-
1.发明公开公开(公告)号:US20240311234A1
公开(公告)日:2024-09-19
申请号:US18676811
申请日:2024-05-29
申请人: Intel Corporation
发明人: David M. Durham , Sergej Deutsch , Karanvir Grewal
CPC分类号: G06F11/1044 , H04L9/0816
摘要: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.
-
2.发明公开公开(公告)号:US20230402077A1
公开(公告)日:2023-12-14
申请号:US18145095
申请日:2022-12-22
申请人: Intel Corporation
发明人: Sergej Deutsch , Christoph Dobraunig , Rajat Agarwal , David M. Durham , Santosh Ghosh , Karanvir Grewal , Krystian Matusiewicz
IPC分类号: G06F11/10
CPC分类号: G06F11/1044
摘要: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.
-
3.发明申请公开(公告)号:US20210406199A1
公开(公告)日:2021-12-30
申请号:US16912542
申请日:2020-06-25
申请人: Intel Corporation
发明人: Michael Kounavis , David Koufaty , Anna Trikalinou , Karanvir Grewal , Philip Lantz , Utkarsh Y. Kakaiya , Vedvyas Shanbhogue
IPC分类号: G06F12/14 , G06F12/1036 , G06F12/1081 , G06F12/0831 , G06F12/0882 , G06F12/06 , G06F21/60 , H04L9/32
摘要: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory for storage of data, an Input/Output Memory Management Unit (IOMMU) coupled to the memory via a host-to-device link the IOMMU to perform operations, comprising receiving an address translation request from a remote device via a host-to-device link, wherein the address translation request comprises a virtual address (VA), determining a physical address (PA) associated with the virtual address (VA), generating an encrypted physical address (EPA) using at least the physical address (PA) and a cryptographic key, and sending the encrypted physical address (EPA) to the remote device via the host-to-device link.
-
公开(公告)号:US11019098B2
公开(公告)日:2021-05-25
申请号:US16023941
申请日:2018-06-29
申请人: Intel Corporation
发明人: Sergej Deutsch , David Durham , Karanvir Grewal , Rajat Agarwal
摘要: The present disclosure is directed to systems and methods for providing protection against replay attacks on memory, by refreshing or updating encryption keys. The disclosed replay protected computing system may employ encryption refresh of memory so that unauthorized copies of data are usable for a limited amount of time (e.g., 500 milliseconds or less). The replay protected computing system initially encrypts protected data prior to storage in memory. After a predetermined time or after a number of memory accesses have occurred, the replay protected computing system decrypts the data with the existing key and re-encrypts data with a new key. Unauthorized copies of data (such as those made by an adversary system/program) are not refreshed with subsequent new keys. When an adversary program attempts to use the unauthorized copies of data, the unauthorized copies of data are decrypted with the incorrect keys, which renders the decrypted data unintelligible.
-
公开(公告)号:US20190196977A1
公开(公告)日:2019-06-27
申请号:US16288844
申请日:2019-02-28
申请人: Intel Corporation
CPC分类号: G06F12/10 , G06F3/0604 , G06F3/065 , G06F3/0673 , G06F11/1076 , G06F21/602 , G06F2212/657
摘要: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.
-
公开(公告)号:US10079813B2
公开(公告)日:2018-09-18
申请号:US15085114
申请日:2016-03-30
申请人: Intel Corporation
发明人: Karanvir Grewal , Men Long , Prashant Dewan
CPC分类号: H04L9/083 , H04L9/321 , H04L9/3247 , H04L63/061
摘要: Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.
-
公开(公告)号:US12066888B2
公开(公告)日:2024-08-20
申请号:US17944352
申请日:2022-09-14
申请人: Intel Corporation
CPC分类号: G06F11/1004 , G06F3/0622 , G06F3/0629 , G06F3/0673
摘要: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.
-
8.发明授权公开(公告)号:US11995006B2
公开(公告)日:2024-05-28
申请号:US17559258
申请日:2021-12-22
申请人: Intel Corporation
IPC分类号: G06F21/00 , G06F11/07 , G06F11/10 , G06F12/0853 , G06F12/14
CPC分类号: G06F12/1466 , G06F11/0772 , G06F11/1068 , G06F12/0853 , G06F12/1408
摘要: A method comprises generating, for a cacheline, a first tag and a second tag, the first tag and the second tag generated as a function of user data stored and metadata in the cacheline stored in a first memory device, and a multiplication parameter derived from a secret key, storing the user data, the metadata, the first tag and the second tag in the first cacheline of the first memory device; generating, for the cacheline, a third tag and a fourth tag, the third tag and the fourth tag generated as a function of the user data stored and metadata in the cacheline stored in a second memory device, and the multiplication parameter; storing the user data, the metadata, the third tag and the fourth tag in the corresponding cache line of the second memory device; receiving, from a requesting device, a read operation directed to the cacheline; and using the first tag, the second tag, the third tag, and the fourth tag to determine whether a read error occurred during the read operation.
-
公开(公告)号:US20190045030A1
公开(公告)日:2019-02-07
申请号:US15839194
申请日:2017-12-12
申请人: Intel Corporation
摘要: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).
-
公开(公告)号:US20190044973A1
公开(公告)日:2019-02-07
申请号:US16023941
申请日:2018-06-29
申请人: Intel Corporation
发明人: Sergej Deutsch , David Durham , Karanvir Grewal , Rajat Agarwal
摘要: The present disclosure is directed to systems and methods for providing protection against replay attacks on memory, by refreshing or updating encryption keys. The disclosed replay protected computing system may employ encryption refresh of memory so that unauthorized copies of data are usable for a limited amount of time (e.g., 500 milliseconds or less). The replay protected computing system initially encrypts protected data prior to storage in memory. After a predetermined time or after a number of memory accesses have occurred, the replay protected computing system decrypts the data with the existing key and re-encrypts data with a new key. Unauthorized copies of data (such as those made by an adversary system/program) are not refreshed with subsequent new keys. When an adversary program attempts to use the unauthorized copies of data, the unauthorized copies of data are decrypted with the incorrect keys, which renders the decrypted data unintelligible.
-
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.022 秒)
