  H04L29/06 ,  G09C1/00 ,  G06F21/53

Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.

公开(公告)号：US20170366359A1

公开(公告)日：2017-12-21

申请号：US15201400

申请日：2016-07-02

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Francis X. McKeen ,  Carlos V. Rozas ,  Simon P, Johnson ,  Bo Zhang ,  James D. Beaney, JR. ,  Piotr Zmijewski ,  Wesley Hamilton Smith ,  Eduardo Cabre ,  Uday R. Savagaonkar

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L29/06

CPC classification number: H04L9/3263 ,  G09C1/00 ,  H04L9/0816 ,  H04L9/0822 ,  H04L9/14 ,  H04L9/3268 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/12

Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.