GB2481563A - Method and apparatus to provide secure application execution - Google Patents

Method and apparatus to provide secure application execution Download PDF

Info

Publication number
GB2481563A
GB2481563A GB1118724.2A GB201118724A GB2481563A GB 2481563 A GB2481563 A GB 2481563A GB 201118724 A GB201118724 A GB 201118724A GB 2481563 A GB2481563 A GB 2481563A
Authority
GB
United Kingdom
Prior art keywords
secure application
application execution
application
secure
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1118724.2A
Other versions
GB2481563B (en
GB201118724D0 (en
Inventor
Francis X Mckeen
Carlos V Rozas
Uday R Savagankar
Simon P Johnson
Vincent R Scarlata
Michael A Goldsmith
Ernie Brickell
Jiang Tao Li
Howard C Herbert
Prashant Dewan
Stephen J Tolopka
Gilbert Neiger
David Durham
Gary Graunke
Bernard J Lint
Don A Van Dyke
Joseph Cihula
Stalinselvaraj Jeyasingh
Stephen R Van Doren
Dion Rodgers
John I Garney
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to PCT/US2009/069212 priority Critical patent/WO2011078855A1/en
Publication of GB201118724D0 publication Critical patent/GB201118724D0/en
Publication of GB2481563A publication Critical patent/GB2481563A/en
Application granted granted Critical
Publication of GB2481563B publication Critical patent/GB2481563B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1491Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/08Addressing or allocation; Relocation in hierarchically structured memory systems, e.g. virtual memory systems
    • G06F12/10Address translation
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect

Abstract

A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.
GB1118724.2A 2009-12-22 2009-12-22 Method and apparatus to provide secure application execution Active GB2481563B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2009/069212 WO2011078855A1 (en) 2009-12-22 2009-12-22 Method and apparatus to provide secure application execution

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1709341.0A GB2550698B (en) 2009-12-22 2009-12-22 Method and Apparatus to provide secure application execution

Publications (3)

Publication Number Publication Date
GB201118724D0 GB201118724D0 (en) 2011-12-14
GB2481563A true GB2481563A (en) 2011-12-28
GB2481563B GB2481563B (en) 2017-07-19

Family

ID=44196072

Family Applications (2)

Application Number Title Priority Date Filing Date
GB1709341.0A Active GB2550698B (en) 2009-12-22 2009-12-22 Method and Apparatus to provide secure application execution
GB1118724.2A Active GB2481563B (en) 2009-12-22 2009-12-22 Method and apparatus to provide secure application execution

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB1709341.0A Active GB2550698B (en) 2009-12-22 2009-12-22 Method and Apparatus to provide secure application execution

Country Status (7)

Country Link
JP (1) JP5443599B2 (en)
KR (1) KR101457355B1 (en)
CN (1) CN102473224B (en)
BR (1) BRPI0924512A2 (en)
DE (1) DE112009005466T5 (en)
GB (2) GB2550698B (en)
WO (1) WO2011078855A1 (en)

