公开(公告)号：US20210319139A1

公开(公告)日：2021-10-14

申请号：US17356311

申请日：2021-06-23

Applicant: Intel Corporation

Inventor： Xiaoyu Ruan ,  Tsippy Mendelson ,  Yanai Moyal ,  Daniel Nemiroff

IPC: G06F21/73 ,  G06F21/57 ,  G06F21/33 ,  G06F21/60

Abstract: Connectionless trusted computing base recovery is described. An example of a system includes one or more processors to process data; hardware including a hardware RoT (root of trust); and firmware including a firmware TCB (trusted computing base), the firmware including the credentials including one or more certificates and one or more keys, wherein the one or more processors are to determine that the firmware TCB is compromised and that the hardware RoT is intact; issue new credentials by the hardware RoT to mutable firmware based on a version number or security version number (SVN) of the firmware; and revoke old versions of the credentials for the firmware.

公开(公告)号：US10938563B2

公开(公告)日：2021-03-02

申请号：US15640118

申请日：2017-06-30

Applicant: Intel Corporation

Inventor： Xiaoyu Ruan ,  Vincent Von Bokern ,  Daniel Nemiroff

IPC: H04L9/30 ,  G11B20/00 ,  H04L9/08 ,  G06F21/12 ,  G06F17/11

Abstract: Technologies for provisioning cryptographic keys include hardcoding identical cryptographic key components of a Rivest-Shamir-Adleman (RSA) public-private key pair to each compute device of a plurality of compute devices. A unique cryptographic exponent that forms a valid RSA public-private key pair with cryptographic key components hardcoded into each compute device is provided to each compute device so that each compute device has a unique public key. The public key of each compute device may be used to provision unique secrets to the corresponding compute device.

公开(公告)号：US20190104338A1

公开(公告)日：2019-04-04

申请号：US15994751

申请日：2018-05-31

Applicant: INTEL CORPORATION

Inventor： Ramesh Pendakur ,  Walter C. Gintz ,  Daniel Nemiroff ,  Mousumi M. Hazra

IPC: H04N21/4367 ,  H04N21/6334 ,  H04N21/4408 ,  G06F21/72

Abstract: A system architecture provides a hardware-based root of trust solution for supporting distribution and playback of premium digital content. In an embodiment, hardware root of trust for digital content and services is a solution where the basis of trust for security purposes is rooted in hardware and firmware mechanisms in a client computing system, rather than in software. From this root of trust, the client computing system constructs an entire media processing pipeline that is protected for content authorization and playback. In embodiments of the present invention, the security of the client computing system for content processing is not dependent on the operating system (OS), basic input/output system (BIOS), media player application, or other host software.

公开(公告)号：US10185696B2

公开(公告)日：2019-01-22

申请号：US15070481

申请日：2016-03-15

Applicant: Intel Corporation

Inventor： Zhenyu Zhu ,  Nobuyuki Suzuki ,  Anoop Mukker ,  Daniel Nemiroff ,  David W. Vogel

IPC: G06F13/00 ,  G06F13/42 ,  G06F1/08 ,  G06F1/24 ,  G06F1/32 ,  G06F9/4401

Abstract: An example method for initializing an interface includes driving a low voltage signal on data lanes and clock lanes. The method further includes performing a reset sequence and an initialization of a link configuration register. The method also includes driving a high voltage signal to the clock lanes and the data lanes. The method further includes driving a bus turn-around (BTA) sequence on the data lanes. The method also includes detecting that the BTA is acknowledged by a host controller.

公开(公告)号：US09935773B2

公开(公告)日：2018-04-03

申请号：US15431479

申请日：2017-02-13

Applicant: Intel Corporation

Inventor： Nitin V. Sarangdhar ,  Daniel Nemiroff ,  Ned M. Smith ,  Ernie Brickell ,  Jiangtao Li

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14

CPC classification number: H04L9/3234 ,  G06F21/57 ,  G06F21/64 ,  H04L9/0861 ,  H04L9/0866 ,  H04L9/14 ,  H04L9/3263 ,  H04L2209/127

Abstract: This application is directed to trusted platform module certification and attestation utilizing an anonymous key system. In general, TPM certification and TPM attestation may be supported in a device utilizing integrated TPM through the use of anonymous key system (AKS) certification. An example device may comprise at least combined AKS and TPM resources that load AKS and TPM firmware (FW) into a runtime environment that may further include at least an operating system (OS) encryption module, an AKS service module and a TPM Certification and Attestation (CA) module. For TPM certification, the CA module may interact with the other modules in the runtime environment to generate a TPM certificate, signed by an AKS certificate, that may be transmitted to a certification platform for validation. For TPM attestation, the CA module may cause TPM credentials to be provided to the attestation platform for validation along with the TPM and/or AKS certificates.

