专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

WO2017069915A1 SYSTEMS AND METHODS FOR PROVIDING CONFIDENTIALITY AND PRIVACY OF USER DATA FOR WEB BROWSERS 审中-公开
标题翻译：用于为网络浏览器提供用户数据的保密性和隐私的系统和方法
公开(公告)号：WO2017069915A1
公开(公告)日：2017-04-27
申请号：PCT/US2016/053509
申请日：2016-09-23
申请人： INTEL CORPORATION , LAL, Reshma
发明人： LAL, Reshma , VARADARAJAN, Srikanth , TRIPLETT, Josh
IPC分类号： H04L9/08 , H04L9/32
CPC分类号： H04L63/10 , G06F17/30949 , H04L63/0236 , H04L63/0428 , H04L63/083 , H04L67/02 , H04L67/1097
摘要： Various system configurations and methods for maintaining, accessing, and utilizing secure data of a web browser in a hardware-managed secure data store are disclosed herein. In an example, operations for management of sensitive data such as passwords may be provided with the use of secure enclaves operating in a trusted execution environment. For example, such secure enclaves may be used for sealing and persisting sensitive data associated with a remote service, and transmitting the sensitive data to the remote service, while an unsealed form of the sensitive data is not accessible outside of the trusted execution environment. In further examples, operations for generating a password, storing or updating existing passwords, and replacing web browser input fields with secure data are disclosed.
摘要翻译：本文公开了用于维护，访问和利用硬件管理的安全数据存储中的网页浏览器的安全数据的各种系统配置和方法。在一个示例中，可以通过使用在可信执行环境中操作的安全区来提供用于管理敏感数据（例如密码）的操作。例如，这样的安全区域可以用于密封和保持与远程服务相关联的敏感数据，并且将敏感数据传输到远程服务，而未密封形式的敏感数据在可信执行环境之外不可访问。在进一步的示例中，公开了用于生成密码，存储或更新现有密码以及用安全数据替换web浏览器输入字段的操作。

12. 发明申请

WO2017014889A1 TECHNOLOGIES FOR SECURE PROGRAMMING OF A CRYPTOGRAPHIC ENGINE FOR SECURE I/O 审中-公开
标题翻译：用于安全I / O的CRYPTOGRAPHIC发动机的安全技术
公开(公告)号：WO2017014889A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038396
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： CHHABRA, Siddhartha , GERZON, Gideon , LAL, Reshma , XING, Bin , PAPPACHAN, Pradeep M. , MCGOWAN, Steven B.
IPC分类号： G06F21/60
CPC分类号： G06F21/72 , G06F21/57 , H04L9/0822 , H04L9/0861 , H04L9/3242
摘要： Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes, an invoking secure enclave using secure enclave support of a processor. The invoking enclave configures channel programming information, including a channel key, and invokes a processor instruction with the channel programming information as a parameter. The processor generates wrapped programming information including an encrypted channel key and a message authentication code. The encrypted channel key is protected with a key known only to the processor. The invoking enclave provides the wrapped programming information to untrusted software, which invokes a processor instruction with the wrapped programming information as a parameter. The processor unwraps and verifies the wrapped programming information and then programs the cryptographic engine. The processor generates an authenticated response that may be verified by the invoking enclave. Other embodiments are described and claimed.
摘要翻译：用于加密引擎的安全编程的技术包括具有密码引擎和一个或多个I / O控制器的计算设备。计算设备使用处理器的安全飞地支持来建立调用安全飞地。调用飞地配置信道编程信息，包括信道密钥，并且以通道编程信息为参数来调用处理器指令。处理器产生包括加密的信道密钥和消息认证码的包装节目信息。加密的通道密钥由仅对处理器已知的密钥进行保护。调用的包层将包装的编程信息提供给不受信任的软件，该软件以包装的编程信息作为参数调用处理器指令。处理器解封装并验证封装的编程信息，然后对加密引擎进行编程。处理器生成可以通过调用飞地验证的认证响应。描述和要求保护其他实施例。