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9087200B2 (en) 2009-12-22 2015-07-21 Intel Corporation Method and apparatus to provide secure application execution
US8739177B2 (en) 2010-06-21 2014-05-27 Intel Corporation Method for network interface sharing among multiple virtual machines
US9053042B2 (en) 2012-06-27 2015-06-09 Intel Corporation Method, system, and device for modifying a secure enclave configuration without changing the enclave measurement
US9519803B2 (en) * 2012-11-30 2016-12-13 Intel Corporation Secure environment for graphics processing units
US9323686B2 (en) * 2012-12-28 2016-04-26 Intel Corporation Paging in secure enclaves
US9747102B2 (en) 2012-12-28 2017-08-29 Intel Corporation Memory management in secure enclaves
US20140189246A1 (en) * 2012-12-31 2014-07-03 Bin Xing Measuring applications loaded in secure enclaves at runtime
EP2815349A4 (en) * 2013-03-06 2015-10-21 Intel Corp Roots-of-trust for measurement of virtual machines
US9058494B2 (en) * 2013-03-15 2015-06-16 Intel Corporation Method, apparatus, system, and computer readable medium to provide secure operation
US9430384B2 (en) * 2013-03-31 2016-08-30 Intel Corporation Instructions and logic to provide advanced paging capabilities for secure enclave page caches
US9087202B2 (en) 2013-05-10 2015-07-21 Intel Corporation Entry/exit architecture for protected device modules
US20160085955A1 (en) * 2013-06-10 2016-03-24 Doosra, Inc. Secure Storing and Offline Transferring of Digitally Transferable Assets
US9338918B2 (en) 2013-07-10 2016-05-10 Samsung Electronics Co., Ltd. Socket interposer and computer system using the socket interposer
US9698989B2 (en) * 2013-07-23 2017-07-04 Intel Corporation Feature licensing in a secure processing environment
US20150033034A1 (en) * 2013-07-23 2015-01-29 Gideon Gerzon Measuring a secure enclave
US9767044B2 (en) 2013-09-24 2017-09-19 Intel Corporation Secure memory repartitioning
US9501668B2 (en) 2013-09-25 2016-11-22 Intel Corporation Secure video ouput path
WO2015060858A1 (en) * 2013-10-24 2015-04-30 Intel Corporation Methods and apparatus for protecting software from unauthorized copying
US10121144B2 (en) * 2013-11-04 2018-11-06 Apple Inc. Using biometric authentication for NFC-based payments
EP3084614B1 (en) * 2013-12-17 2020-03-04 Intel Corporation Secure enclaves for use by kernel mode applications
CN105745661B (en) * 2013-12-19 2020-05-05 英特尔公司 Policy-based trusted detection of rights managed content
EP3084668A4 (en) 2013-12-19 2017-08-23 Intel Corporation Technologies for supporting multiple digital rights management protocols on a client device
US9448950B2 (en) 2013-12-24 2016-09-20 Intel Corporation Using authenticated manifests to enable external certification of multi-processor platforms
US9413765B2 (en) 2014-03-25 2016-08-09 Intel Corporation Multinode hubs for trusted computing
US9864861B2 (en) * 2014-03-27 2018-01-09 Intel Corporation Object oriented marshaling scheme for calls to a secure region
US9705892B2 (en) 2014-06-27 2017-07-11 Intel Corporation Trusted time service for offline mode
US9703733B2 (en) * 2014-06-27 2017-07-11 Intel Corporation Instructions and logic to interrupt and resume paging in a secure enclave page cache
CN105573831B (en) * 2014-10-13 2019-11-26 龙芯中科技术有限公司 Data transfering method and device
US10181027B2 (en) * 2014-10-17 2019-01-15 Intel Corporation Interface between a device and a secure processing environment
US9940456B2 (en) 2014-12-16 2018-04-10 Intel Corporation Using trusted execution environments for security of code and data
US9606940B2 (en) 2015-03-27 2017-03-28 Intel Corporation Methods and apparatus to utilize a trusted loader in a trusted computing environment
US9875189B2 (en) 2015-06-12 2018-01-23 Intel Corporation Supporting secure memory intent
US10061941B2 (en) 2015-08-19 2018-08-28 Altera Corporation Systems and methods for multiport to multiport cryptography
US10031861B2 (en) 2015-09-25 2018-07-24 Intel Corporation Protect non-memory encryption engine (non-mee) metadata in trusted execution environment
US9798641B2 (en) * 2015-12-22 2017-10-24 Intel Corporation Method to increase cloud availability and silicon isolation using secure enclaves
GB2555961B (en) * 2016-11-14 2019-08-28 Google Llc System of enclaves
GB2564097B (en) * 2017-06-28 2019-10-23 Advanced Risc Mach Ltd Memory region locking
GB2563882B (en) * 2017-06-28 2019-10-23 Advanced Risc Mach Ltd Interrupting sequences of command actions performed upon memory regions
KR102080497B1 (en) * 2017-10-31 2020-02-24 삼성에스디에스 주식회사 Method for Exchanging Data between Channels of System based on Multi-Channel Blockchain and System thereof
US20190140846A1 (en) * 2017-11-03 2019-05-09 Microsoft Technology Licensing, Llc Provisioning trusted execution environment(s) based on chain of trust including platform
US10552344B2 (en) 2017-12-26 2020-02-04 Intel Corporation Unblock instruction to reverse page block during paging
US20190251257A1 (en) * 2018-02-15 2019-08-15 Intel Corporation Mechanism to prevent software side channels
US20190042324A1 (en) * 2018-03-30 2019-02-07 Intel Corporation Techniques for dynamic resource allocation among cryptographic domains
CN110032883B (en) * 2019-01-31 2020-05-29 阿里巴巴集团控股有限公司 Method, system and node for realizing privacy protection in block chain
CN110008736A (en) * 2019-01-31 2019-07-12 阿里巴巴集团控股有限公司 The method and node, storage medium of secret protection are realized in block chain
CN110032885B (en) * 2019-02-19 2020-03-06 阿里巴巴集团控股有限公司 Method, node and storage medium for implementing privacy protection in block chain
EP3646216A4 (en) 2019-04-19 2020-07-08 Alibaba Group Holding Ltd Methods and devices for executing trusted applications on processor with support for protected execution environments

