专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2013090202A1 VIRTUALIZING INTERRUPT PRIORITIZATION AND DELIVERY 审中-公开
标题翻译：虚拟化中断优先和交付
公开(公告)号：WO2013090202A1
公开(公告)日：2013-06-20
申请号：PCT/US2012/068798
申请日：2012-12-10
申请人： INTEL CORPORATION , NEIGER, Gilbert , SANKARAN, Rajesh M. , GERZON, Gideon , UHLIG, Richard A. , GHETIE, Sergiu D. , NEVE DE MEVERGNIE, Michael , KARRAR, Adil
发明人： NEIGER, Gilbert , SANKARAN, Rajesh M. , GERZON, Gideon , UHLIG, Richard A. , GHETIE, Sergiu D. , NEVE DE MEVERGNIE, Michael , KARRAR, Adil
IPC分类号： G06F9/30 , G06F13/24 , G06F9/44
CPC分类号： G06F13/26 , G06F9/30076 , G06F9/45541 , G06F9/45558 , G06F13/24 , G06F2009/45579 , G06F2213/0058
摘要： Embodiments of processors, methods, and systems for virtualizing interrupt prioritization and delivery are disclosed. In one embodiment, a processor includes instruction hardware and execution hardware. The instruction hardware is to receive a plurality of instructions, including a first instruction to transfer the processor from a root mode to a non-root mode for executing guest software in a virtual machine, wherein the processor is to return to the root mode upon the detection of any of a plurality of virtual machine exit events. The execution hardware is to execute the first instruction, execution of the first instruction to include determining a first virtual processor-priority value and storing the first virtual processor-priority value in a virtual copy of a processor-priority field, where the virtual copy of the processor-priority field is a virtual resource corresponding to a physical resource associated with an interrupt controller.
摘要翻译：公开了用于虚拟化中断优先级和传送的处理器，方法和系统的实施例。在一个实施例中，处理器包括指令硬件和执行硬件。指令硬件是接收多个指令，包括将处理器从根模式传送到非根模式的第一指令，用于在虚拟机中执行客户软件，其中处理器将根据该模式返回到根模式检测多个虚拟机退出事件中的任何一个。执行硬件是执行第一指令，执行第一指令以包括确定第一虚拟处理器优先级值并将第一虚拟处理器优先级值存储在处理器优先级字段的虚拟副本中，其中虚拟副本处理器优先级字段是对应于与中断控制器相关联的物理资源的虚拟资源。

2. 发明申请

WO2015013062A1 MEASURING A SECURE ENCLAVE 审中-公开
标题翻译：测量一个安全的包装
公开(公告)号：WO2015013062A1
公开(公告)日：2015-01-29
申请号：PCT/US2014/046667
申请日：2014-07-15
申请人： INTEL CORPORATION , ROZAS, Carlos V. , ANATI, Ittai , GERZON, Gideon , GUERON, Shay , JOHNSON, Simon P. , MCKEEN, Francis X. , SAVAGAONKAR, Uday R. , SCARLATA, Vincent R.
发明人： ROZAS, Carlos V. , ANATI, Ittai , GERZON, Gideon , GUERON, Shay , JOHNSON, Simon P. , MCKEEN, Francis X. , SAVAGAONKAR, Uday R. , SCARLATA, Vincent R.
IPC分类号： G06F21/00 , G06F9/06
CPC分类号： H04L9/3239 , G06F9/3004 , G06F12/1441 , G06F21/71 , G06F2221/2111
摘要： Embodiments of an invention for measuring a secure enclave are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first, a second, and a third instruction. The execution unit is to execute the first, the second, and the third instruction. Execution of the first instruction includes initializing a measurement field in a control structure of a secure enclave with an initial value. Execution of the second instruction includes adding a region to the secure enclave. Execution of the third instruction includes measuring a subregion of the region.
摘要翻译：公开了用于测量安全飞地的发明的实施例。在一个实施例中，处理器包括指令单元和执行单元。指令单元将接收第一，第二和第三指令。执行单元执行第一，第二和第三指令。执行第一指令包括初始化具有初始值的安全飞地的控制结构中的测量场。执行第二条指令包括将一个区域添加到安全飞地。执行第三条指令包括测量该区域的一个子区域。