13. 发明申请

WO2017014885A1 CRYPTOGRAPHIC PROTECTION OF I/O DATA FOR DMA CAPABLE I/O CONTROLLERS 审中-公开
标题翻译：用于DMA能力I / O控制器的I / O数据的保护
公开(公告)号：WO2017014885A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038389
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： LAL, Reshma , MCGOWAN, Steven B. , CHHABRA, Siddhartha , GERZON, Gideon , XING, Bin , PAPPACHAN, Pradeep M. , ELBAZ, Reouven
IPC分类号： G06F21/60 , G06F13/28
CPC分类号： H04L9/0631 , G06F13/28 , H04L9/0618 , H04L9/0822 , H04L9/3242
摘要： Technologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may be coupled to one or more I/O devices. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.
摘要翻译：用于I / O数据加密保护的技术包括具有一个或多个I / O控制器的计算设备。每个I / O控制器可以耦合到一个或多个I / O设备。每个I / O控制器可以生成包括指示I / O控制器并且指示耦合到I / O控制器的I / O设备的信道标识符的直接存储器访问（DMA）事务。计算设备拦截DMA事务，并根据信道标识确定是否保护DMA事务。如果是这样，则计算设备使用与该信道标识符相关联的加密密钥来执行密码操作。计算设备可以包括密码引擎，其拦截DMA事务并且通过确定信道标识符是否匹配密码引擎的信道标识符表中的条目来确定是否保护DMA事务。描述和要求保护其他实施例。

14. 发明申请

WO2015094176A1 SECURE ENCLAVES FOR USE BY KERNEL MODE APPLICATIONS 审中-公开
标题翻译：使用KERNEL模式应用的安全保证
公开(公告)号：WO2015094176A1
公开(公告)日：2015-06-25
申请号：PCT/US2013/075598
申请日：2013-12-17
申请人： INTEL CORPORATION , XING, Bin Cedric , LAL, Reshma
发明人： XING, Bin Cedric , LAL, Reshma
IPC分类号： G06F12/14 , G06F21/00
CPC分类号： G06F12/1408 , G06F3/0622 , G06F3/0632 , G06F3/0673 , G06F9/4406 , G06F9/4411 , G06F12/0802 , G06F12/1009 , G06F12/1466 , G06F21/53 , G06F21/575 , G06F21/6218 , G06F2212/1052 , G06F2212/60
摘要： Various embodiments are generally directed to techniques to load and run secure enclaves for use by kernel mode applications. An apparatus to provide kernel mode access to a secure enclave includes a kernel mode secure enclave driver to provide user mode support for a kernel mode application and to initialize a secure enclave on behalf of the kernel mode application and a user mode secure enclave manager to process an instruction from the kernel mode application to the secure enclave.
摘要翻译：各种实施例通常涉及加载和运行安全包层以供内核模式应用使用的技术。向安全飞地提供内核模式访问的装置包括内核模式安全飞行驱动程序，以为内核模式应用程序提供用户模式支持，并代表内核模式应用程序初始化安全飞地，以及用户模式安全飞地管理程序来处理从内核模式应用程序到安全飞地的指令。

15. 发明申请

WO2014099028A1 PLATFORM-HARDENED DIGITAL RIGHTS MANAGEMENT KEY PROVISIONING 审中-公开
标题翻译：平台硬化数字管理重点提供
公开(公告)号：WO2014099028A1
公开(公告)日：2014-06-26
申请号：PCT/US2013/048513
申请日：2013-06-28
申请人： INTEL CORPORATION , CHHABRA, Siddhartha , LAL, Reshma
发明人： CHHABRA, Siddhartha , LAL, Reshma
IPC分类号： G06F21/62
CPC分类号： G06F21/10 , H04L9/0825 , H04L9/32 , H04L63/08
摘要： Embodiments of an invention for platform-hardened digital rights management key provisioning are disclosed. In one embodiment, a processor includes an execution unit to execute one or more instructions to create a secure enclave in which to run an application to receive digital rights management information from a provisioning server in response to authentication of the application by a verification server.
摘要翻译：公开了用于平台硬化的数字版权管理密钥提供的发明的实施例。在一个实施例中，处理器包括执行单元，用于执行一个或多个指令以创建安全空间，其中响应于验证服务器对应用的认证，运行应用以从供应服务器接收数字版权管理信息。

