Patents by Inventor Bin Xing

Bin Xing has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9996690
    Abstract: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.
    Type: Grant
    Filed: December 27, 2014
    Date of Patent: June 12, 2018
    Assignee: McAfee, LLC
    Inventors: Ned M. Smith, Dmitri Rubakha, Samir Shah, Jason Martin, Micah J. Sheller, Somnath Chakrabarti, Bin Xing
  • Patent number: 9971702
    Abstract: An example system that includes a processor and a memory device. The processor may include multiple execution units to execute instructions and a memory device coupled to the processor. The memory device stores the instructions in an unprotected region and a protected region. The processor may determine that a first exception occurred while executing a first set of instructions for an application stored in a secured page of the protected region. The processor may invoke a first subroutine to forward exception context for the first exception to a second subroutine, where the first subroutine is stored in the protected region and the second subroutine is stored in the unprotected region. The processor may invoke, by the second subroutine, a third subroutine to execute a second set of instructions associated with the exception context for the first exception.
    Type: Grant
    Filed: October 24, 2016
    Date of Patent: May 15, 2018
    Assignee: Intel Corporation
    Inventor: Bin Xing
  • Publication number: 20180113811
    Abstract: An example system that includes a processor and a memory device. The processor may include multiple execution units to execute instructions and a memory device coupled to the processor. The memory device stores the instructions in an unprotected region and a protected region. The processor may determine that a first exception occurred while executing a first set of instructions for an application stored in a secured page of the protected region. The processor may invoke a first subroutine to forward exception context for the first exception to a second subroutine, where the first subroutine is stored in the protected region and the second subroutine is stored in the unprotected region. The processor may invoke, by the second subroutine, a third subroutine to execute a second set of instructions associated with the exception context for the first exception.
    Type: Application
    Filed: October 24, 2016
    Publication date: April 26, 2018
    Inventor: Bin Xing
  • Patent number: 9933968
    Abstract: A system and method for adapting a secure application execution environment to support multiple configurations includes determining a maximum configuration for the secure application execution environment, determining an optimal configuration for the secure application environment, and, at load time, configuring the secure application execution environment for the optimal configuration.
    Type: Grant
    Filed: April 30, 2015
    Date of Patent: April 3, 2018
    Assignee: Intel Corporation
    Inventor: Bin Xing
  • Publication number: 20180011793
    Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.
    Type: Application
    Filed: September 21, 2017
    Publication date: January 11, 2018
    Inventors: Rebekah M. Leslie-Hurd, Carlos V. Rozas, Francis X. Mckeen, Ilya Alexandrovich, Vedvyas Shanbhogue, Bin Xing, Mark W. Shanahan, Simon P. Johnson
  • Publication number: 20170364689
    Abstract: Technologies for securely binding a manifest to a platform include a computing device having a security engine and a field-programmable fuse. The computing device receives a platform manifest indicative of a hardware configuration of the computing device and a manifest hash. The security engine of the computing device blows a bit of a field programmable fuse and then stores the manifest hash and a counter value of the field-programmable fuse in integrity-protected non-volatile storage. In response to a platform reset, the security engine verifies the stored manifest hash and counter value and then determines whether the stored counter value matches the field-programmable fuse. If verified and current, trusted software may calculate a hash of the platform manifest and compare the calculated hash to the stored manifest hash. If matching, the platform manifest may be used to discover platform hardware. Other embodiments are described and claimed.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 21, 2017
    Inventors: Pradeep M. Pappachan, Reshma Lal, Siddhartha Chhabra, Gideon Gerzon, Baruch Chaikin, Bin Xing, William A. Stevens, JR.
  • Publication number: 20170364688
    Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 21, 2017
    Inventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
  • Publication number: 20170364707
    Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.