3. 发明申请

WO2014209541A1 SYSTEMS AND METHODS FOR PROCEDURE RETURN ADDRESS VERIFICATION 审中-公开
标题翻译：用于程序返回地址验证的系统和方法
公开(公告)号：WO2014209541A1
公开(公告)日：2014-12-31
申请号：PCT/US2014/040223
申请日：2014-05-30
申请人： INTEL CORPORATION , GERZON, Gideon , STARK, Jared W. , DISKIN, Gal
发明人： GERZON, Gideon , STARK, Jared W. , DISKIN, Gal
IPC分类号： G06F13/40
CPC分类号： G06F21/52
摘要： An example processing system may comprise: a stack pointer configured to reference a first return address stored on a stack; a return address buffer pointer configured to reference a second return address stored in a return address buffer; and a return address verification logic configured, responsive to receiving a return instruction, to compare the first return address to the second return address.
摘要翻译：示例处理系统可以包括：堆栈指针，其被配置为引用存储在堆栈上的第一返回地址; 返回地址缓冲器指针，被配置为引用存储在返回地址缓冲器中的第二返回地址; 以及返回地址验证逻辑，其被配置为响应于接收到返回指令，将所述第一返回地址与所述第二返回地址进行比较。

4. 发明申请

WO2012040679A2 A TWEAKABLE ENCRYPION MODE FOR MEMORY ENCRYPTION WITH PROTECTION AGAINST REPLAY ATTACKS 审中-公开
标题翻译：内存加密防止重复攻击的可靠加密模式
公开(公告)号：WO2012040679A2
公开(公告)日：2012-03-29
申请号：PCT/US2011/053170
申请日：2011-09-24
申请人： INTEL CORPORATION , GUERON, Shay , GERZON, Gideon , ANATI, Ittai , DOWECK, Jacob , MAOR, Moshe
发明人： GUERON, Shay , GERZON, Gideon , ANATI, Ittai , DOWECK, Jacob , MAOR, Moshe
IPC分类号： G06F21/20 , G06F12/14
CPC分类号： G06F12/1408 , G06F21/52 , G06F21/64
摘要： A method and apparatus for protecting against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a "time stamp" indicator. An incrementing mechanism using the "time stamp" indicator generates a tweak which separates different contexts over different times such that the effect of "Type 2 replay attacks" is mitigated.
摘要翻译：提供了一种用于防止对系统存储器的硬件攻击的方法和设备。分组密码的操作模式增强了标准XTS-AES操作模式以通过扩展调整以包括“时间戳”来执行存储器加密。指示符。使用“时间戳”的递增机制指示器生成调整，该调整在不同的时间分离不同的上下文，从而使得“类型2重放攻击” 缓解。

5. 发明申请

WO2014105167A1 APPARATUS AND METHOD FOR PAGE WALK EXTENSION FOR ENHANCED SECURITY CHECKS 审中-公开
标题翻译：用于增强安全检查的页面扩展的装置和方法
公开(公告)号：WO2014105167A1
公开(公告)日：2014-07-03
申请号：PCT/US2013/047423
申请日：2013-06-24
申请人： INTEL CORPORATION , HILDESHEIM, Gur , ANATI, Ittai , SHAIF, Hisham , RAIKIN, Shlomo , GERZON, Gideon , SAVAGAONKAR, Uday R. , ROZAS, Carlos V. , MCKEEN, Francis X. , GOLDSMITH, Michael A. , DEWAN, Prashant
发明人： HILDESHEIM, Gur , ANATI, Ittai , SHAIF, Hisham , RAIKIN, Shlomo , GERZON, Gideon , SAVAGAONKAR, Uday R. , ROZAS, Carlos V. , MCKEEN, Francis X. , GOLDSMITH, Michael A. , DEWAN, Prashant
IPC分类号： G06F21/78
CPC分类号： G06F12/145 , G06F12/084 , G06F12/1027 , G06F12/1483 , G06F21/53
摘要： An apparatus and method for managing a protection table by a processor. For example, a processor according to one embodiment of the invention comprises: protection table management logic to manage a protection table, the protection table having an entry for each protected page or each group of protected pages in memory; wherein the protection table management logic prevents direct access to the protection table by user application program code and operating system program code but permits direct access by the processor.
摘要翻译：一种用于由处理器管理保护表的装置和方法。例如，根据本发明的一个实施例的处理器包括：保护表管理逻辑，用于管理保护表，所述保护表具有每个受保护页面的条目或存储器中的每组受保护页面; 其中保护表管理逻辑防止用户应用程序代码和操作系统程序代码直接访问保护表，但允许处理器直接访问。