16. 发明申请

WO2014084908A1 VIRTUALIZING A HARDWARE MONOTONIC COUNTER 审中-公开
标题翻译：虚拟化硬件单色计数器
公开(公告)号：WO2014084908A1
公开(公告)日：2014-06-05
申请号：PCT/US2013/047257
申请日：2013-06-24
申请人： INTEL CORPORATION , CHHABRA, Siddhartha , LAL, Reshma , MARTIN, Jason , NEMIROFF, Daniel
发明人： CHHABRA, Siddhartha , LAL, Reshma , MARTIN, Jason , NEMIROFF, Daniel
IPC分类号： G06F21/71 , G06F21/00
CPC分类号： G06F21/50 , G06F21/54 , G06F21/71
摘要： Embodiments of an invention for virtualizing a hardware monotonic counter are disclosed. In one embodiment, an apparatus includes a hardware monotonic counter, virtualization logic, a first non-volatile storage location, and a second non-volatile storage location. The virtualization logic is to create a virtual monotonic counter from the hardware monotonic counter. The first non-volatile storage location is to store an indicator that the count of the hardware monotonic counter has changed. The second non-volatile storage location is to store an indicator that the count of the virtual monotonic counter has changed.
摘要翻译：公开了用于虚拟化硬件单调计数器的发明的实施例。在一个实施例中，装置包括硬件单调计数器，虚拟化逻辑，第一非易失性存储位置和第二非易失性存储位置。虚拟化逻辑是从硬件单调计数器创建一个虚拟单调计数器。第一个非易失性存储位置是存储硬件单调计数器的计数改变的指示符。第二非易失性存储位置是存储虚拟单调计数器的计数改变的指示符。

17. 发明申请

WO2022066304A1 DISAGGREGATED COMPUTING FOR DISTRIBUTED CONFIDENTIAL COMPUTING ENVIRONMENT 审中-公开
公开(公告)号：WO2022066304A1
公开(公告)日：2022-03-31
申请号：PCT/US2021/045185
申请日：2021-08-09
申请人： INTEL CORPORATION
发明人： LAL, Reshma , PAPPACHAN, Pradeep , KIDA, Luis , DESAI, Soham Jayesh , SEN, Sujoy , PANNEER, Selvakumar , SHARP, Robert
IPC分类号： G06F9/50
摘要： An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.

18. 发明申请

WO2017014890A1 TECHNOLOGIES FOR INTEGRITY, ANTI-REPLAY, AND AUTHENTICITY ASSURANCE FOR I/O DATA 审中-公开
标题翻译：技术对于I / O数据的完整性，反复认证和认证保证
公开(公告)号：WO2017014890A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038397
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： PAPPACHAN, Pradeep M. , LAL, Reshma , XING, Bin , MCGOWAN, Steven B. , CHHABRA, Siddhartha , ELBAZ, Reouven
IPC分类号： G06F21/60 , G06F13/28
CPC分类号： G06F21/602 , G06F13/28 , G06F17/30371 , G06F21/606 , G06F21/64 , G06F2221/031
摘要： Technologies for authenticity assurance for I/O data include a computing device with a cryptographic engine and one or more I/O controllers. A metadata producer of the computing device performs an authenticated encryption operation on I/O data to generate encrypted I/O data and an authentication tag. The metadata producer stores the encrypted I/O data in a DMA buffer and the authentication tag in an authentication tag queue. A metadata consumer decrypts the encrypted I/O data from the DMA buffer and determines whether the encrypted I/O data is authentic using the authentication tag from the authentication tag queue. For input, the metadata producer may be embodied as the cryptographic engine and the metadata consumer may be embodied as a trusted software component. For output, the metadata producer may be embodied as the trusted software component and the metadata consumer may be embodied as the cryptographic engine. Other embodiments are described and claimed.
摘要翻译：用于I / O数据的真实性保证的技术包括具有加密引擎和一个或多个I / O控制器的计算设备。计算设备的元数据生成器对I / O数据执行认证加密操作以产生加密的I / O数据和认证标签。元数据生成器将加密的I / O数据存储在DMA缓冲器中，认证标签存储在认证标签队列中。元数据消费者从DMA缓冲器解密加密的I / O数据，并使用来自认证标签队列的认证标签来确定加密的I / O数据是否是真实的。对于输入，元数据生成器可以体现为加密引擎，并且元数据消费者可以被实现为可信软件组件。对于输出，元数据生成器可以被实现为可信软件组件，并且元数据消费者可以被体现为密码引擎。描述和要求保护其他实施例。

