Patents by Inventor Bin Xing
Bin Xing has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9996690Abstract: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.Type: GrantFiled: December 27, 2014Date of Patent: June 12, 2018Assignee: McAfee, LLCInventors: Ned M. Smith, Dmitri Rubakha, Samir Shah, Jason Martin, Micah J. Sheller, Somnath Chakrabarti, Bin Xing
-
Patent number: 9971702Abstract: An example system that includes a processor and a memory device. The processor may include multiple execution units to execute instructions and a memory device coupled to the processor. The memory device stores the instructions in an unprotected region and a protected region. The processor may determine that a first exception occurred while executing a first set of instructions for an application stored in a secured page of the protected region. The processor may invoke a first subroutine to forward exception context for the first exception to a second subroutine, where the first subroutine is stored in the protected region and the second subroutine is stored in the unprotected region. The processor may invoke, by the second subroutine, a third subroutine to execute a second set of instructions associated with the exception context for the first exception.Type: GrantFiled: October 24, 2016Date of Patent: May 15, 2018Assignee: Intel CorporationInventor: Bin Xing
-
Publication number: 20180113811Abstract: An example system that includes a processor and a memory device. The processor may include multiple execution units to execute instructions and a memory device coupled to the processor. The memory device stores the instructions in an unprotected region and a protected region. The processor may determine that a first exception occurred while executing a first set of instructions for an application stored in a secured page of the protected region. The processor may invoke a first subroutine to forward exception context for the first exception to a second subroutine, where the first subroutine is stored in the protected region and the second subroutine is stored in the unprotected region. The processor may invoke, by the second subroutine, a third subroutine to execute a second set of instructions associated with the exception context for the first exception.Type: ApplicationFiled: October 24, 2016Publication date: April 26, 2018Inventor: Bin Xing
-
Patent number: 9933968Abstract: A system and method for adapting a secure application execution environment to support multiple configurations includes determining a maximum configuration for the secure application execution environment, determining an optimal configuration for the secure application environment, and, at load time, configuring the secure application execution environment for the optimal configuration.Type: GrantFiled: April 30, 2015Date of Patent: April 3, 2018Assignee: Intel CorporationInventor: Bin Xing
-
Publication number: 20180011793Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.Type: ApplicationFiled: September 21, 2017Publication date: January 11, 2018Inventors: Rebekah M. Leslie-Hurd, Carlos V. Rozas, Francis X. Mckeen, Ilya Alexandrovich, Vedvyas Shanbhogue, Bin Xing, Mark W. Shanahan, Simon P. Johnson
-
Publication number: 20170364689Abstract: Technologies for securely binding a manifest to a platform include a computing device having a security engine and a field-programmable fuse. The computing device receives a platform manifest indicative of a hardware configuration of the computing device and a manifest hash. The security engine of the computing device blows a bit of a field programmable fuse and then stores the manifest hash and a counter value of the field-programmable fuse in integrity-protected non-volatile storage. In response to a platform reset, the security engine verifies the stored manifest hash and counter value and then determines whether the stored counter value matches the field-programmable fuse. If verified and current, trusted software may calculate a hash of the platform manifest and compare the calculated hash to the stored manifest hash. If matching, the platform manifest may be used to discover platform hardware. Other embodiments are described and claimed.Type: ApplicationFiled: June 20, 2017Publication date: December 21, 2017Inventors: Pradeep M. Pappachan, Reshma Lal, Siddhartha Chhabra, Gideon Gerzon, Baruch Chaikin, Bin Xing, William A. Stevens, JR.
