Patents by Inventor Francis McKeen
Francis McKeen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20200272474Abstract: Embodiments of methods and apparatuses for restricted speculative execution are disclosed. In an embodiment, a processor includes configuration storage, an execution circuit, and a controller. The configuration storage is to store an indicator to enable a restricted speculative execution mode of operation of the processor, wherein the processor is to restrict speculative execution when operating in restricted speculative execution mode. The execution circuit is to perform speculative execution. The controller to restrict speculative execution by the execution circuit when the restricted speculative execution mode is enabled.Type: ApplicationFiled: June 17, 2019Publication date: August 27, 2020Applicant: Intel CorporationInventors: Ron Gabor, Alaa Alameldeen, Abhishek Basak, Fangfei Liu, Francis McKeen, Joseph Nuzman, Carlos Rozas, Igor Yanover, Xiang Zou
-
Publication number: 20200004552Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.Type: ApplicationFiled: June 29, 2018Publication date: January 2, 2020Inventors: Fangfei LIU, Bin XING, Michael STEINER, Mona VIJ, Carlos ROZAS, Francis MCKEEN, Meltem OZSOY, Matthew FERNANDEZ, Krystof ZMUDZINSKI, Mark SHANAHAN
-
Publication number: 20190251257Abstract: A processor includes a processing core to identify a code comprising a plurality of instructions to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, the address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping in the address translation data structures to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address ofType: ApplicationFiled: February 15, 2018Publication date: August 15, 2019Inventors: Francis McKeen, Bin Xing, Krystof Zmudzinski, Carlos Rozas, Mona Vij
-
Patent number: 9971705Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.Type: GrantFiled: February 19, 2016Date of Patent: May 15, 2018Assignee: Intel CorporationInventors: Gur Hildesheim, Shlomo Raikin, Ittai Anati, Gideon Gerzon, Uday Savagaonkar, Francis Mckeen, Carlos Rozas, Michael Goldsmith, Prashant Dewan
-
Patent number: 9698989Abstract: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.Type: GrantFiled: July 23, 2013Date of Patent: July 4, 2017Assignee: Intel CorporationInventors: Vincent Scarlata, Carlos Rozas, Simon Johnson, Uday Savagaonkar, Ittai Anati, Francis McKeen, Michael Goldsmith
-
Patent number: 9684608Abstract: Embodiments of an invention for maintaining a secure processing environment across power cycles are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to evict a root version array page entry from a secure cache. The execution unit is to execute the instruction. Execution of the instruction includes generating a blob to contain information to maintain a secure processing environment across a power cycle and storing the blob in a non-volatile memory.Type: GrantFiled: October 28, 2014Date of Patent: June 20, 2017Assignee: Intel CorporationInventors: Francis McKeen, Vincent Scarlata, Carlos Rozas, Ittai Anati, Vedvyas Shanbhogue
-
Patent number: 9407636Abstract: An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.Type: GrantFiled: May 19, 2014Date of Patent: August 2, 2016Assignee: Intel CorporationInventors: Vincent Scarlata, Simon Johnson, Carlos Rozas, Francis McKeen, Ittai Anati, Ilya Alexandrovich, Rebekah Leslie-Hurd
-
Publication number: 20160170900Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.Type: ApplicationFiled: February 19, 2016Publication date: June 16, 2016Applicant: Intel CorporationInventors: Gur Hildesheim, Shlomo Raikin, Ittai Anati, Gideon Gerzon, Uday Savagaonkar, Francis Mckeen, Carlos Rozas, Michael Goldsmith, Prashant Dewan
-
Patent number: 9355262Abstract: Embodiments of an invention for modifying memory permissions in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to modify access permissions for a page in a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes setting new access permissions in an enclave page cache map entry. Furthermore, the page is immediately accessible from inside the secure enclave according to the new access permissions.Type: GrantFiled: December 27, 2013Date of Patent: May 31, 2016Assignee: Intel CorporationInventors: Rebekah Leslie-Hurd, Ilya Alexandrovich, Ittai Anati, Alex Berenzon, Michael Goldsmith, Simon Johnson, Francis McKeen, Carlos Rozas, Uday Savagaonkar, Vincent Scarlata, Vedvyas Shanbhogue, Wesley Smith
-
Patent number: 9286235Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.Type: GrantFiled: June 29, 2012Date of Patent: March 15, 2016Assignee: Intel CorporationInventors: Gur Hildesheim, Shlomo Raikin, Ittai Anati, Gideon Gerzon, Uday Savagaonkar, Francis Mckeen, Carlos Rozas, Michael Goldsmith, Prashant Dewan
-
Patent number: 9276750Abstract: Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement.Type: GrantFiled: July 23, 2013Date of Patent: March 1, 2016Assignee: Intel CorporationInventors: Vincent R. Scarlata, Carlos Rozas, Simon Johnson, Uday Savagaonkar, Rebekah Leslie-Hurd, Barry Huntley, Vedvyas Shanbhogue, Ittai Anati, Francis McKeen, Michael Goldsmith, William Wood, Shay Gueron
-