    Type: Application
    Filed: June 20, 2017
    Publication date: December 21, 2017
    Inventors: Reshma Lal, Gideon Gerzon, Baruch Chaikin, Siddhartha Chhabra, Pradeep M. Pappachan, Bin Xing
  • Patent number: 9811475
    Abstract: Methods and apparatus for a secure sleep state are disclosed. An example method includes, in response to an initiation of a sleep state of a computing platform, encrypting a memory of the computing platform; and decrypting the memory when resuming the computing platform from the sleep state, wherein placing the computing platform in the sleep state includes powering down a portion of the computing platform and preserving a state of the computing platform.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: November 7, 2017
    Assignee: INTEL CORPORATION
    Inventors: Krystof C. Zmudzinski, Matthew E. Hoekstra, John L. Manferdelli, Bin Xing
  • Patent number: 9798666
    Abstract: A processor implementing techniques to supporting fault information delivery is disclosed. In one embodiment, the processor includes a memory controller unit to access an enclave page cache (EPC) and a processor core coupled to the memory controller unit. The processor core to detect a fault associated with accessing the EPC and generate an error code associated with the fault. The error code reflects an EPC-related fault cause. The processor core is further to encode the error code into a data structure associated with the processor core. The data structure is for monitoring a hardware state related to the processor core.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: October 24, 2017
    Assignee: Intel Corporation
    Inventors: Rebekah M. Leslie-Hurd, Carlos V. Rozas, Francis X. McKeen, Ilya Alexandrovich, Vedvyas Shanbhogue, Bin Xing, Mark W. Shanahan, Simon P. Johnson
  • Patent number: 9798559
    Abstract: In an example, a computing device may include a trusted execution environment (TEE) for executing signed and verified code. The device may receive a trusted binary object in a first form, but the object may need to be converted to a second format, either on-the-fly, or in advance. This may include, for example, a bytecode interpreter, script interpreter, runtime engine, compiler, just-in-time compiler, or other species of binary translator. The binary translator may be run from the TEE, and the output may then be signed by the TEE and treated as a new trusted binary.
    Type: Grant
    Filed: December 27, 2014
    Date of Patent: October 24, 2017
    Assignee: McAfee, Inc.
    Inventors: Samir Shah, Ned M. Smith, Jason Martin, Micah J. Sheller, Somnath Chakrabarti, Bin Xing
  • Publication number: 20170288875
    Abstract: Technologies for secure inter-enclave communication include a computing device having a processor with secure enclave support. The computing device establishes a first secure enclave and a second secure enclave with the secure enclave support of the processor. The first secure enclave invokes a report instruction to cause the processor to generate a report targeted to the second secure enclave. The report includes a report body and a message authentication code generated using a report key associated with the second secure enclave. The second secure enclave invokes a get key instruction to cause the processor to generate the report key associated with the second secure enclave and generates the message authentication code over the report body using the report key. The first secure enclave and second secure enclave each perform a cryptographic operation on a message using the message authentication code as a cryptographic key. Other embodiments are described and claimed.
    Type: Application
    Filed: March 31, 2016
    Publication date: October 5, 2017
    Inventor: Bin Xing
  • Publication number: 20170286721
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to initialize enclaves on target processors. An example apparatus includes an image file retriever to retrieve configuration parameters associated with an enclave file, and an address space manager to calculate a minimum virtual address space value for an enclave image layout based on the configuration parameters, and generate an optimized enclave image layout to allow enclave image execution on unknown target processor types by multiplying the minimum address space value with a virtual address factor to determine an optimized virtual address space value for the optimized enclave image layout.
    Type: Application
    Filed: March 31, 2016
    Publication date: October 5, 2017
    Inventor: Bin Xing
  • Publication number: 20170289151
    Abstract: Technologies for dynamic loading of integrity protected modules into a secure enclave include a computing device having a processor with secure enclave support. The computing device divides an executable image into multiple chunks, hashes each of the chunks with corresponding attributes that affect security to generate a corresponding hash value, and generates a hash tree as a function of the hash values. The computing device generates an initial secure enclave memory image that includes the root value of the hash tree. At runtime, the computing device accesses a chunk of the executable image from within the secure enclave, which generates a page fault. In response to the page fault, the secure enclave verifies the associated chunk based on the hash tree and accepts the chunk into the secure enclave in response to successful verification. The root value of the hash tree is integrity-protected. Other embodiments are described and claimed.
    Type: Application
    Filed: March 29, 2016
    Publication date: October 5, 2017
    Inventors: Mark W. Shanahan, Bin Xing
  • Publication number: 20170262156
    Abstract: According to an example, a position of a pointer may be detected to be positioned over an icon of a plurality of selectable icons. A menu containing a set of sub-icons corresponding to the icon may be displayed and a first location and a second location of the displayed menu may be determined. A first line and a second line may be determined and a plurality of points in a movement of the pointer may be recorded. A third line that crosses the plurality of recorded points may also be determined. In response to a determination that the third line is within an area between the first line and the second line, the menu may continue to be displayed while the pointer passes over another icon of the plurality of selectable icons.
