Attestation key memory device and bus
First Claim
Patent Images
1. An apparatus comprising:
- an interface to map a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and
a communication storage corresponding to the address space to allow the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.
1 Assignment
0 Petitions
Accused Products
Abstract
In an embodiment of the present invention, a technique is provided for remote attestation. An interface maps a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode. The secure environment is associated with an isolated memory area accessible by at least one processor. The at least one processor operates in one of a normal execution mode and the isolated execution mode. A communication storage corresponding to the address space allows the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation.
177 Citations
80 Claims
-
1. An apparatus comprising:
-
an interface to map a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and a communication storage corresponding to the address space to allow the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
mapping a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and exchanging security information between the device and the at least one processor in the isolated execution mode in a remote attestation via a communication storage corresponding to the address space. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A computer program product comprising:
a machine readable medium having program code embedded therein, the computer program product comprising; computer readable program code for mapping a device via a bus to an address space of a chipset in a secure environment for an isolated execution mode, the secure environment being associated with an isolated memory area accessible by at least one processor, the at least one processor operating in one of a normal execution mode and the isolated execution mode; and computer readable program code for exchanging security information between the device and the at least one processor in the isolated execution mode in a remote attestation via a communication storage corresponding to the address space. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
61. A system comprising:
-
at least one processor operating in a secure environment, the at least one processor having one of a normal execution mode and an isolated execution mode; a memory coupled to the at least one processor, the memory having an isolated memory area accessible to the at least one processor in the isolated execution mode; and a chipset coupled to the at least one processor and the memory, the chipset having a circuit, the circuit comprising; an interface to map a device via a bus to an address space of the chipset in the secure environment, and a communication storage corresponding to the address space to allow the device to exchange security information with the at least one processor in the isolated execution mode in a remote attestation. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
-
Specification