专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2017172157A1 TECHNOLOGIES FOR DYNAMIC LOADING OF INTEGRITY PROTECTED MODULES INTO SECURE ENCLAVES 审中-公开
标题翻译：将完整保护模块动态加载到安全壳中的技术
公开(公告)号：WO2017172157A1
公开(公告)日：2017-10-05
申请号：PCT/US2017/019642
申请日：2017-02-27
申请人： INTEL CORPORATION
发明人： SHANAHAN, Mark W. , XING, Bin
IPC分类号： G06F21/53 , H04L9/06
摘要： Technologies for dynamic loading of integrity protected modules into a secure enclave include a computing device having a processor with secure enclave support. The computing device divides an executable image into multiple chunks, hashes each of the chunks with corresponding attributes that affect security to generate a corresponding hash value, and generates a hash tree as a function of the hash values. The computing device generates an initial secure enclave memory image that includes the root value of the hash tree. At runtime, the computing device accesses a chunk of the executable image from within the secure enclave, which generates a page fault. In response to the page fault, the secure enclave verifies the associated chunk based on the hash tree and accepts the chunk into the secure enclave in response to successful verification. The root value of the hash tree is integrity-protected. Other embodiments are described and claimed.
摘要翻译：用于将完整性保护模块动态加载到安全区域中的技术包括具有带安全区域支持的处理器的计算设备。计算设备将可执行映像划分成多个块，用影响安全性的对应属性对每个块进行散列以生成对应的散列值，并根据散列值生成散列树。计算设备生成包括散列树的根值的初始安全区域存储器映像。在运行时，计算设备从安全区域内访问可执行映像的块，这产生页面错误。响应页面错误，安全区域基于哈希树来验证相关联的块，并且响应于成功验证将块接受到安全区域中。哈希树的根值受到完整性保护。描述并要求保护其他实施例。

2. 发明申请

WO2006045217A1 INCREMENTAL PROVISIONING OF SOFTWARE 审中-公开
标题翻译：软件增量提供
公开(公告)号：WO2006045217A1
公开(公告)日：2006-05-04
申请号：PCT/CN2004/001221
申请日：2004-10-28
申请人： INTEL CORPORATION , XING, Bin , CHEN, Lechong , YU, Ke , MEI, Jianfeng , CHEN, Yi
发明人： XING, Bin , CHEN, Lechong , YU, Ke , MEI, Jianfeng , CHEN, Yi
IPC分类号： G06F9/445
CPC分类号： G06F11/1435 , G06F11/1471
摘要： Methods and apparatuses provide for incremental provisioning of software for a processing system. For instance, a processing system may include a machine accessible medium and a processor in communication with the machine accessible medium. In addition, instructions encoded in the machine accessible medium may cause the processing system to automatically determine whether a storage device in the processing system includes modified blocks, based at least in part on a write log file that identifies blocks that were modified during a user session on the processing system. In response to identifying at least one modified block in the storage device, the processing system may automatically replace data in the modified block with backup data from a different storage device. Other embodiments are described and claimed.
摘要翻译：方法和装置提供用于处理系统的软件的增量配置。例如，处理系统可以包括机器可访问介质和与机器可访问介质通信的处理器。另外，在机器可访问介质中编码的指令可以使得处理系统至少部分地基于写入日志文件来自动确定处理系统中的存储设备是否包括修改的块，该写入日志文件标识在用户会话期间被修改的块在处理系统上。响应于识别存储设备中的至少一个修改的块，处理系统可以自动地用修改的块中的数据替换来自不同存储设备的备份数据。描述和要求保护其他实施例。