6. 发明申请

WO2014004151A2 VIRTUAL MEMORY ADDRESS RANGE REGISTER 审中-公开
标题翻译：虚拟内存地址范围注册
公开(公告)号：WO2014004151A2
公开(公告)日：2014-01-03
申请号：PCT/US2013/046169
申请日：2013-06-17
申请人： INTEL CORPORATION , HILDESHEIM, Gur , RAIKIN, Shlomo , ANATI, Ittai , GERZON, Gideon , SAVAGAONKAR, Uday , MCKEEN, Francis , ROZAS, Carlos , GOLDSMITH, Michael , DEWAN, Prashant
发明人： HILDESHEIM, Gur , RAIKIN, Shlomo , ANATI, Ittai , GERZON, Gideon , SAVAGAONKAR, Uday , MCKEEN, Francis , ROZAS, Carlos , GOLDSMITH, Michael , DEWAN, Prashant
IPC分类号： G06F12/08
CPC分类号： G06F12/109 , G06F12/0284 , G06F12/1036 , G06F2212/656 , G06F2212/657
摘要： Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.
摘要翻译：公开了包括虚拟地址存储器范围寄存器的装置和方法的实施例。在一个实施例中，处理器包括存储器接口，地址转换硬件和虚拟存储器地址比较硬件。存储器接口是使用物理内存地址访问系统内存。地址转换硬件是支持将虚拟内存地址转换为物理内存地址。虚拟存储器地址由软件用于访问处理器的虚拟存储器地址空间中的虚拟存储器位置。虚拟内存地址比较硬件是确定虚拟内存地址是否在虚拟内存地址范围内。

7. 发明申请

WO2017052916A1 PROCESSORS, METHODS, SYSTEMS, AND INSTRUCTIONS TO ALLOW SECURE COMMUNICATIONS BETWEEN PROTECTED CONTAINER MEMORY AND INPUT/OUTPUT DEVICES 审中-公开
标题翻译：处理器，方法，系统和指示，以保护受保护的容器内存和输入/输出设备之间的安全通信
公开(公告)号：WO2017052916A1
公开(公告)日：2017-03-30
申请号：PCT/US2016/048361
申请日：2016-08-24
申请人： INTEL CORPORATION
发明人： ALEXANDROVICH, Ilya , BEKER, Vladimir , GERZON, Gideon , SCARLATA, Vincent R.
IPC分类号： G06F12/14
CPC分类号： G06F3/0622 , G06F3/0637 , G06F3/0673 , G06F13/16 , G06F13/4068
摘要： An integrated circuit of an aspect includes protected container access control logic to perform a set of access control checks and to determine to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). This is done after it has been determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for said one of DMA and MMIO.
摘要翻译：一个方面的集成电路包括受保护的容器访问控制逻辑以执行一组访问控制检查并且确定允许设备受保护的容器模块（DPCM）以及输入和/或输出（I / O）设备通过直接存储器访问（DMA）和存储器映射输入/输出（MMIO）之一。这是在确定至少DPCM和I / O设备被映射到彼此之后完成的，与该通信相关联的访问地址解析为受保护的容器存储器，以及受保护的容器存储器的页面，其中访问地址解析允许DMA和MMIO中的所述一个。

8. 发明申请

WO2019066918A1 CRYPTOGRAPHIC MEMORY OWNERSHIP 审中-公开
公开(公告)号：WO2019066918A1
公开(公告)日：2019-04-04
申请号：PCT/US2017/054383
申请日：2017-09-29
申请人： INTEL CORPORATION
发明人： DURHAM, David M. , SAHITA, Ravi , SHANBHOGUE, Vedvyas , HUNTLEY, Barry E. , PATEL, Baiju V. , GERZON, Gideon , SCHOINAS, Ioannis T. , KHOSRAVI, Hormuzd M. , CHHABRA, Siddhartha , ROZAS, Carlos V.
IPC分类号： G06F21/60 , G06F21/62 , H04L9/08 , H04L9/06
摘要： There is disclosed a microprocessor, including : a processing core; and a total memory encryption (TME) engine to provide TME for a first trust domain (TD), and further to: allocate a block of physical memory to the first TD and a first cryptographic key to the first TD; map within an extended page table (EPT) a host physical address (HPA) space to a guest physical address (GPA) space of the TD; create a memory ownership table (MOT) entry for a memory page within the block of physical memory, wherein the MOT table comprises a GPA reverse mapping; encrypt the MOT entry using the first cryptographic key; and append to the MOT entry verification data, wherein the MOT entry verification data enables detection of an attack on the MOT entry.

