Patents by Inventor Bin Xing
Bin Xing has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240202314Abstract: Techniques and mechanisms for a processor core to execute an instruction for a hardware (HW) thread to have access to a trusted execution environment (TEE). In an embodiment, execution of the instruction includes determining whether any sibling HW thread, which is currently active, is also currently approved to access the TEE. TEE access by the HW thread is conditioned upon a requirement that any sibling HW thread is either currently inactive, is currently in the same TEE, or is currently approved to enter the TEE. In another embodiment, execution of another instruction, for the HW thread to exit the TEE, includes or otherwise results in system software being conditionally notified of an opportunity to wake up one or more sibling HW threads.Type: ApplicationFiled: December 19, 2022Publication date: June 20, 2024Applicant: Intel CorporationInventors: Mona Vij, Dmitrii Kuvaiskii, Bin Xing, Krystof Zmudzinski, Scott Constable
-
Patent number: 12005303Abstract: An adjustable elliptical trainer is disclosed, which includes a body, a sliding rail, a connecting piece and a movement mechanism. The sliding rail has one end rotatably connected to the body around an axis and an other end detachably connected to the body by the connecting piece along a longitudinal extension direction of the sliding rail. The movement mechanism includes a sliding part matched with the sliding rail, and the sliding part is provided on the sliding rail and is slidable along the sliding rail. The axis is perpendicular to the longitudinal extension direction of the sliding rail, a first connection point is provided at a joint between the connecting piece and the sliding rail, and a second connection point is provided at a joint between the connecting piece and the body, the connecting piece is configured to be movable relative to the sliding rail and/or the body.Type: GrantFiled: August 23, 2021Date of Patent: June 11, 2024Assignee: OMA Fitness Equipment Co., Ltd.Inventor: Kai Bin Xing
-
Publication number: 20240004320Abstract: A mask plate, an alignment mark and a photolithography system are provided. In one form, an alignment mark includes a plurality of alignment patterns arranged at intervals, where the alignment pattern includes a first pattern extending in a first direction and a second pattern extending in a second direction, the first pattern includes a first end and a second end which are opposite to each other in the first direction, the second pattern includes a third end and a fourth end which are opposite to each other in the second direction, the second end is connected to the third end, the fourth end is connected to the first end, and the alignment pattern is a two-dimensional linear pattern.Type: ApplicationFiled: September 14, 2023Publication date: January 4, 2024Applicants: SEMICONDUCTOR MANUFACTURING INTERNATIONAL (SHANGHAI) CORPORATION, SEMICONDUCTOR MANUFACTURING INTERNATIONAL (BEIJING) CORPORATIONInventors: Wei Hua SANG, Shi Jie WU, Bin XING
-
Publication number: 20230409699Abstract: Detailed herein are examples of determining when to allow access to a trusted execution environment (TEE). For example, using TEE logic associated with software to at least in part: determine that a TEE feature is supported based at least on a value of a bit position in a data structure; and not allow a TEE entry instruction to access to a TEE when the bit position of the data structure is reserved.Type: ApplicationFiled: September 20, 2022Publication date: December 21, 2023Inventors: Scott CONSTABLE, Ilya ALEXANDROVICH, Ittai ANATI, Simon JOHNSON, Vincent SCARLATA, Mona VIJ, Yuan XIAO, Bin XING, Krystof SMUDZINSKI
-
Publication number: 20230273991Abstract: A computing system to receive a new workload by a trusted execution environment virtual machine (TVM); validate the new workload; in response to the new workload being successfully validated, evaluate a launch policy of the new workload against one or more launch policies of one or more existing workloads of the TVM; and in response to the launch policy of the new workload being successfully validated, load the new workload into the TVM.Type: ApplicationFiled: May 3, 2023Publication date: August 31, 2023Applicant: Intel CorporationInventors: Bin Xing, Daniel Middleton
-
Patent number: 11741230Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.Type: GrantFiled: October 22, 2021Date of Patent: August 29, 2023Assignee: INTEL CORPORATIONInventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
-
Publication number: 20230205869Abstract: Systems, methods, and apparatuses relating efficient exception handling in trusted execution environments are described. In an embodiment, a hardware processor includes a register, a decoder, and execution circuitry. The register has a field to be set to enable an architecturally protected execution environment at one of a plurality of contexts for code in an architecturally protected enclave in memory. The decoder is to decode an instruction having a format including a field for an opcode, the opcode to indicate that the execution circuitry is to perform a context change. The execution circuitry is to perform one or more operations corresponding to the instruction, the one or more operations including changing, within the architecturally protected enclave, from a first context to a second context.Type: ApplicationFiled: December 23, 2021Publication date: June 29, 2023Applicant: Intel CorporationInventors: Scott Constable, Bin Xing, Yuan Xiao, Krystof Zmudzinski, Mona Vij, Mark Shanahan, Francis McKeen, Ittai Anati
-
Publication number: 20230128711Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.Type: ApplicationFiled: December 7, 2022Publication date: April 27, 2023Applicant: Intel CorporationInventors: Reshma Lal, Gideon Gerzon, Baruch Chaikin, Siddhartha Chhabra, Pradeep M. Pappachan, Bin Xing
-