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060075312A1 (en) * 2004-09-30 2006-04-06 Fischer Stephen A System and method for limiting exposure of hardware failure information for a secured execution environment
US20070277223A1 (en) * 2006-05-26 2007-11-29 Datta Shamanna M Execution of a secured environment initialization instruction on a point-to-point interconnect system
KR20070118589A (en) * 2005-02-11 2007-12-17 유니버셜 데이터 프로텍션 코퍼레이션 Method and system for microprocessor data security
KR20080074848A (en) * 2005-12-08 2008-08-13 에이저 시스템즈 인크 Methods and apparatus for the secure handling of data in a microcontroller

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4098478B2 (en) * 2001-01-31 2008-06-11 株式会社東芝 Microprocessor
JP2002353960A (en) * 2001-05-30 2002-12-06 Fujitsu Ltd Code performing device and code distributing method
JP4263976B2 (en) * 2003-09-24 2009-05-13 株式会社東芝 On-chip multi-core tamper resistant processor
CN101116081A (en) * 2005-02-11 2008-01-30 通用数据保护公司 Method and system for microprocessor data security
JP4795812B2 (en) * 2006-02-22 2011-10-19 富士通セミコンダクター株式会社 Secure processor
JP2008033457A (en) * 2006-07-26 2008-02-14 Internatl Business Mach Corp <Ibm> Method and central processing unit for processing encrypted software
JP4912921B2 (en) * 2007-02-27 2012-04-11 富士通セミコンダクター株式会社 Secure processor system, secure processor, and secure processor system control method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060075312A1 (en) * 2004-09-30 2006-04-06 Fischer Stephen A System and method for limiting exposure of hardware failure information for a secured execution environment
KR20070118589A (en) * 2005-02-11 2007-12-17 유니버셜 데이터 프로텍션 코퍼레이션 Method and system for microprocessor data security
KR20080074848A (en) * 2005-12-08 2008-08-13 에이저 시스템즈 인크 Methods and apparatus for the secure handling of data in a microcontroller
US20070277223A1 (en) * 2006-05-26 2007-11-29 Datta Shamanna M Execution of a secured environment initialization instruction on a point-to-point interconnect system

Also Published As

Publication number Publication date
CN102473224A (en) 2012-05-23
GB2481563B (en) 2017-07-19
JP5443599B2 (en) 2014-03-19
JP2012530961A (en) 2012-12-06
DE112009005466T5 (en) 2012-10-31
KR20120099472A (en) 2012-09-10
WO2011078855A1 (en) 2011-06-30
WO2011078855A9 (en) 2011-09-09
BRPI0924512A2 (en) 2016-03-01
CN102473224B (en) 2016-10-12
GB2550698A (en) 2017-11-29
GB201118724D0 (en) 2011-12-14
GB201709341D0 (en) 2017-07-26
KR101457355B1 (en) 2014-11-04
GB2550698B (en) 2018-04-11

Similar Documents

Publication Publication Date Title
IL248314A (en) System, method and computer program for creating and manipulating data structures using an interactive graphical interface
EP2897126A4 (en) Multimedia device voice control system and method, and computer storage medium
HK1190212A1 (en) Device, method, and computer readable medium for manipulating soft keyboards
EP2919093A4 (en) Method, system, and computer for identifying object in augmented reality
GB201213949D0 (en) Generating and processing forms for receiving speech data
HK1164575A1 (en) Method, system and server for deleting an object in distributed cache
BR112014006092A2 (en) receiving device, receiving method, program, and information processing system
EP2612271A4 (en) Method and systems for processing polymeric sequence data and related information
EP2641145A4 (en) Systems and methods for using entered text to access and process contextual information
EP2804372A4 (en) Information processing device and information processing method, as well as computer program
BR112013023014A2 (en) method for evaluating an underground formation, and executable software structure in a computer processing system for evaluating an underground formation
BR112012029716A2 (en) computer program system, method and product
EP2625594A4 (en) Computer program, system, method and device for displaying and searching units in a multi-level structure
EP2541377A4 (en) Computer device, storage medium, and control method
EP2711806A4 (en) Input device, information processing system, information processing device and information processing method
IL209799A (en) Method, device and system for cryptographic key generation
EP2560102A4 (en) Information retrieval method, information retrieval server, and information retrieval system
EP2389636A4 (en) Method and system for versioned file system using structured data representations
EP2613443A4 (en) Data processing device and data processing method
DK2056469T3 (en) Data processing device and method
SG10201404529TA (en) System and method of providing computer resources
EP2427831A4 (en) System and method for behavioural and contextual data analytics
EP2495969A4 (en) Data processing device, tuner and data processing method
ZA201003523B (en) Data processing device and data processing method
BRPI0906863A8 (en) systems and methods for data protection using multifactor keyed dispersion