公开(公告)号：US11734460B2

公开(公告)日：2023-08-22

申请号：US17356311

申请日：2021-06-23

Applicant: Intel Corporation

Inventor： Xiaoyu Ruan ,  Tsippy Mendelson ,  Yanai Moyal ,  Daniel Nemiroff

IPC: G06F21/73 ,  G06F21/33 ,  G06F21/57 ,  G06F21/60

CPC classification number: G06F21/73 ,  G06F21/33 ,  G06F21/572 ,  G06F21/602 ,  G06F21/604

Abstract: Connectionless trusted computing base recovery is described. An example of a system includes one or more processors to process data; hardware including a hardware RoT (root of trust); and firmware including a firmware TCB (trusted computing base), the firmware including the credentials including one or more certificates and one or more keys, wherein the one or more processors are to determine that the firmware TCB is compromised and that the hardware RoT is intact; issue new credentials by the hardware RoT to mutable firmware based on a version number or security version number (SVN) of the firmware; and revoke old versions of the credentials for the firmware.

公开(公告)号：US20220222185A1

公开(公告)日：2022-07-14

申请号：US17712109

申请日：2022-04-02

Applicant: Intel Corporation

Inventor： Vidhya Krishnan ,  Siddhartha Chhabra ,  David Puffer ,  Ankur Shah ,  Daniel Nemiroff ,  Utkarsh Y. Kakaiya

IPC: G06F12/14 ,  G06F12/02 ,  G06F11/10

Abstract: Device memory protection for supporting trust domains is described. An example of a computer-readable storage medium includes instructions for allocating device memory for one or more trust domains (TDs) in a system including one or more processors and a graphics processing unit (GPU); allocating a trusted key ID for a TD of the one or more TDs; creating LMTT (Local Memory Translation Table) mapping for address translation tables, the address translation tables being stored in a device memory of the GPU; transitioning the TD to a secure state; and receiving and processing a memory access request associated with the TD, processing the memory access request including accessing a secure version of the address translation tables.

公开(公告)号：US20220004635A1

公开(公告)日：2022-01-06

申请号：US17480601

申请日：2021-09-21

Applicant: Intel Corporation

Inventor： Daniel Nemiroff ,  Vidhya Krishnan ,  Bryan R. White

IPC: G06F21/57 ,  G06F13/10 ,  G06F21/72

Abstract: An apparatus is disclosed. The apparatus comprises a trusted device including a first integrated circuit (IC) die comprising a first plurality of hardware devices and a second IC die comprising a second plurality of hardware devices and cryptographic processor to operate as a root of trust to manage an input/output (I/O) functional state of each of the hardware devices.

公开(公告)号：US20210117365A1

公开(公告)日：2021-04-22

申请号：US17134293

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Zhenyu Zhu ,  Nobuyuki Suzuki ,  Anoop Mukker ,  Daniel Nemiroff ,  David W. Vogel

IPC: G06F13/42 ,  G06F1/08 ,  G06F1/24 ,  G06F1/3287 ,  G06F9/4401

Abstract: An example includes detecting receiving a bus turn-around (BTA) sequence after detecting a voltage level; sending a BTA acknowledgement in response to the BTA sequence; and sending a configuration command to a peripheral device after the interface is initialized based on the BTA acknowledgement.

公开(公告)号：US09705892B2

公开(公告)日：2017-07-11

申请号：US14317579

申请日：2014-06-27

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Jason Martin ,  Daniel Nemiroff

IPC: H04L9/32 ,  G06F7/04 ,  H04L29/06

CPC classification number: H04L63/12 ,  H04L9/3226 ,  H04L9/3297 ,  H04L63/0428 ,  H04L2209/603

Abstract: Systems and methods for providing trusted time service for the off-line mode of operation of a processing system. An example processing system comprises: a first processing device communicatively coupled to a real-time clock, the first processing device to modify an epoch value associated with the real-time clock responsive to detecting a reset of the real-time clock; and a second processing device to execute, in a first trusted execution environment, a first application to receive, from the first processing device, a first time value outputted by the real-time clock and a first epoch value associated with the real-time clock.