Patent number: 11630904Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.Type: GrantFiled: June 21, 2021Date of Patent: April 18, 2023Assignee: Intel CorporationInventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
-
Publication number: 20220405403Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.Type: ApplicationFiled: August 18, 2022Publication date: December 22, 2022Applicant: Intel CorporationInventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
-
Publication number: 20220331651Abstract: An adjustable elliptical trainer is disclosed, which includes a body, a sliding rail, a connecting piece and a movement mechanism. The sliding rail has one end rotatably connected to the body around an axis and other end detachably connected to the body by the connecting piece along a longitudinal extension direction of the sliding rail. The movement mechanism includes a sliding part matched with the sliding rail, and the sliding part is provided on the sliding rail and is slidable along the sliding rail. The axis is perpendicular to the longitudinal extension direction of the sliding rail, a first connection point is provided at a joint between the connecting piece and the sliding rail, and a second connection point is provided at a joint between the connecting piece and the body, the connecting piece is configured to be movable relative to the sliding rail and/or the body.Type: ApplicationFiled: August 23, 2021Publication date: October 20, 2022Inventor: Kai Bin XING
-
Patent number: 11423159Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.Type: GrantFiled: December 5, 2019Date of Patent: August 23, 2022Assignee: INTEL CORPORATIONInventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
-
Publication number: 20220207187Abstract: Systems, methods, and apparatuses relating to an instruction that allows a trusted execution environment to react to an asynchronous exit are described. In one embodiment, a hardware processor includes a register comprising a field, that when set, is to enable an architecturally protected execution environment for code in an architecturally protected enclave in memory, a decoder circuit to decode a single instruction comprising an opcode into a decoded instruction, the opcode to indicate an execution circuit is to invoke a handler to handle an asynchronous exit from execution of the code in the architecturally protected enclave and then resume execution of the code in the architecturally protected enclave from where the asynchronous exit occurred, and the execution circuit to respond to the decoded instruction as specified by the opcode.Type: ApplicationFiled: December 26, 2020Publication date: June 30, 2022Inventors: SCOTT CONSTABLE, MARK SHANAHAN, MONA VIJ, BIN XING, KRYSTOF ZMUDZINSKI
-
Publication number: 20220083347Abstract: A method comprises receiving an instruction to resume operations of an enclave in a cloud computing environment and generating a pseud-random time delay before resuming operations of the enclave in the cloud computing environment.Type: ApplicationFiled: September 14, 2020Publication date: March 17, 2022Applicant: Intel CorporationInventors: Scott Constable, Bin Xing, Fangfei Liu, Thomas Unterluggauer, Krystof Zmudzinski
-
Publication number: 20220035923Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.Type: ApplicationFiled: October 22, 2021Publication date: February 3, 2022Applicant: Intel CorporationInventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
-
Publication number: 20220014381Abstract: A system and method of MAC generation include receiving, by a destination computing system, an encrypted page from a source computing system; decrypting the encrypted page; adding version data for the decrypted page to a receiver message authentication code (MAC) for the decrypted page; receiving a sender MAC corresponding to the encrypted page received from the source computing system, the sender MAC including version data for the encrypted page; comparing the sender MAC to the receiver MAC; and indicating an error when the sender MAC does not match the receiver MAC and indicating a success when the sender MAC matches the receiver MAC.Type: ApplicationFiled: September 22, 2021Publication date: January 13, 2022Applicant: Intel CorporationInventor: Bin Xing
-
Publication number: 20220012369Abstract: In one embodiment, an apparatus comprises a processing circuitry to detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave and in response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping event in the architecturally protected enclave.Type: ApplicationFiled: September 24, 2021Publication date: January 13, 2022Applicant: Intel CorporationInventors: Scott Constable, Yuan Xiao, Bin Xing, Mona Vij, Mark Shanahan
-
Publication number: 20220012086Abstract: Providing multiple virtual processors (VPs) for a trusted domain (TD) includes creating a virtual processor control structure (VPCS) for one or more of a plurality of VPs of the TD of a processor in a computing system, the TD including a trust domain control structure (TDCS), the plurality of VPs having views into addresses of private memory of the TD, the VPCS for a VP including a secure extended page table (SEPT) for the VP; and for the VP, initializing the VPCS for the VP by copying selected entries of the TDCS to the SEPT of the VPCS, pointing a SEPT pointer to the VPCS, and setting an entry point for starting execution of the VP by the processor.Type: ApplicationFiled: September 24, 2021Publication date: January 13, 2022Applicant: Intel CorporationInventor: Bin Xing
-
Patent number: 11157623Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.Type: GrantFiled: February 20, 2019Date of Patent: October 26, 2021Assignee: INTEL CORPORATIONInventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
-
Publication number: 20210319118Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.Type: ApplicationFiled: June 21, 2021Publication date: October 14, 2021Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin