专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2017105768A1 TECHNOLOGIES FOR PROTECTING AUDIO DATA WITH TRUSTED I/O 审中-公开
标题翻译：用可靠的I / O保护音频数据的技术
公开(公告)号：WO2017105768A1
公开(公告)日：2017-06-22
申请号：PCT/US2016/062781
申请日：2016-11-18
申请人： INTEL CORPORATION
发明人： LAL, Reshma , PAPPACHAN, Pradeep M. , WONG, Kar , MCGOWAN, Steven B. , ASLAM, Adeel A , KRISHNAKUMAR, Sudha
IPC分类号： G06F21/60 , G06F21/50
CPC分类号： G06F3/165 , G06F3/162 , G06F15/167 , H04L9/32 , H04L63/126 , H04L65/1069 , H04L65/4069 , H04L65/605
摘要： Technologies for cryptographic protection of I/O audio data include a computing device with a cryptographic engine and an audio controller. A trusted software component may request an untrusted audio driver to establish an audio session with the audio controller that is associated with an audio codec. The trusted software component may verify that a stream identifier associated with the audio session received from the audio driver matches a stream identifier received from the codec. The trusted software may program the cryptographic engine with a DMA channel identifier associated with the codec, and the audio controller may assert the channel identifier in each DMA transaction associated with the audio session. The cryptographic engine cryptographically protects audio data associated with the audio session. The audio controller may lock the controller topology after establishing the audio session, to prevent re-routing of audio during a trusted audio session. Other embodiments are described and claimed.
摘要翻译：用于I / O音频数据的密码保护的技术包括具有密码引擎和音频控制器的计算设备。可信软件组件可以请求不可信音频驱动程序建立与音频编解码器关联的音频控制器的音频会话。可信软件组件可以验证与从音频驱动器接收到的音频会话相关联的流标识符与从编解码器接收到的流标识符相匹配。可信软件可以使用与编解码器相关联的DMA通道标识符对密码引擎进行编程，并且音频控制器可以在与音频会话相关联的每个DMA事务中断言通道标识符。密码引擎以密码方式保护与音频会话相关联的音频数据。音频控制器可以在建立音频会话之后锁定控制器拓扑，以防止在可信音频会话期间重新路由音频。描述并要求保护其他实施例。

2. 发明申请

WO2017014886A1 TECHNOLOGIES FOR TRUSTED I/O FOR MULTIPLE CO-EXISTING TRUSTED EXECUTION ENVIRONMENTS UNDER ISA CONTROL 审中-公开
标题翻译：用于在ISA控制下进行多个并发执行环境的有害I / O技术
公开(公告)号：WO2017014886A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038392
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： CHHABRA, Siddhartha , LAL, Reshma , SAHITA, Ravi , ELBAZ, Reouven , XING, Bin
IPC分类号： G06F21/60 , G06F13/28 , G06F9/455
CPC分类号： H04L9/3234 , G06F9/45558 , G06F13/28 , G06F21/53 , G06F2009/45579 , G06F2009/45587 , G06F2221/2149 , H04L2209/127 , H04L2209/26
摘要： Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes one or more trusted execution environments (TEEs). A TEE generates a request to program the cryptographic engine with respect to a DMA channel. The computing device may verify a signed manifest that indicates the TEEs permitted to program DMA channels and, if verified, determine whether the TEE is permitted to program the requested DMA channel. The computing device may record the TEE for a request to protect the DMA channel and may determine whether the programming TEE matches the recorded TEE for a request to unprotect a DMA channel. The computing device may allow the request to unprotect the DMA channel if the programming TEE matches the recorded TEE. Other embodiments are described and claimed.
摘要翻译：用于加密引擎的安全编程的技术包括具有密码引擎和一个或多个I / O控制器的计算设备。计算设备建立一个或多个可信执行环境（TEE）。 TEE生成关于DMA通道对加密引擎进行编程的请求。计算设备可以验证指示允许编程DMA通道的TEE的签名清单，并且如果被验证，则确定是否允许TEE对所请求的DMA通道进行编程。计算设备可以记录TEE以保护DMA通道的请求，并且可以确定编程TEE是否与用于取消保护DMA通道的请求的记录的TEE匹配。如果编程TEE与记录的TEE匹配，则计算设备可以允许请求取消对DMA通道的保护。描述和要求保护其他实施例。