-
Publication number: 20170364688Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.Type: ApplicationFiled: June 20, 2017Publication date: December 21, 2017Inventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
-
Publication number: 20170364707Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.Type: ApplicationFiled: June 20, 2017Publication date: December 21, 2017Inventors: Reshma Lal, Gideon Gerzon, Baruch Chaikin, Siddhartha Chhabra, Pradeep M. Pappachan, Bin Xing
-
Patent number: 9811475Abstract: Methods and apparatus for a secure sleep state are disclosed. An example method includes, in response to an initiation of a sleep state of a computing platform, encrypting a memory of the computing platform; and decrypting the memory when resuming the computing platform from the sleep state, wherein placing the computing platform in the sleep state includes powering down a portion of the computing platform and preserving a state of the computing platform.Type: GrantFiled: June 29, 2012Date of Patent: November 7, 2017Assignee: INTEL CORPORATIONInventors: Krystof C. Zmudzinski, Matthew E. Hoekstra, John L. Manferdelli, Bin Xing
-
Patent number: 9798666Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.Type: GrantFiled: June 26, 2015Date of Patent: October 24, 2017Assignee: Intel CorporationInventors: Rebekah M. Leslie-Hurd, Carlos V. Rozas, Francis X. McKeen, Ilya Alexandrovich, Vedvyas Shanbhogue, Bin Xing, Mark W. Shanahan, Simon P. Johnson
-
Patent number: 9798559Abstract: In an example, a computing device may include a trusted execution environment (TEE) for executing signed and verified code. The device may receive a trusted binary object in a first form, but the object may need to be converted to a second format, either on-the-fly, or in advance. This may include, for example, a bytecode interpreter, script interpreter, runtime engine, compiler, just-in-time compiler, or other species of binary translator. The binary translator may be run from the TEE, and the output may then be signed by the TEE and treated as a new trusted binary.Type: GrantFiled: December 27, 2014Date of Patent: October 24, 2017Assignee: McAfee, Inc.Inventors: Samir Shah, Ned M. Smith, Jason Martin, Micah J. Sheller, Somnath Chakrabarti, Bin Xing
-
Publication number: 20170288875Abstract: Technologies for secure inter-enclave communication include a computing device having a processor with secure enclave support. The computing device establishes a first secure enclave and a second secure enclave with the secure enclave support of the processor. The first secure enclave invokes a report instruction to cause the processor to generate a report targeted to the second secure enclave. The report includes a report body and a message authentication code generated using a report key associated with the second secure enclave. The second secure enclave invokes a get key instruction to cause the processor to generate the report key associated with the second secure enclave and generates the message authentication code over the report body using the report key. The first secure enclave and second secure enclave each perform a cryptographic operation on a message using the message authentication code as a cryptographic key. Other embodiments are described and claimed.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Inventor: Bin Xing
-
Publication number: 20170286721Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize enclaves on target processors. An example apparatus includes an image file retriever to retrieve configuration parameters associated with an enclave file, and an address space manager to calculate a minimum virtual address space value for an enclave image layout based on the configuration parameters, and generate an optimized enclave image layout to allow enclave image execution on unknown target processor types by multiplying the minimum address space value with a virtual address factor to determine an optimized virtual address space value for the optimized enclave image layout.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Inventor: Bin Xing
-
Publication number: 20170289151Abstract: Technologies for dynamic loading of integrity protected modules into a secure enclave include a computing device having a processor with secure enclave support. The computing device divides an executable image into multiple chunks, hashes each of the chunks with corresponding attributes that affect security to generate a corresponding hash value, and generates a hash tree as a function of the hash values. The computing device generates an initial secure enclave memory image that includes the root value of the hash tree. At runtime, the computing device accesses a chunk of the executable image from within the secure enclave, which generates a page fault. In response to the page fault, the secure enclave verifies the associated chunk based on the hash tree and accepts the chunk into the secure enclave in response to successful verification. The root value of the hash tree is integrity-protected. Other embodiments are described and claimed.Type: ApplicationFiled: March 29, 2016Publication date: October 5, 2017Inventors: Mark W. Shanahan, Bin Xing
-
Publication number: 20170262156Abstract: According to an example, a position of a pointer may be detected to be positioned over an icon of a plurality of selectable icons. A menu containing a set of sub-icons corresponding to the icon may be displayed and a first location and a second location of the displayed menu may be determined. A first line and a second line may be determined and a plurality of points in a movement of the pointer may be recorded. A third line that crosses the plurality of recorded points may also be determined. In response to a determination that the third line is within an area between the first line and the second line, the menu may continue to be displayed while the pointer passes over another icon of the plurality of selectable icons.Type: ApplicationFiled: December 5, 2014Publication date: September 14, 2017Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Jiang-Bin XING, Qian LU, Chun-Qi LU, Wen-Ying YANG, Bing ZHANG
