What technology area does this patent fall under?

Primary CPC classification G06F9/45558. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Feb 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Processor extensions for execution of secure embedded containers

US9268594B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9268594-B2
Application number	US-201514730224-A
Country	US
Kind code	B2
Filing date	Jun 3, 2015
Priority date	Dec 31, 2008
Publication date	Feb 23, 2016
Grant date	Feb 23, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.

First claim

Opening claim text (preview).

The invention claimed is: 1. A processor comprising: one or more processor cores; a cache storage configured to be accessed by said one or more processor cores using an extended page table (EPT); an on-package memory to store a key page mapped to physical addresses from an Operating System (OS) independent memory partition, having an execution environment that is independent of, and unaffected by operating systems and virtual machine managers; and an embedded processor key configured to be accessed by an OS Independent (OI) Resource Manager (OIRM) to perform cryptographic operations, wherein an application running on the processor from outside the OI memory partition can invoke a blob service provided by the OIRM to create a key blob to access the key page inside the OI memory partition. 2. The processor of claim 1 , wherein the OIRM is to dynamically partition cycles of the processor between executing operations or instructions from inside the OI memory partition and from outside the OI memory partition. 3. The processor of claim 2 , wherein the OIRM is to couple a plurality of partitions to the processor, the plurality of partitions including at least the OI memory partition and a second partition to store an OS. 4. The processor of claim 3 , wherein responsive to an instruction for loading the key page from said application running on the processor from outside the OI memory partition, the OIRM is to copy data from the key page into the on-package memory and decrypt the data in the on-package memory using said key blob. 5. The processor of claim 4 , wherein further responsive to the instruction for loading the key page from said application running on the processor from outside the OI memory partition, the OIRM is to update the EPT to redirect accesses, from the physical addresses mapped to the key page in the OI memory partition, to physical addresses mapped to the on-package memory. 6. The processor of claim 5 , wherein further responsive to the instruction for loading the key page from said application running on the processor from outside the OI memory partition, the OIRM is to decrypt said key blob using the embedded processor key and decrypt the data in the on-package memory using the decrypted key blob. 7. The processor of claim 6 , wherein responsive to an instruction for storing the key page from said application running on the processor from outside the OI memory partition, the OIRM is to encrypt the data in the on-package memory using said key blob and copy the encrypted data from the on-package memory to the key page in the OI memory partition. 8. The processor of claim 7 , wherein further responsive to the instruction for storing the key page from said application running on the processor from outside the OI memory partition, the OIRM is to decrypt said key blob using the embedded processor key and encrypt the data in the on-package memory using the decrypted key blob. 9. The processor of claim 8 , wherein the OIRM is to maintain an integrity check value array to store data corresponding to one or more pages of the OI memory partition, wherein each entry in the array is to indicate a secure hash algorithm value, a validity, and direct memory access of a corresponding page in the OI memory partition. 10. The processor of claim 9 , wherein the OIRM is to determine integrity of the one or more pages of the first partition based on values stored in a corresponding entry of the integrity check value array. 11. The processor of claim 10 , wherein the OIRM is to cause an update to a value stored in the integrity check value array in response to detection of a modification to a corresponding page of the OI memory partition. 12. A computer-implemented method comprising: accessing a cache storage by one or more processor cores using an extended page table (EPT); storing, in an on-package memory, a key page mapped by the EPT to physical addresses from an Operating System (OS) independent memory partition, having an execution environment that is independent of, and unaffected by operating systems and virtual machine managers; accessing an embedded processor key by an OS Independent (OI) Resource Manager (OIRM) to perform a cryptographic operation; storing said key page inside the OI memory partition; and invoking a blob service provided by the OIRM for an application running on the one or more processor cores from outside the OI memory partition to create a key blob to access said key page mapped to physical addresses inside the OI memory partition. 13. The method of claim 12 , wherein the OIRM is to dynamically partition processor cycles between executing operations or instructions from inside the OI memory partition and from outside the OI memory partition. 14. The method of claim 12 , wherein the OIRM is to couple a plurality of partitions to the one or more processor cores, the plurality of partitions including at least the OI memory partition and a second partition to store an OS. 15. The method of claim 12 , wherein the OIRM is to copy data from the key page into the on-package memory and decrypt the data in the on-package memory using said key blob responsive to an instruction for loading the key page from said application running on the one or more processor cores from outside the OI memory partition. 16. The method of claim 15 , wherein the OIRM is to update the EPT to redirect accesses, from the physical addresses mapped to the key page in the OI memory partition, to physical addresses mapped to the on-package memory further responsive to the instruction for loading the key page from said application running on the processor from outside the OI memory partition. 17. The method of claim 12 , wherein the OIRM is to encrypt the data in the on-package memory using said key blob and copy the encrypted data from the on-package memory to the key page in the OI memory partition responsive to an instruction for storing the key page from said application running on the one or more processor cores from outside the OI memory partition. 18. The method of claim 12 , wherein the OIRM is to maintain an integrity check value array to store data corresponding to one or more pages of the OI memory partition, wherein each entry in the array is to indicate a secure hash algorithm value, a validity, and direct memory access of a corresponding page in the OI memory partition. 19. The method of claim 18 , wherein the OIRM is to determine integrity of the one or more pages of the first partition based on values stored in a corresponding entry of the integrity check value array. 20. The method of claim 18 , wherein the OIRM is to cause an update to a value stored in the integrity check value array in response to detection of a modification to a corresponding page of the OI memory partition. 21. A computing system comprising: a processor comprising: one or more processor cores, a cache storage configured to be accessed by said one or more processor cores using an extended page table (EPT), an on-package memory to store a key page mapped to physical addresses from an Operating System (OS) independent memory partition, having an execution environment that is independent of, and unaffected by operating systems and virtual machine managers, an embedded processor key configured to be accessed by an OS Independent (OI) Resource Manager (OIRM) to perform cryptographic operations, wherein an application running on the processor from outside the OI memory partition can invoke a blob service provided by the OIRM to crea

Assignees

Intel Corp

Inventors

Classifications

H04L2209/24
Key scheduling, i.e. generating round keys or sub-keys for block encryption · CPC title
G06F9/5077
Logical partitioning of resources; Management or configuration of virtualized resources (specific details on emulation or internal functioning of virtual machines G06F9/455) · CPC title
G06F2009/45579
I/O management, e.g. providing access to device drivers or storage · CPC title
H04L9/3242
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
G06F2212/1052
Security improvement · CPC title

Patent family

Related publications grouped by family.

View patent family 42286552

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9268594B2 cover?: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) …
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Feb 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).