3. 发明申请

WO2013101084A1 METHOD OF RESTRICTING CORPORATE DIGITAL INFORMATION WITHIN CORPORATE BOUNDARY 审中-公开
标题翻译：限制企业界限内企业数字信息的方法
公开(公告)号：WO2013101084A1
公开(公告)日：2013-07-04
申请号：PCT/US2011/067878
申请日：2011-12-29
申请人： INTEL CORPORATION , PHEGADE, Vinay , MARTIN, Jason , LAL, Reshma , SHELLER, Micah , KOHLENBERG, Tobias
发明人： PHEGADE, Vinay , MARTIN, Jason , LAL, Reshma , SHELLER, Micah , KOHLENBERG, Tobias
IPC分类号： G06F21/24 , G06F21/20 , H04L9/00
CPC分类号： H04L63/062 , G06F21/10 , G06F21/606 , G06F21/84 , G06F2221/0797 , G09G2358/00 , H04L63/0428 , H04L63/08 , H04L63/1441 , H04L67/02
摘要： A method of enforcing a virtual corporate boundary may include a client device requesting sensitive content from a network site on a server device responsive to a user's interaction with the client device. The server device can determine whether the user and/or client device are permitted to access the sensitive content. A secure element on the client device can establish a session key between the server device and the client device. The server device can render the sensitive content and send it to the client device, which can display the content to the user.
摘要翻译：实施虚拟公司边界的方法可以包括响应于用户与客户端设备的交互而从服务器设备上的网络站点请求敏感内容的客户端设备。服务器设备可以确定用户和/或客户端设备是否被允许访问敏感内容。客户端设备上的安全元素可以在服务器设备和客户端设备之间建立会话密钥。服务器设备可以呈现敏感内容并将其发送到客户端设备，可以向用户显示内容。

4. 发明申请

WO2022093455A1 GRAPHICS SECURITY WITH SYNERGISTIC ENCRYPTION, CONTENT-BASED AND RESOURCE MANAGEMENT TECHNOLOGY 审中-公开
公开(公告)号：WO2022093455A1
公开(公告)日：2022-05-05
申请号：PCT/US2021/052087
申请日：2021-09-24
申请人： INTEL CORPORATION
发明人： SMITH, Ned M. , BEN-SHALOM, Omer , NAYSHTUT, Alex , LAL, Reshma , DEWAN, Prashant , PAPPACHAN, Pradeep , POORNACHANDRAN, Rajesh , KUMAR, Gaurav
IPC分类号： G06F21/71 , G06F9/38 , H04L9/32 , H04L9/08 , G06T1/20
摘要： Methods, apparatuses and system provide for technology that interleaves a plurality of verification commands with a plurality of copy commands in a command buffer, wherein each copy command includes a message authentication code (MAC) derived from a master session key, wherein one or more of the plurality of verification commands corresponds to a copy command in the plurality of copy commands, and wherein a verification command at an end of the command buffer corresponds to contents of the command buffer. The technology may also add a MAC generation command to the command buffer, wherein the MAC generation command references an address of a compute result.