Publication number: 20150334114Abstract: An apparatus and method for securely suspending and resuming the state of a processor. For example, one embodiment of a method comprises: generating a data structure including at least the monotonic counter value; generating a message authentication code (MAC) over the data structure using a first key; securely providing the data structure and the MAC to a module executed on the processor; the module verifying the MAC, comparing the monotonic counter value with a counter value stored during a previous suspend operation and, if the counter values match, then loading processor state required for the resume operation to complete. Another embodiment of a method comprises: generating a first key by a processor; securely sharing the first key with an off-processor component; and using the first key to generate a pairing ID usable to identify a pairing between the processor and the off-processor component.Type: ApplicationFiled: May 19, 2014Publication date: November 19, 2015Inventors: VINCENT SCARLATA, SIMON JOHNSON, CARLOS ROZAS, FRANCIS MCKEEN, ITTAI ANATI, ILYA ALEXANDROVICH, REBEKAH LESLIE-HURD
-
Publication number: 20150186659Abstract: Embodiments of an invention for modifying memory permissions in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to modify access permissions for a page in a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes setting new access permissions in an enclave page cache map entry. Furthermore, the page is immediately accessible from inside the secure enclave according to the new access permissions.Type: ApplicationFiled: December 27, 2013Publication date: July 2, 2015Inventors: Rebekah LESLIE-HURD, Ilya ALEXANDROVICH, Ittai ANATI, Alex BERENZON, Michael GOLDSMITH, Simon JOHNSON, Francis MCKEEN, Carlos ROZAS, Uday SAVAGAONKAR, Vincent SCARLATA, Vedvyas SHANBHOGUE, Wesley SMITH
-
Publication number: 20150188710Abstract: Embodiments of an invention for offloading functionality from a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes verifying that a signature structure key matches a hardware key that permits functionality to be offloaded.Type: ApplicationFiled: December 28, 2013Publication date: July 2, 2015Inventors: Simon Johnson, Francis McKeen, Vincent Scarlata, Carlos Rozas, Uday Savagaonkar, Michael Goldsmith, Ernie Brickell
-
Publication number: 20150033012Abstract: Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement.Type: ApplicationFiled: July 23, 2013Publication date: January 29, 2015Inventors: Vincent R. Scarlata, Carlos Rozas, Simon Johnson, Uday Savagaonkar, Rebekah Leslie-Hurd, Barry Huntley, Vedvyas Shanbhogue, Ittai Anati, Francis McKeen, Michael Goldsmith, William Wood, Shay Gueron
-
Publication number: 20150033316Abstract: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.Type: ApplicationFiled: July 23, 2013Publication date: January 29, 2015Inventors: Vincent Scarlata, Carlos Rozas, Simon Johnson, Uday Savagaonkar, Ittai Anati, Francis McKeen, Michael Goldsmith
-
Publication number: 20140006746Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.Type: ApplicationFiled: June 29, 2012Publication date: January 2, 2014Inventors: Gur Hildesheim, Shlomo Raikin, Ittai Anati, Gideon Gerzon, Uday Savagaonkar, Francis Mckeen, Carlos Rozas, Michael Goldsmith, Prashant Dewan
-
Publication number: 20070042754Abstract: A method and system for provisioning a shared secret key to enable trusted communications between a SIM and a platform running a trusted application in a third generation or beyond wireless network.Type: ApplicationFiled: July 29, 2005Publication date: February 22, 2007Inventors: Sundeep Bajikar, Francis McKeen, Selim Aissi
-
Publication number: 20060225135Abstract: In one embodiment, the present invention provides for extended memory protection for memory of a system. The embodiment includes a method for associating a protection indicator of a protection record maintained outside of an application's data space with a memory location, and preventing access to the memory location based on the status of the protection indicator. In such manner, more secure operation is provided, as malicious code or other malware is prevented from accessing protected memory locations. Other embodiments are described and claimed.Type: ApplicationFiled: March 31, 2005Publication date: October 5, 2006Inventors: Antonio Cheng, Francis McKeen
-
Publication number: 20060206943Abstract: A processing system has a processor that can operate in a normal ring 0 operating mode and one or more higher ring operating modes above the normal ring 0 operating mode. In addition, the processor can operate in an isolated execution mode. A memory in the processing system may include an ordinary memory area that can be accessed from the normal ring 0 operating mode, as well as an isolated memory area that can be accessed from the isolated execution mode but not from the normal ring 0 operating mode. The processing system may also include an operating system (OS) nub, as well as a key generator. The key generator may generate an OS nub key (OSNK) based at least in part on an identification of the OS nub and a master binding key (BK0) of the platform. Other embodiments are described and claimed.Type: ApplicationFiled: March 21, 2006Publication date: September 14, 2006Inventors: Carl Ellison, Roger Golliver, Howard Herbert, Derrick Lin, Francis McKeen, Gilbert Neiger, Ken Reneris, James Sutton, Shreekant Thakkar, Millind Mittal