19. 发明申请

WO2017014888A1 TECHNOLOGIES FOR SECURE HARDWARE AND SOFTWARE ATTESTATION FOR TRUSTED I/O 审中-公开
标题翻译：用于硬件和硬件安全的技术用于受信任的I / O
公开(公告)号：WO2017014888A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038395
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： PAPPACHAN, Pradeep M. , LAL, Reshma , XING, Bin , CHHABRA, Siddhartha , SCARLATA, Vincent R. , MCGOWAN, Steven B.
IPC分类号： G06F21/44 , G06F21/50 , G06F21/60
CPC分类号： G06F21/602 , G06F13/28 , G06F21/57
摘要： Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information. The computing device may collect application attestation information for a trusted application that uses the trusted I/O usage and verify the application attestation information. Other embodiments are described and claimed.
摘要翻译：用于可信I / O认证和验证的技术包括具有加密引擎和一个或多个I / O控制器的计算设备。计算设备收集与由加密引擎保护的受信任的I / O使用相关联的静态附接的硬件I / O组件相关联的硬件认证信息。计算设备验证硬件认证信息并且响应于验证安全地枚举一个或多个动态附加的硬件组件。计算设备收集在安全枚举期间加载的可信软件组件的软件认证信息。计算设备验证软件认证信息。计算设备可以收集加载在I / O控制器中的固件的固件证明信息，并验证固件证明信息。计算设备可以收集使用可信I / O使用的可信应用的应用认证信息，并验证应用认证信息。描述和要求保护其他实施例。

20. 发明申请

WO2017014887A1 TECHNOLOGIES FOR SECURE TRUSTED I/O ACCESS CONTROL 审中-公开
标题翻译：安全有效的I / O访问控制技术
公开(公告)号：WO2017014887A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038394
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： XING, Bin , PAPPACHAN, Pradeep M. , CHHABRA, Siddhartha , LAL, Reshma , MCGOWAN, Steven B.
IPC分类号： G06F21/60 , G06F13/28
CPC分类号： G06F21/602 , G06F13/28 , G06F21/57
摘要： Technologies for trusted I/O (TIO) include a computing device with a cryptographic engine and one or more I/O controllers. The computing device executes a TIO core service that has a cryptographic engine programming privileged granted by an operating system. The TIO core service receives a request from an application to protect a DMA channel. The TIO core service requests the operating system to protect the DMA channel, and the operating system verifies the cryptographic engine programming privilege of the TIO core service in response. The operating system programs the cryptographic engine to protect the DMA channel in response to verifying the cryptographic engine programming privilege of the TIO core service. If a privileged delegate determines that a user has confirmed termination of protection of the DMA channel, the TIO core service may unprotect the DMA channel. Other embodiments are described and claimed.
摘要翻译：可信任I / O（TIO）技术包括具有加密引擎和一个或多个I / O控制器的计算设备。计算设备执行具有由操作系统许可的密码引擎编程的TIO核心服务。 TIO核心服务接收来自应用程序的请求以保护DMA通道。 TIO核心服务请求操作系统保护DMA通道，操作系统会对TIO核心服务的加密引擎编程权限进行验证。响应于验证TIO核心服务的加密引擎编程权限，操作系统对加密引擎进行编程以保护DMA通道。如果特权委托确定用户已经确认终止对DMA通道的保护，TIO核心服务可能会取消保护DMA通道。描述和要求保护其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式