5. 发明申请

WO2016105651A1 SYSTEM AND METHOD FOR PROVIDING GLOBAL PLATFORM COMPLIANT TRUSTED EXECUTION ENVIRONMENT 审中-公开
标题翻译：提供全球平台综合执行环境的系统和方法
公开(公告)号：WO2016105651A1
公开(公告)日：2016-06-30
申请号：PCT/US2015/056654
申请日：2015-10-21
申请人： INTEL CORPORATION
发明人： VARADARAJAN, Srikanth , LAL, Reshma , ZMUDZINSKI, Krystof C.
IPC分类号： H04L9/32
CPC分类号： H04L9/3234 , G06F9/4406 , G06F9/45533 , G06F9/45558 , G06F9/4843 , G06F9/54 , G06F21/74 , G06F2009/45587 , G09C1/00 , H04L2209/127
摘要： Method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) starts with main processor executing an application stored in memory device. Application includes client application (CA) and trusted application (TA). Executing the application includes running CA in client process and TA in TEE host process. Client process and TEE host process are separate. Using TEE host process, a request including identifier of the TA is received from client process to open session. Using GP Trusted Services enclave included in TEE host process, TA enclave associated with the identifier is determined and loaded in the TEE host process using the GP Trusted Services enclave to establish the session. Using TEE host process, commands to be invoked in TA enclave and set of parameters needed for commands are received from client process. Using GP Internal APIs, commands in TA enclave associated with identifier are executed. Other embodiments are also described.
摘要翻译：提供全球平台（GP）兼容的可执行环境（TEE）的方法从执行存储在存储设备中的应用程序的主处理器开始。应用程序包括客户端应用程序（CA）和可信应用程序（TA）。执行应用程序包括在客户端进程中运行CA，在TEE主机进程中运行TA。客户端进程和TEE主机进程是分开的。使用TEE主机进程，从客户端进程接收到包括TA标识符的请求以打开会话。使用包含在TEE主机进程中的GP可信服务飞地，使用GP可信服务飞地来确定和加载与TID主机进程相关联的TA标识符以建立会话。使用TEE主机进程，可以从客户端进程接收在TA包中调用的命令和命令所需的参数集。使用GP Internal API，执行与标识符相关联的TA包层中的命令。还描述了其它实施例。

6. 发明申请

WO2014196963A1 END-TO-END SECURE COMMUNICATION SYSTEM 审中-公开
标题翻译：端到端安全通信系统
公开(公告)号：WO2014196963A1
公开(公告)日：2014-12-11
申请号：PCT/US2013/044112
申请日：2013-06-04
申请人： INTEL CORPORATION , LAL, Reshma , ZMUDZINSKI, Krystof, C. , PAPPACHAN, Pradeep, M. , SHELLER, Micah, J.
发明人： LAL, Reshma , ZMUDZINSKI, Krystof, C. , PAPPACHAN, Pradeep, M. , SHELLER, Micah, J.
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , H04L9/14 , H04L9/3223 , H04L63/062 , H04L63/08 , H04L2209/60
摘要： The present disclosure is directed to an end-to-end secure communication system wherein, in addition to encrypting transmissions between clients, communication-related operations occurring within each client may also be secured. Each client may comprise a secure processing environment to process encrypted communication information received from other clients and locally-captured media information for transmission to other clients. The secure processing environment may include resources to decrypt received encrypted communication information and to process the communication information into media information for presentation by the client. The secure processing environment may also operate in reverse to provide locally recorded audio, image, video, etc. to other clients. Encryption protocols may be employed at various stages of information processing in the client to help ensure that information being transferred between the processing resources cannot be read, copied, altered, etc. In one example implementation, a server may manage interaction between clients, provision encryption keys, etc.
摘要翻译：本公开涉及一种端到端安全通信系统，其中除了加密客户端之间的传输之外，还可以确保在每个客户端内发生的与通信相关的操作。每个客户端可以包括用于处理从其他客户端接收的加密通信信息和本地捕获的媒体信息以便传输到其他客户端的安全处理环境。安全处理环境可以包括用于解密所接收的加密通信信息并将通信信息处理成媒体信息以供客户呈现的资源。安全处理环境也可以相反地操作，以向其他客户端提供本地记录的音频，图像，视频等。可以在客户端的信息处理的各个阶段采用加密协议，以帮助确保在处理资源之间传递的信息不能被读取，复制，改变等。在一个示例实现中，服务器可以管理客户端之间的交互，提供加密钥匙等

7. 发明申请

WO2022271223A1 DYNAMIC MICROSERVICES ALLOCATION MECHANISM 审中-公开
公开(公告)号：WO2022271223A1
公开(公告)日：2022-12-29
申请号：PCT/US2022/020027
申请日：2022-03-11
申请人： INTEL CORPORATION
发明人： DESAI, Soham Jayesh , LAL, Reshma
IPC分类号： G06F9/50 , G06F8/61 , G06F9/445 , G06F21/53 , G06F9/455 , G06F2009/45562 , G06F21/602 , G06F21/72 , G06F8/63 , G06F9/44505 , G06F9/4881 , G06F9/5038 , G06F9/5072
摘要： A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.