9. 发明申请

WO2017014889A1 TECHNOLOGIES FOR SECURE PROGRAMMING OF A CRYPTOGRAPHIC ENGINE FOR SECURE I/O 审中-公开
标题翻译：用于安全I / O的CRYPTOGRAPHIC发动机的安全技术
公开(公告)号：WO2017014889A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038396
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： CHHABRA, Siddhartha , GERZON, Gideon , LAL, Reshma , XING, Bin , PAPPACHAN, Pradeep M. , MCGOWAN, Steven B.
IPC分类号： G06F21/60
CPC分类号： G06F21/72 , G06F21/57 , H04L9/0822 , H04L9/0861 , H04L9/3242
摘要： Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes, an invoking secure enclave using secure enclave support of a processor. The invoking enclave configures channel programming information, including a channel key, and invokes a processor instruction with the channel programming information as a parameter. The processor generates wrapped programming information including an encrypted channel key and a message authentication code. The encrypted channel key is protected with a key known only to the processor. The invoking enclave provides the wrapped programming information to untrusted software, which invokes a processor instruction with the wrapped programming information as a parameter. The processor unwraps and verifies the wrapped programming information and then programs the cryptographic engine. The processor generates an authenticated response that may be verified by the invoking enclave. Other embodiments are described and claimed.
摘要翻译：用于加密引擎的安全编程的技术包括具有密码引擎和一个或多个I / O控制器的计算设备。计算设备使用处理器的安全飞地支持来建立调用安全飞地。调用飞地配置信道编程信息，包括信道密钥，并且以通道编程信息为参数来调用处理器指令。处理器产生包括加密的信道密钥和消息认证码的包装节目信息。加密的通道密钥由仅对处理器已知的密钥进行保护。调用的包层将包装的编程信息提供给不受信任的软件，该软件以包装的编程信息作为参数调用处理器指令。处理器解封装并验证封装的编程信息，然后对加密引擎进行编程。处理器生成可以通过调用飞地验证的认证响应。描述和要求保护其他实施例。

10. 发明申请

WO2017014885A1 CRYPTOGRAPHIC PROTECTION OF I/O DATA FOR DMA CAPABLE I/O CONTROLLERS 审中-公开
标题翻译：用于DMA能力I / O控制器的I / O数据的保护
公开(公告)号：WO2017014885A1
公开(公告)日：2017-01-26
申请号：PCT/US2016/038389
申请日：2016-06-20
申请人： INTEL CORPORATION
发明人： LAL, Reshma , MCGOWAN, Steven B. , CHHABRA, Siddhartha , GERZON, Gideon , XING, Bin , PAPPACHAN, Pradeep M. , ELBAZ, Reouven
IPC分类号： G06F21/60 , G06F13/28
CPC分类号： H04L9/0631 , G06F13/28 , H04L9/0618 , H04L9/0822 , H04L9/3242
摘要： Technologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may be coupled to one or more I/O devices. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.
摘要翻译：用于I / O数据加密保护的技术包括具有一个或多个I / O控制器的计算设备。每个I / O控制器可以耦合到一个或多个I / O设备。每个I / O控制器可以生成包括指示I / O控制器并且指示耦合到I / O控制器的I / O设备的信道标识符的直接存储器访问（DMA）事务。计算设备拦截DMA事务，并根据信道标识确定是否保护DMA事务。如果是这样，则计算设备使用与该信道标识符相关联的加密密钥来执行密码操作。计算设备可以包括密码引擎，其拦截DMA事务并且通过确定信道标识符是否匹配密码引擎的信道标识符表中的条目来确定是否保护DMA事务。描述和要求保护其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式