跳转至主要内容
英特尔标志 - 返回主页
我的工具

选择您的语言

  • Bahasa Indonesia
  • Deutsch
  • English
  • Español
  • Français
  • Português
  • Tiếng Việt
  • ไทย
  • 한국어
  • 日本語
  • 简体中文
  • 繁體中文
登录 以访问受限制的内容

使用 Intel.com 搜索

您可以使用几种方式轻松搜索整个 Intel.com 网站。

  • 品牌名称: 酷睿 i9
  • 文件号: 123456
  • Code Name: Emerald Rapids
  • 特殊操作符: “Ice Lake”、Ice AND Lake、Ice OR Lake、Ice*

快速链接

您也可以尝试使用以下快速链接查看最受欢迎搜索的结果。

  • 产品信息
  • 支持
  • 驱动程序和软件

最近搜索

登录 以访问受限制的内容

高级搜索

仅搜索

Sign in to access restricted content.

不建议将您正在使用的浏览器版本用于此网站。
请考虑点击以下链接之一升级到该浏览器的最新版本。

  • Safari
  • Chrome
  • Edge
  • Firefox

Details

The Intel® Dynamic Application Loader (Intel® DAL) is a unique feature of Intel platforms that allows you to run small portions of Java* code on Intel® Converged Security and Management Engine (Intel® CSME) firmware. It is available on most Intel® Core™ and Intel Atom® processors.

  • Overview
  • Technical Details
  • SDK
  • Get Started

Intel DAL includes the following benefits:

  • Application code runs in a trusted execution environment (TEE).
  • Uses dedicated processor, firmware, and hardware.
  • Code is completely isolated from the operating system.
  • Messages to and from the TEE can be signed and encrypted.
  • Malware that is running on the system cannot interfere with or spy on the process.
  • Applets cannot be installed on the firmware unless they have been reviewed and signed by Intel.
  • Applets are also fully isolated and cannot access each other’s data.

On individual devices, a portion of the Intel CSME firmware is made available for third-party use. Install a small Java applet of your own design (called a trusted application) on the firmware. You can also create a host application that runs on the device’s Windows*, Android*, or Linux* operating system.

Execution

The host application executes its nonsensitive code in normal system memory. However, if a small function needs to be run in a secure environment outside of the operating system, the host application does not run this function by itself. Instead, it uses the Java host interface API to send a command to the applet. The applet executes the function in the Intel DAL secure environment and returns a response to the host application.

Typical Applet Functions

  • Verify with Intel® Enhanced Privacy ID (Intel® EPID) that the host application is communicating with the applet and not with another entity.
  • Encrypt or decrypt data through the applet.
  • Sign or verify data through the applet.
  • Send an encrypted image to the graphics hardware that users can see, but is invisible to the operating system and applications running on it.
  • Use the applet to establish a secure connection with a remote server.
  • Securely store data so that it is released only to parties presenting proper credentials.

Applet Security

The isolated environment protects running code from spying and interference from malware that may be running on the operating system.

Explore the Basics of Intel DAL Architecture

 

显示更多 显示较少

Key Features

Most snippets of simple Java code can be run in the Intel DAL environment (with certain limitations, such as a maximum package size and certain unavailable data types). Try these useful features in your applets.

Cryptography

The Intel DAL environment contains ready-to-use implementations of common encryption algorithms that include AES, RSA, ECDSA, SHA, HMAC, random number generator, and more.

 

Secure Screen Output

Using the encryption capability of integrated graphics from Intel, this prevents the scraping of sensitive content from the display. The sensitive content is displayed in a window that can be seen only by the user sitting physically in front of the screen. To the operating system or any malware that may be running on it, that portion of the screen is blank. This makes it an ideal place to enter or display passwords.

 

Intel® Active Management Technology

The API provides an interface for the Intel DAL trusted applications to access the services provided by Intel® Active Management Technology (Intel® AMT). These services enable IT managers to remotely discover, repair, and help protect networked computing assets.

 

Events

Send and receive events (for example, timeouts) from other trusted applications or native services.

 

Inter-Applet Communication (IAC)

This feature allows a service-trusted application to provide certain platform services (such as secure screen output) to other client-trusted applications via internal sessions.

 

Original Equipment Manufacturer (OEM) Signing

For certain types of IoT platforms, Intel allows OEMs to sign Intel DAL trusted applications instead of submitting them to Intel. The applications can then be run on the platforms manufactured by the OEMs.