3. 发明申请

WO2017014886A1 TECHNOLOGIES FOR TRUSTED I/O FOR MULTIPLE CO-EXISTING TRUSTED EXECUTION ENVIRONMENTS UNDER ISA CONTROL 审中-公开
标题翻译：用于在ISA控制下进行多个并发执行环境的有害I / O技术
公开(公告)号：WO2017014886A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038392
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： CHHABRA, Siddhartha , LAL, Reshma , SAHITA, Ravi , ELBAZ, Reouven , XING, Bin
IPC分类号： G06F21/60 , G06F13/28 , G06F9/455
CPC分类号： H04L9/3234 , G06F9/45558 , G06F13/28 , G06F21/53 , G06F2009/45579 , G06F2009/45587 , G06F2221/2149 , H04L2209/127 , H04L2209/26
摘要： Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes one or more trusted execution environments (TEEs). A TEE generates a request to program the cryptographic engine with respect to a DMA channel. The computing device may verify a signed manifest that indicates the TEEs permitted to program DMA channels and, if verified, determine whether the TEE is permitted to program the requested DMA channel. The computing device may record the TEE for a request to protect the DMA channel and may determine whether the programming TEE matches the recorded TEE for a request to unprotect a DMA channel. The computing device may allow the request to unprotect the DMA channel if the programming TEE matches the recorded TEE. Other embodiments are described and claimed.
摘要翻译：用于加密引擎的安全编程的技术包括具有密码引擎和一个或多个I / O控制器的计算设备。计算设备建立一个或多个可信执行环境（TEE）。 TEE生成关于DMA通道对加密引擎进行编程的请求。计算设备可以验证指示允许编程DMA通道的TEE的签名清单，并且如果被验证，则确定是否允许TEE对所请求的DMA通道进行编程。计算设备可以记录TEE以保护DMA通道的请求，并且可以确定编程TEE是否与用于取消保护DMA通道的请求的记录的TEE匹配。如果编程TEE与记录的TEE匹配，则计算设备可以允许请求取消对DMA通道的保护。描述和要求保护其他实施例。

4. 发明申请

WO2015060858A1 METHODS AND APPARATUS FOR PROTECTING SOFTWARE FROM UNAUTHORIZED COPYING 审中-公开
标题翻译：用于从未经授权的复制保护软件的方法和装置
公开(公告)号：WO2015060858A1
公开(公告)日：2015-04-30
申请号：PCT/US2013/066715
申请日：2013-10-24
申请人： INTEL CORPORATION , XING, Bin , ZHANG, Bo , SHANAHAN, Mark W. , BEANEY, James D., Jr.
发明人： XING, Bin , ZHANG, Bo , SHANAHAN, Mark W. , BEANEY, James D., Jr.
IPC分类号： G06F21/12
CPC分类号： G06F21/12 , G06F21/53 , G06F2221/03 , G06F2221/07
摘要： A processing device provides a method for protecting a program from unauthorized copying. The processing device may include an encrypted version of the program. According to one example method, the processing device creates a secure enclave, and in response to a request to execute the encrypted program, the processing device automatically generates a decrypted version of the program in the secure enclave by decrypting the encrypted program in the secure enclave. After automatically generating the decrypted version of the program in the secure enclave, the processing device may automatically execute the decrypted version of the program in the secure enclave. Other embodiments are described and claimed.
摘要翻译：一种处理装置提供了一种保护程序免遭未经授权复制的方法。处理设备可以包括程序的加密版本。根据一个示例性方法，处理设备创建安全飞地，并且响应于执行加密程序的请求，处理设备通过解密安全飞地中的加密程序来自动地生成安全飞地中的程序的解密版本。在安全飞地自动生成程序的解密版本之后，处理装置可以自动地在安全飞地中执行程序的解密版本。描述和要求保护其他实施例。

5. 发明申请

WO2014143671A1 METHOD, APPARATUS, SYSTEM, AND COMPUTER READABLE MEDIUM TO PROVIDE SECURE OPERATION 审中-公开
标题翻译：方法，装置，系统和计算机可读介质提供安全的操作
公开(公告)号：WO2014143671A1
公开(公告)日：2014-09-18
申请号：PCT/US2014/027684
申请日：2014-03-14
申请人： INTEL CORPORATION , XING, Bin
发明人： XING, Bin
IPC分类号： G06F21/12
CPC分类号： G06F21/60 , G06F21/53 , G06F21/6218 , G06F21/72 , G06F21/74
摘要： Technologies are provided in embodiments for receiving an enclave program for operation in an enclave, identifying at least one shared object dependency of the enclave program, determining whether the shared object dependency corresponds to at least one enclave shared object, causing association between the shared object dependency and the enclave shared object in circumstances where the shared object dependency corresponds to the enclave shared object, and causing association between the shared object dependency and an enclave-loadable non-enclave shared object in circumstances where the shared object dependency fails to correspond to the enclave shared object.
摘要翻译：技术在实施例中提供用于接收用于在飞地中操作的飞地程序，识别飞地程序的至少一个共享对象依赖性，确定共享对象依赖关系是否对应于至少一个飞地共享对象，从而引起共享对象依赖关系以及在共享对象依赖关系对应于包围共享对象的情况下的包围共享对象，并且在共享对象依赖关系不能对应于飞地的情况下引起共享对象依赖关系和可扩展可加载非共享共享对象之间的关联共享对象。