    Type: Application
    Filed: December 5, 2014
    Publication date: September 14, 2017
    Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Jiang-Bin XING, Qian LU, Chun-Qi LU, Wen-Ying YANG, Bing ZHANG
  • Publication number: 20170133256
    Abstract: In some embodiments, an interconnection structure, an exposure alignment system, and a fabricating method thereof are provided. The method comprises: providing a wafer, forming a first to-be-connected member and multiple first alignment members in a first conductive layer; form a first opening and multiple second alignment members in a first mask layer, the first opening is used to define a position of a second to-be-connected member; based on reference and measurement coordinates of the first alignment members, and reference coordinates and measurement coordinates of the second alignment members, obtaining wafer coordinates for characterizing a position deviation of the wafer; obtaining adjustment compensation values according to stacking offsets of a preceding wafer; adjusting a position of the wafer; forming the interconnection structure in a first dielectric layer and a second dielectric layer to electrically interconnect the first to-be-connected member and the second to-be-connected member.
    Type: Application
    Filed: October 26, 2016
    Publication date: May 11, 2017
    Inventors: QIANG ZHANG, BIN XING, JING AN HAO
  • Patent number: 9646865
    Abstract: In some embodiments, an interconnection structure, an exposure alignment system, and a fabricating method thereof are provided. The method comprises: providing a wafer, forming a first to-be-connected member and multiple first alignment members in a first conductive layer; form a first opening and multiple second alignment members in a first mask layer, the first opening is used to define a position of a second to-be-connected member; based on reference and measurement coordinates of the first alignment members, and reference coordinates and measurement coordinates of the second alignment members, obtaining wafer coordinates for characterizing a position deviation of the wafer; obtaining adjustment compensation values according to stacking offsets of a preceding wafer; adjusting a position of the wafer; forming the interconnection structure in a first dielectric layer and a second dielectric layer to electrically interconnect the first to-be-connected member and the second to-be-connected member.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: May 9, 2017
    Assignees: SEMICONDUCTOR MANUFACTURING INTERNATIONAL (BEIJING) CORPORATION, SEMICONDUCTOR MANUFACTURING INTERNATIONAL (SHANGHAI) CORPORATION
    Inventors: Qiang Zhang, Bin Xing, Jing An Hao
  • Publication number: 20170091445
    Abstract: Technologies for software attack detection include a computing device with a processor and a memory external to the processor. The processor originates a memory transaction with an associated secure enclave status bit that indicates whether the memory transaction originated in a secure execution mode, such as from a secure enclave. The processor computes an error-correcting code (ECC) based as a function of memory transaction data and the secure enclave status bit, and performs the memory transaction based on the ECC and the memory transaction data using the memory of the computing device. The processor may store the ECC and the memory transaction data to memory. The processor may load a stored ECC and data from the memory and compare the computed ECC to the stored ECC to detect memory transactions with an invalid secure enclave status bit. Other embodiments are described and claimed.
    Type: Application
    Filed: September 26, 2015
    Publication date: March 30, 2017
    Inventors: Bin Xing, Krystof C. Zmudzinski, Wei Wu, Shih-Lien L. Lu, Carlos V. Rozas, Francis X. McKeen, Siddhartha Chhabra, Mark W. Shanahan
  • Patent number: 9606940
    Abstract: An embodiment includes at least one machine readable medium on which is stored code that, when executed enables a system to initialize a trusted loader enclave (TL) and a measurement and storage manager enclave (MSM) within a memory of the system, to receive by the MSM a TL measurement of the TL from a trusted processor of the system, to determine whether to establish a secure channel between the MSM and the TL based at least in part on the TL measurement, and responsive to a determination to establish the secure channel, to establish the secure channel and store particular code in the TL. Additional embodiments are described and claimed.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: March 28, 2017
    Assignee: Intel Corporation
    Inventors: Micah J. Sheller, Bin Xing, Vincent R. Scarlata
  • Publication number: 20170068455
    Abstract: Apparatuses, methods and storage medium associated with application execution enclave cache management, are disclosed herein. In embodiments, an apparatus may include one or more processors with supports for application execution enclaves; cache memory coupled with the one or more processors to be organized into a plurality of cache pages; and an exception handler to be operated by the one or more processors to handle cache page fault exceptions, wherein to handle cache page fault exceptions includes to handle a cache page fault triggered to request additional allocation of one or more cache pages to an execution enclave of an application. Other embodiments may be described and/or claimed.
    Type: Application
    Filed: September 9, 2015
    Publication date: March 9, 2017
    Inventors: Bin Xing, Mark W. Shanahan, Bo Zhang