Coordinating peer-to-peer data transfer using blockchain
US-2024356755-A1 · Oct 24, 2024 · US
Secure processing environment measurement and attestation
US9276750B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9276750-B2 |
| Application number | US-201313949192-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 23, 2013 |
| Priority date | Jul 23, 2013 |
| Publication date | Mar 1, 2016 |
| Grant date | Mar 1, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement.
First claim
Opening claim text (preview).
What is claimed is: 1. A processor comprising: instruction hardware to receive a first instruction and a second instruction, the first instruction associated with one of a build and a rebuild of a secure enclave, wherein the first instruction, when associated with the rebuild, provides an expected hash; and execution hardware to execute the first instruction and the second instruction, wherein execution of the first instruction, when associated with the build, includes calculation of a calculated hash of the secure enclave and calculation of a message authentication code of the secure enclave, and when associated with the rebuild, includes obtaining the message authentication code calculated during the build, calculation of the message authentication code without calculation of the calculated hash, and comparing the message authentication code calculated during the rebuild to the message authentication code calculated during the build, and wherein execution of the second instruction includes attesting to content of the secure enclave using one of the calculated hash and the expected hash. 2. The processor of claim 1 , further including a key, wherein calculation of the message authentication code is performed using the key. 3. The processor of claim 1 , wherein execution of the first instruction, when associated with the rebuild, also includes calculating the message authentication code based on the expected hash. 4. The processor of claim 1 , wherein calculation of the calculated hash is based on SHA-256. 5. A method comprising: invoking a first instruction to measure an initial build of a secure enclave; executing, by execution hardware in a processor, the first instruction to measure the initial build, including calculating a calculated hash of the secure enclave and calculating a message authentication code of the secure enclave; storing the calculated hash in a measurement register in a cache protected by the processor from access except by software executing from within the secure enclave; invoking the first instruction to measure a subsequent build of the secure enclave, the first instruction providing an expected hash; executing, by the execution hardware in the processor, the first instruction to measure the subsequent build, including obtaining the message authentication code calculated during the initial build, calculating the message authentication code without calculation of the calculated hash, and comparing the message authentication code calculated during the subsequent build to the message authentication code calculated during the initial build; invoking a second instruction to attest to content of the secure enclave; and executing, by the execution hardware in the processor, the second instruction to attest to content of the secure enclave using one of the calculated hash and the expected hash. 6. The method of claim 5 , wherein calculating the calculated message authentication code is performed using a key. 7. The method of claim 5 , wherein calculating the calculated message authentication code in response to the first instruction, when associated with the subsequent build, includes calculating the message authentication code based on the expected hash. 8. A system comprising: a system memory; and a processor including an instruction unit to receive a first instruction and a second instruction, the first instruction associated with one of a build and a rebuild of a secure enclave using data from the system memory, wherein the first instruction, when associated with the rebuild, provides an expected hash; and an execution unit to execute the first instruction and the second instruction, wherein execution of the first instruction, when associated with the build, includes calculation of a calculated hash of the secure enclave and calculation of a message authentication code of the secure enclave, and when associated with the rebuild, includes obtaining the message authentication code calculated during the build, calculation of the message authentication code without calculation of the calculated hash, and comparing the message authentication code calculated during the rebuild to the message authentication code calculated during the build, and wherein execution of the second instruction includes attesting to content of the secure enclave using one of the calculated hash and the expected hash.
Assignees
Inventors
Classifications
- H04L9/3242Primary
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Trusted platform modules [TPM] · CPC title
to perform operations on memory · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9276750B2 cover?
- Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when…
- Who is the assignee on this patent?
- Scarlata Vincent R, Rozas Carlos, Johnson Simon, and 10 more
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3242. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 01 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).