6. 发明申请

WO2018080684A1 NESTED EXCEPTION HANDLING 审中-公开
标题翻译：嵌套异常处理
公开(公告)号：WO2018080684A1
公开(公告)日：2018-05-03
申请号：PCT/US2017/053088
申请日：2017-09-22
申请人： INTEL CORPORATION
发明人： XING, Bin
IPC分类号： G06F21/53 , G06F21/54 , G06F21/56
CPC分类号： G06F12/1009 , G06F9/30054 , G06F9/30076 , G06F9/3802 , G06F9/3861 , G06F12/08 , G06F12/109 , G06F12/12 , G06F12/128 , G06F12/145 , G06F21/79 , G06F2212/1052 , G06F2212/657 , G06F2212/684 , G06F2212/70
摘要： An example system that includes a processor and a memory device. The processor may include multiple execution units to execute instructions and a memory device coupled to the processor. The memory device stores the instructions in an unprotected region and a protected region. The processor may determine that a first exception occurred while executing a first set of instructions for an application stored in a secured page of the protected region. The processor may invoke a first subroutine to forward exception context for the first exception to a second subroutine, where the first subroutine is stored in the protected region and the second subroutine is stored in the unprotected region. The processor may invoke, by the second subroutine, a third subroutine to execute a second set of instructions associated with the exception context for the first exception.
摘要翻译：
包含处理器和存储器设备的示例系统。处理器可以包括执行指令的多个执行单元和耦合到处理器的存储器设备。存储设备将指令存储在未受保护的区域和受保护的区域中。处理器可以确定在执行存储在受保护区域的受保护页面中的应用的第一组指令时发生第一异常。处理器可以调用第一子例程来将用于第一例外的异常上下文转发到第二子例程，其中第一子例程存储在受保护区域中并且第二子例程存储在未受保护区域中。处理器可以通过第二子例程调用第三子例程来执行与第一例外的异常上下文相关联的第二组指令。

7. 发明申请

WO2017014889A1 TECHNOLOGIES FOR SECURE PROGRAMMING OF A CRYPTOGRAPHIC ENGINE FOR SECURE I/O 审中-公开
标题翻译：用于安全I / O的CRYPTOGRAPHIC发动机的安全技术
公开(公告)号：WO2017014889A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038396
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： CHHABRA, Siddhartha , GERZON, Gideon , LAL, Reshma , XING, Bin , PAPPACHAN, Pradeep M. , MCGOWAN, Steven B.
IPC分类号： G06F21/60
CPC分类号： G06F21/72 , G06F21/57 , H04L9/0822 , H04L9/0861 , H04L9/3242
摘要： Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes, an invoking secure enclave using secure enclave support of a processor. The invoking enclave configures channel programming information, including a channel key, and invokes a processor instruction with the channel programming information as a parameter. The processor generates wrapped programming information including an encrypted channel key and a message authentication code. The encrypted channel key is protected with a key known only to the processor. The invoking enclave provides the wrapped programming information to untrusted software, which invokes a processor instruction with the wrapped programming information as a parameter. The processor unwraps and verifies the wrapped programming information and then programs the cryptographic engine. The processor generates an authenticated response that may be verified by the invoking enclave. Other embodiments are described and claimed.
摘要翻译：用于加密引擎的安全编程的技术包括具有密码引擎和一个或多个I / O控制器的计算设备。计算设备使用处理器的安全飞地支持来建立调用安全飞地。调用飞地配置信道编程信息，包括信道密钥，并且以通道编程信息为参数来调用处理器指令。处理器产生包括加密的信道密钥和消息认证码的包装节目信息。加密的通道密钥由仅对处理器已知的密钥进行保护。调用的包层将包装的编程信息提供给不受信任的软件，该软件以包装的编程信息作为参数调用处理器指令。处理器解封装并验证封装的编程信息，然后对加密引擎进行编程。处理器生成可以通过调用飞地验证的认证响应。描述和要求保护其他实施例。

