| 发明名称 |
TECHNOLOGIES FOR HARDENING DATA ENCRYPTION WITH SECURE ENCLAVES |
| 摘要 |
Technologies for hardening encryption operations are disclosed. In some embodiments, the technologies harden encryption operations typically performed by kernel mode programs with a secure enclave that may run in user mode and/or in a pre-boot context. In some embodiments, the technologies leverage a shared buffer and a proxy to enable the use of a secure enclave hosted in user mode to perform encryption operations. In additional embodiments, the technologies utilize one or more pre-boot applications to enable the use of a secure enclave in a pre-boot phase, e.g., so as to enable the use of a secure enclave to decrypt data that may be needed to boot a computing device. |
| 申请公布号 |
US2016283747(A1) |
申请公布日期 |
2016.09.29 |
| 申请号 |
US201514667916 |
申请日期 |
2015.03.25 |
| 申请人 |
Intel Corporation |
发明人 |
XING BIN CEDRIC;LAL RESHMA;SUBBAREDDY DHEERAJ |
| 分类号 |
G06F21/71;G06F21/60;G06F21/74 |
主分类号 |
G06F21/71 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computing device configured to harden data encryption with a secure enclave executed in user mode; comprising:
a processor; a memory; and a user mode interface module at least partially implemented in a kernel mode of said processor, wherein said user mode interface module is to:
queue unprocessed data in a shared buffer that is accessible to said user mode interface module and an enclave host module executable at least in part in a user mode of said processor, said enclave host module hosting a secure enclave; andprovide a buffered data indicator to said enclave host module, said buffered data indicator being configured to indicate the presence of unprocessed data in said shared buffer to said enclave host module, and to cause said secure enclave to perform encryption operations on said unprocessed data in said shared buffer to produce processed data. |
| 地址 |
Santa Clara CA US |
