Technique for supporting multiple secure enclaves
First Claim
Patent Images
1. A processor comprising:
- a first processor-level key;
instruction hardware to support an instruction set architecture including a plurality secure enclave instructions, the plurality of secure enclave instructions including a first instruction to create a secure enclave and at least a second instruction to manage an enclave page cache;
execution hardware to execute the secure enclave from the enclave page cache;
access control hardware to protect data in the enclave page cache; and
key generation hardware to generate a platform-level key to provide for the secure enclave to correspond to a plurality of processors including the processor, wherein the platform-level key is to be derived from a plurality of processor-level keys corresponding to the plurality of processors and including the first processor-level key, wherein each of the plurality of processors is to store a plurality a package-unique symmetric keys (PUSKs) and a plurality of package-specific asymmetric keys (PASKs).
0 Assignments
0 Petitions
Accused Products
Abstract
A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
28 Citations
3 Claims
-
1. A processor comprising:
- a first processor-level key;
instruction hardware to support an instruction set architecture including a plurality secure enclave instructions, the plurality of secure enclave instructions including a first instruction to create a secure enclave and at least a second instruction to manage an enclave page cache;
execution hardware to execute the secure enclave from the enclave page cache;
access control hardware to protect data in the enclave page cache; and
key generation hardware to generate a platform-level key to provide for the secure enclave to correspond to a plurality of processors including the processor, wherein the platform-level key is to be derived from a plurality of processor-level keys corresponding to the plurality of processors and including the first processor-level key, wherein each of the plurality of processors is to store a plurality a package-unique symmetric keys (PUSKs) and a plurality of package-specific asymmetric keys (PASKs). - View Dependent Claims (2, 3)
- a first processor-level key;
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsJohnson, Simon P., Savagaonkar, Uday R., Scarlata, Vincent R., McKeen, Francis X., Rozas, Carlos V.
-
Primary Examiner(s)Rahman, Mahfuzur
-
Assistant Examiner(s)AMORIN, CARLOS E
-
Application NumberUS13/838,237Publication NumberTime in Patent Office1,810 DaysField of Search713189US Class CurrentCPC Class CodesG06F 12/1466 Key-lock mechanismG06F 21/53 by executing in a restricte...G06F 21/6218 to a system of files or obj...G06F 21/64 Protecting data integrity, ...G06F 21/645 using a third party