-
Publication number: 20170133256Abstract: In some embodiments, an interconnection structure, an exposure alignment system, and a fabricating method thereof are provided. The method comprises: providing a wafer, forming a first to-be-connected member and multiple first alignment members in a first conductive layer; form a first opening and multiple second alignment members in a first mask layer, the first opening is used to define a position of a second to-be-connected member; based on reference and measurement coordinates of the first alignment members, and reference coordinates and measurement coordinates of the second alignment members, obtaining wafer coordinates for characterizing a position deviation of the wafer; obtaining adjustment compensation values according to stacking offsets of a preceding wafer; adjusting a position of the wafer; forming the interconnection structure in a first dielectric layer and a second dielectric layer to electrically interconnect the first to-be-connected member and the second to-be-connected member.Type: ApplicationFiled: October 26, 2016Publication date: May 11, 2017Inventors: QIANG ZHANG, BIN XING, JING AN HAO
-
Patent number: 9646865Abstract: In some embodiments, an interconnection structure, an exposure alignment system, and a fabricating method thereof are provided. The method comprises: providing a wafer, forming a first to-be-connected member and multiple first alignment members in a first conductive layer; form a first opening and multiple second alignment members in a first mask layer, the first opening is used to define a position of a second to-be-connected member; based on reference and measurement coordinates of the first alignment members, and reference coordinates and measurement coordinates of the second alignment members, obtaining wafer coordinates for characterizing a position deviation of the wafer; obtaining adjustment compensation values according to stacking offsets of a preceding wafer; adjusting a position of the wafer; forming the interconnection structure in a first dielectric layer and a second dielectric layer to electrically interconnect the first to-be-connected member and the second to-be-connected member.Type: GrantFiled: October 26, 2016Date of Patent: May 9, 2017Assignees: SEMICONDUCTOR MANUFACTURING INTERNATIONAL (BEIJING) CORPORATION, SEMICONDUCTOR MANUFACTURING INTERNATIONAL (SHANGHAI) CORPORATIONInventors: Qiang Zhang, Bin Xing, Jing An Hao
-
Publication number: 20170091445Abstract: Technologies for software attack detection include a computing device with a processor and a memory external to the processor. The processor originates a memory transaction with an associated secure enclave status bit that indicates whether the memory transaction originated in a secure execution mode, such as from a secure enclave. The processor computes an error-correcting code (ECC) based as a function of memory transaction data and the secure enclave status bit, and performs the memory transaction based on the ECC and the memory transaction data using the memory of the computing device. The processor may store the ECC and the memory transaction data to memory. The processor may load a stored ECC and data from the memory and compare the computed ECC to the stored ECC to detect memory transactions with an invalid secure enclave status bit. Other embodiments are described and claimed.Type: ApplicationFiled: September 26, 2015Publication date: March 30, 2017Inventors: Bin Xing, Krystof C. Zmudzinski, Wei Wu, Shih-Lien L. Lu, Carlos V. Rozas, Francis X. McKeen, Siddhartha Chhabra, Mark W. Shanahan
-
Patent number: 9606940Abstract: An embodiment includes at least one machine readable medium on which is stored code that, when executed enables a system to initialize a trusted loader enclave (TL) and a measurement and storage manager enclave (MSM) within a memory of the system, to receive by the MSM a TL measurement of the TL from a trusted processor of the system, to determine whether to establish a secure channel between the MSM and the TL based at least in part on the TL measurement, and responsive to a determination to establish the secure channel, to establish the secure channel and store particular code in the TL. Additional embodiments are described and claimed.Type: GrantFiled: March 27, 2015Date of Patent: March 28, 2017Assignee: Intel CorporationInventors: Micah J. Sheller, Bin Xing, Vincent R. Scarlata
-
Publication number: 20170068455Abstract: Apparatuses, methods and storage medium associated with application execution enclave cache management, are disclosed herein. In embodiments, an apparatus may include one or more processors with supports for application execution enclaves; cache memory coupled with the one or more processors to be organized into a plurality of cache pages; and an exception handler to be operated by the one or more processors to handle cache page fault exceptions, wherein to handle cache page fault exceptions includes to handle a cache page fault triggered to request additional allocation of one or more cache pages to an execution enclave of an application. Other embodiments may be described and/or claimed.Type: ApplicationFiled: September 9, 2015Publication date: March 9, 2017Inventors: Bin Xing, Mark W. Shanahan, Bo Zhang