Transport Layer Security (TLS)

Intel DAL supports using TLS to establish a secure session between the Intel DAL environment and a remote server.

 

Intel® Enhanced Privacy ID (Intel® EPID)

Intel recommends this algorithm for attestation of a trusted system while preserving privacy. It is used as part of the SIGMA protocol, and is used by Intel DAL applets for attestation.

 

Secure Storage

Intel DAL supports a small amount of storage for use by trusted applications. This storage can be used for sensitive information that, if lost, would compromise a trusted application.

 

Secure Time

Get and set a secure time using the platform's protected run-time clock (PRTC). Secure time means a time that cannot be tampered with (for example, by hackers). Secure time is used for date and time checks required for transport layer security (TLS) and Kerberos usage (a network authentication protocol). It is also used for timestamps for events and logging, and maintaining alarms for the Intel AMT alarm clock feature.

 

Sessions

Intel DAL supports both shared and non-shared sessions between host applications and applets. In a shared session, multiple host applications connect to a single instance of the applet. In non-shared sessions, each host application connects to a separate instance of the applet.

 

Timers

Set asynchronous callbacks that cause functions in an applet to be invoked at specified times.

What Your Applications Can Do

Take advantage of the secure running environment that Intel DAL offers.

Secure Digital Rights Management (DRM)

A user downloads a video file from your company and pays a rental fee that allows the user to play it for the next three days. If you store the number of days remaining on the user’s computer, malware or the users themselves can try to corrupt it. If you store it on a server, users cannot watch the video if they are offline. By storing these small pieces of user data in the Intel DAL storage layer, and consulting it each time the video plays, you can limit who can play the video, when, and how it's played.

Secure Login (Intel® Authenticate Solution)

Although the world is moving away from cumbersome passwords, verifying a user's identity before login is still essential.

Your trusted application creates the image of a keypad or other password entry interface, encrypting it so the operating system cannot read it. The operating system sends this encrypted image to the graphics hardware that decrypts it using a key that it received directly from Intel DAL.

Only the user can see the resulting protected transaction display (PTD) window. From the point of view of the operating system or any malware that may be running on it, that portion of the screen is blank.

Secure Transactions Using Intel® Identity Protection Technology

Your online storefront may be secure, but your customers might be infected with spyware. To protect your users’ sensitive information during transit, you communicate with them via a trusted application (an applet) that runs in the Intel DAL environment. This applet can securely establish a connection with your website. Since the handshake takes place in the isolated Intel DAL environment, your customers’ credit card data is transmitted securely.

显示更多 显示较少

Intel® Secure Device Onboard (Intel® SDO)

A manufacturer has millions of IoT devices to provision, and the provisioning cannot be performed during manufacturing. Manual provisioning is an unrealistic option. Intel® SDO uses the Intel EPID inserted in the silicon during manufacturing to enable zero-touch provisioning without a technician's assistance. Intel SDO uses Intel DAL to ensure that the communication between the device and the provisioning service is secure.

Intel® Software Guard Extensions (Intel® SGX)

This Intel architecture extension increases the security of application code and data. Application developers use Intel® SGX to protect select code and data from disclosure or modification. The software makes protections possible through enclaves, which are protected areas of execution in memory, and uses Intel DAL for anti-replay and protected time.

In-Vehicle Infotainment (IVI) Systems

Intel DAL can be used to implement digital rights management (DRM) functionality according to the digital TV standard. In this scenario, the Intel DAL applet provides DRM key storage and secure cryptographic computation using the DRM key. 

显示更多 显示较少
  • 公司信息
  • 英特尔资本
  • 企业责任部
  • 投资者关系
  • 联系我们
  • 新闻发布室
  • 网站地图
  • 招贤纳士 (英文)
  • © 英特尔公司
  • 沪 ICP 备 18006294 号-1
  • 使用条款
  • *商标
  • Cookie
  • 隐私条款
  • 请勿分享我的个人信息 California Consumer Privacy Act (CCPA) Opt-Out Icon

英特尔技术可能需要支持的硬件、软件或服务激活。// 没有任何产品或组件能够做到绝对安全。// 您的成本和结果可能会有所不同。// 性能因用途、配置和其他因素而异。// 请参阅我们的完整法律声明和免责声明。// 英特尔致力于尊重人权,并避免成为侵犯人权行为的同谋。请参阅英特尔的《全球人权原则》。英特尔产品和软件仅可用于不会导致或有助于任何国际公认的侵犯人权行为的应用。

英特尔页脚标志