8. 发明申请

WO2022271222A1 TRUSTED MEMORY SHARING MECHANISM 审中-公开
公开(公告)号：WO2022271222A1
公开(公告)日：2022-12-29
申请号：PCT/US2022/020014
申请日：2022-03-11
申请人： INTEL CORPORATION
发明人： PAPPACHAN, Pradeep , LAL, Reshma
IPC分类号： G06F12/14 , G06F12/10 , G06F3/06 , G06F21/74 , G06F21/79 , G06F9/54 , G06F12/1458 , G06F2212/656 , G06F3/062 , G06F3/0655 , G06F3/0659 , G06F3/0673 , G06F3/0679 , G06F9/544
摘要： A computing platform comprising a first computer system including a first host and a first accelerator communicatively coupled to the first host, including a first memory, a first page table to perform a translation of virtual addresses to physical addresses in the first memory and a first trusted agent to validate the address translations.

9. 发明申请

WO2014163912A1 TECHNIQUES FOR SECURING USE OF ONE-TIME PASSWORDS 审中-公开
标题翻译：安全使用一次性密码的技术
公开(公告)号：WO2014163912A1
公开(公告)日：2014-10-09
申请号：PCT/US2014/018842
申请日：2014-02-27
申请人： INTEL CORPORATION , LAL, Reshma , HOEKSTRA, Matthew E.
发明人： LAL, Reshma , HOEKSTRA, Matthew E.
IPC分类号： G06F21/45 , H04L9/32
CPC分类号： G06F21/72 , G06F21/31 , G06F21/57
摘要： Various embodiments are generally directed to the provision and use of a secure enclave defined within a storage of a computing device by a processor element thereof to store executable instructions of an OTP component implementing logic to generate and use one-time passwords (OTPs) to enable access to services provided by another computing device. An apparatus includes a storage; a first processor element; and first logic to receive a one-time password (OTP) routine, store the OTP routine within a first secure enclave defined by the first processor element within the storage, obtain a measure of the contents of the first secure enclave with the OTP routine stored therein, transmit the first measure to a computing device, and receive an OTP seed. Other embodiments are described and claimed.
摘要翻译：各种实施例通常涉及提供和使用通过其处理器元件在计算设备的存储器内定义的安全空间，以存储实现逻辑的OTP组件的可执行指令，以生成和使用一次性密码（OTP）来实现访问由另一计算设备提供的服务。一种装置包括存储装置; 第一处理器元件; 以及接收一次密码（OTP）例程的第一逻辑，将OTP例程存储在由存储器内的第一处理器元件定义的第一安全空间内，获得存储有OTP例程的第一安全飞地的内容的度量在其中将第一测量发送到计算设备，并且接收OTP种子。描述和要求保护其他实施例。

10. 发明申请

WO2023049584A1 NETWORK LAYER 7 OFFLOAD TO INFRASTRUCTURE PROCESSING UNIT FOR SERVICE MESH 审中-公开
公开(公告)号：WO2023049584A1
公开(公告)日：2023-03-30
申请号：PCT/US2022/075335
申请日：2022-08-23
申请人： INTEL CORPORATION
发明人： GANGULI, Mrittika , JAIN, Anjali , LAL, Reshma , VERPLANKE, Edwin , AUTEE, Priya , CHANG, Chih-Jen , LAYEK, Abhirupa , JAIN, Nupur
IPC分类号： G06F9/50 , G06F9/54 , H04L67/289 , H04L69/321
摘要： Examples described herein relate to network layer 7 (L7) offload to an infrastructure processing unit (IPU) for a service mesh. An apparatus described herein includes an IPU comprising an IPU memory to store a routing table for a service mesh, the routing table to map shared memory address spaces of the IPU and a host device executing one or more microservices, wherein the service mesh provides an infrastructure layer for the one or more microservices executing on the host device; and one or more IPU cores communicably coupled to the IPU memory, the one or more IPU cores to: host a network L7 proxy endpoint for the service mesh, and communicate messages between the network L7 proxy endpoint and an L7 interface device of the one or more microservices by copying data between the shared memory address spaces of the IPU and the host device based on the routing table.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式