Intel's Enclave-Confidentiality Patent: What 'Protecting Memory From the OS' Actually Claims

The unsettling idea at the center of confidential computing is that you do not trust your own operating system. In a normal threat model the OS is the referee; in the enclave model it is a potential adversary, because a compromised or malicious hypervisor in a cloud can otherwise read any tenant's memory. Hardware enclaves invert the usual hierarchy: privileged software runs the machine but cannot see inside the protected region.

US10691813B2, “Techniques for enclave confidentiality management,” granted to Intel Corporation on June 23, 2020, is one of the patents describing how that inversion is enforced. It sits under G06F 21/602, the CPC class for protecting data by cryptographic means, alongside memory-management classes — the combination is the tell that this is about encrypting memory at the hardware level.

The substance, read from the claims, is the binding between enclave memory and keys the software stack never holds. Data written into the enclave's pages is encrypted under keys managed by the hardware; when privileged software reads those physical pages it sees ciphertext. Confidentiality is therefore not a permission the OS could choose to grant itself — it is a cryptographic property enforced below the OS.

This matters because the alternative — access control by software policy — fails exactly when you need it most, namely when the privileged software is the thing that has been compromised. By moving the protection into a hardware-managed key, the patent's method removes the OS from the trusted computing base for confidentiality. That is the whole pitch of confidential computing, stated at the claim level.

Note the discipline this desk insists on: this is a granted patent (B2), not an application, and a method, not a marketing claim about a specific product generation. Intel's broader SGX and TDX programs are the obvious commercial context, but the patent stands on its own as a description of the mechanism, dated and examined.

For readers tracking the cloud-security shift, this is foundational IP. Every “run your workload in a confidential VM” offering rests on hardware that can keep memory encrypted from the host. Patents like this one are where that capability is staked and described in enforceable terms rather than slide-deck terms.