8. 发明申请

WO2017014885A1 CRYPTOGRAPHIC PROTECTION OF I/O DATA FOR DMA CAPABLE I/O CONTROLLERS 审中-公开
标题翻译：用于DMA能力I / O控制器的I / O数据的保护
公开(公告)号：WO2017014885A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038389
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： LAL, Reshma , MCGOWAN, Steven B. , CHHABRA, Siddhartha , GERZON, Gideon , XING, Bin , PAPPACHAN, Pradeep M. , ELBAZ, Reouven
IPC分类号： G06F21/60 , G06F13/28
CPC分类号： H04L9/0631 , G06F13/28 , H04L9/0618 , H04L9/0822 , H04L9/3242
摘要： Technologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may be coupled to one or more I/O devices. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.
摘要翻译：用于I / O数据加密保护的技术包括具有一个或多个I / O控制器的计算设备。每个I / O控制器可以耦合到一个或多个I / O设备。每个I / O控制器可以生成包括指示I / O控制器并且指示耦合到I / O控制器的I / O设备的信道标识符的直接存储器访问（DMA）事务。计算设备拦截DMA事务，并根据信道标识确定是否保护DMA事务。如果是这样，则计算设备使用与该信道标识符相关联的加密密钥来执行密码操作。计算设备可以包括密码引擎，其拦截DMA事务并且通过确定信道标识符是否匹配密码引擎的信道标识符表中的条目来确定是否保护DMA事务。描述和要求保护其他实施例。

9. 发明申请

WO2005109184A1 FIRMWARE INTERFACE RUNTIME ENVIRONMENT PROTECTION FIELD 审中-公开
标题翻译：固定接口运行环境保护领域
公开(公告)号：WO2005109184A1
公开(公告)日：2005-11-17
申请号：PCT/CN2004/000447
申请日：2004-05-08
申请人： INTEL CORPORATION , CHEN, Lechong , XING, Bin , JIN, Feng
发明人： CHEN, Lechong , XING, Bin , JIN, Feng
IPC分类号： G06F9/00
CPC分类号： G06F21/575
摘要： Method and apparatus for protecting a firmware runtime environment are described herein. In one embodiment, a process example is provided to retrieve a first key from a secure store of a firmware within a platform, the firmware including an initialization table for initializing the platform, and verify the initialization table using the first key retrieved from the secure store during an initialization of the platform. Other methods and apparatuses are also described.
摘要翻译：本文描述了用于保护固件运行时环境的方法和装置。在一个实施例中，提供过程示例以从平台内的固件的安全存储中检索第一密钥，所述固件包括用于初始化平台的初始化表，以及使用从安全存储器检索的第一密钥来验证初始化表在平台的初始化期间。还描述了其它方法和装置。

10. 发明申请

WO2017053003A1 TECHNOLOGIES FOR SOFTWARE ATTACK DETECTION USING ENCODED ACCESS INTENT 审中-公开
标题翻译：使用编码访问功能的软件攻击检测技术
公开(公告)号：WO2017053003A1
公开(公告)日：2017-03-30
申请号：PCT/US2016/048959
申请日：2016-08-26
申请人： INTEL CORPORATION
发明人： XING, Bin , ZMUDZINSKI, Krystof , WU, Wei A. , LU, Shih-Lien L. , ROZAS, Carlos V. , MCKEEN, Francis X. , CHHABRA, Siddhartha , SHANAHAN, Mark W.
IPC分类号： G06F21/12 , G06F11/10
CPC分类号： G06F21/53 , G06F21/79 , G06F2221/033
摘要： Technologies for software attack detection include a computing device with a processor and a memory external to the processor. The processor originates a memory transaction with an associated secure enclave status bit that indicates whether the memory transaction originated in a secure execution mode, such as from a secure enclave. The processor computes an error-correcting code (ECC) based as a function of memory transaction data and the secure enclave status bit, and performs the memory transaction based on the ECC and the memory transaction data using the memory of the computing device. The processor may store the ECC and the memory transaction data to memory. The processor may load a stored ECC and data from the memory and compare the computed ECC to the stored ECC to detect memory transactions with an invalid secure enclave status bit. Other embodiments are described and claimed.
摘要翻译：用于软件攻击检测的技术包括具有处理器的计算设备和处理器外部的存储器。处理器产生具有相关联的安全空间状态位的存储器事务，其指示存储器事务是否起始于安全执行模式，例如来自安全飞地。处理器根据存储器事务数据和安全区域状态位来计算纠错码（ECC），并且使用计算设备的存储器基于ECC和存储器事务数据执行存储器事务。处理器可以将ECC和存储器事务数据存储到存储器。处理器可以从存储器加载存储的ECC和数据，并将计算的ECC与存储的ECC进行比较，以检测具有无效安全飞地状态位的存储器事务。描述和要求保护其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式