-
公开(公告)号:US10757227B2
公开(公告)日:2020-08-25
申请号:US16674363
申请日:2019-11-05
申请人: Intel Corporation
摘要: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).
-
公开(公告)号:US20200076924A1
公开(公告)日:2020-03-05
申请号:US16674363
申请日:2019-11-05
申请人: Intel Corporation
摘要: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).
-
公开(公告)号:US10565370B2
公开(公告)日:2020-02-18
申请号:US14998362
申请日:2015-12-24
申请人: INTEL CORPORATION
发明人: Alpa Narendra Trivedi , Ravi Sahita , David Durham , Karanvir Grewal , Prashant Dewan , Siddhartha Chhabra
IPC分类号: G06F21/53 , G06F12/1009 , G06F13/28
摘要: Various embodiments are generally directed to an apparatus, method, and other techniques to provide direct-memory access, memory-mapped input-output, and/or other memory transactions between devices designated for use by an enclave and the enclave itself. A secure device address map may be configured to map addresses for the enslave device and the enclave, and a register filter component may grant access to the enclave device to the enclave.
-
24.发明公开公开(公告)号:US20240220357A1
公开(公告)日:2024-07-04
申请号:US18147521
申请日:2022-12-28
申请人: Intel Corporation
发明人: David M. Durham , Sergej Deutsch , Karanvir Grewal
CPC分类号: G06F11/1044 , H04L9/0816
摘要: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.
-
公开(公告)号:US11562063B2
公开(公告)日:2023-01-24
申请号:US17114246
申请日:2020-12-07
申请人: INTEL CORPORATION
发明人: Michael Lemay , David M. Durham , Michael E. Kounavis , Barry E. Huntley , Vedvyas Shanbhogue , Jason W. Brandt , Josh Triplett , Gilbert Neiger , Karanvir Grewal , Baiju Patel , Ye Zhuang , Jr-Shian Tsai , Vadim Sukhomlinov , Ravi Sahita , Mingwei Zhang , James C. Farwell , Amitabh Das , Krishna Bhuyan
摘要: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
-
26.发明申请公开(公告)号:US20220114112A1
公开(公告)日:2022-04-14
申请号:US17559258
申请日:2021-12-22
申请人: Intel Corporation
IPC分类号: G06F12/14 , G06F12/0853 , G06F11/10 , G06F11/07
摘要: A method comprises generating, for a cacheline, a first tag and a second tag, the first tag and the second tag generated as a function of user data stored and metadata in the cacheline stored in a first memory device, and a multiplication parameter derived from a secret key, storing the user data, the metadata, the first tag and the second tag in the first cacheline of the first memory device; generating, for the cacheline, a third tag and a fourth tag, the third tag and the fourth tag generated as a function of the user data stored and metadata in the cacheline stored in a second memory device, and the multiplication parameter; storing the user data, the metadata, the third tag and the fourth tag in the corresponding cache line of the second memory device; receiving, from a requesting device, a read operation directed to the cacheline; and using the first tag, the second tag, the third tag, and the fourth tag to determine whether a read error occurred during the read operation.
-
公开(公告)号:US11003584B2
公开(公告)日:2021-05-11
申请号:US16288844
申请日:2019-02-28
申请人: Intel Corporation
摘要: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.
-
公开(公告)号:US20200076923A1
公开(公告)日:2020-03-05
申请号:US16674346
申请日:2019-11-05
申请人: Intel Corporation
摘要: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).
-
公开(公告)号:US20160261570A1
公开(公告)日:2016-09-08
申请号:US15085114
申请日:2016-03-30
申请人: Intel Corporation
发明人: Karanvir Grewal , Men Long , Prashant Dewan
IPC分类号: H04L29/06
CPC分类号: H04L63/061 , H04L9/083 , H04L9/321 , H04L9/3247
摘要: Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.022 秒)
