-
公开(公告)号:US11316661B2
公开(公告)日:2022-04-26
申请号:US16733685
申请日:2020-01-03
Applicant: Intel Corporation
Inventor: Eugene M. Kishinevsky , Uday R. Savagaonkar , Alpa T. Narendra Trivedi , Siddhartha Chhabra , Baiju V. Patel , Men Long , Kirk S. Yap , David M. Durham
Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.
-
公开(公告)号:US20220100871A1
公开(公告)日:2022-03-31
申请号:US17033748
申请日:2020-09-26
Applicant: Intel Corporation
Inventor: Barry E. Huntley , Hormuzd M. Khosravi , Thomas Toll , Ramya Jayaram Masti , Siddhartha Chhabra , Vincent Von Bokern
Abstract: Embodiments of apparatuses, methods, and systems for scalable multi-key memory encryption are disclosed. In an embodiment, an apparatus includes a core, an encryption unit, and key identification hardware. The core is to write data to and read data from memory regions, each to be identified by a corresponding address. The encryption unit to encrypt data to be written and decrypt data to be read. The key identification hardware is to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure. The corresponding key identifier is one multiple key identifiers. The corresponding key identifier is to identify which one of multiple encryption keys is to be used to encrypt and decrypt the data.
-
公开(公告)号:US11275603B2
公开(公告)日:2022-03-15
申请号:US16748176
申请日:2020-01-21
Applicant: Intel Corporation
Inventor: David M. Durham , Siddhartha Chhabra , Michael E. Kounavis
IPC: G06F21/71 , G06F21/62 , G06F9/455 , G06F21/79 , H04L29/06 , H04L69/04 , G06F12/0891 , G06F12/14 , G06F21/53 , G06F21/78
Abstract: Systems and methods for memory isolation are provided. The methods include receiving a request to write a data line to a physical memory address, where the physical memory address includes a key identifier, selecting an encryption key from a key table based on the key identifier of the physical memory address, determining whether the data line is compressible, compressing the data line to generate a compressed line in response to determining that the data line is compressible, where the compressed line includes compression metadata and compressed data, adding encryption metadata to the compressed line, where the encryption metadata is indicative of the encryption key, encrypting a part of the compressed line with the encryption key to generate an encrypted line in response to adding the encryption metadata, and writing the encrypted line to a memory device at the physical memory address. Other embodiments are described and claimed.
-
公开(公告)号:US11258861B2
公开(公告)日:2022-02-22
申请号:US16023233
申请日:2018-06-29
Applicant: Intel Corporation
Inventor: Prashant Dewan , Siddhartha Chhabra , Uttam K. Sengupta , Howard C. Herbert
IPC: H04L29/06 , G06F21/54 , G06F21/30 , H04L67/142
Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.
-
公开(公告)号:US20220035923A1
公开(公告)日:2022-02-03
申请号:US17451922
申请日:2021-10-22
Applicant: Intel Corporation
Inventor: Pradeep M. Pappachan , Reshma Lal , Bin Xing , Siddhartha Chhabra , Vincent R. Scarlata , Steven B. McGowan
Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information. The computing device may collect application attestation information for a trusted application that uses the trusted I/O usage and verify the application attestation information. Other embodiments are described and claimed.
-
Patent Agency Ranking
公开(公告)号:US20210344653A1
公开(公告)日:2021-11-04
申请号:US17369824
申请日:2021-07-07
Applicant: Intel Corporation
Inventor: David J. Harriman , Raghunandan Makaram , Ioannis T. Schoinas , Kapil Sood , Yu-Yuan Chen , Vedvyas Shanbhogue , Siddhartha Chhabra , Reshma Lal , Reouven Elbaz
Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.
-
137.发明申请公开(公告)号:US20210319143A1
公开(公告)日:2021-10-14
申请号:US17358677
申请日:2021-06-25
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , David M. Durham
Abstract: In one embodiment, a system includes a processor and a memory module coupled to the processor over a memory bus. The processor and memory module perform a key exchange at boot to obtain an encryption key. The processor generates first ciphertext by encrypting plaintext data using a first encryption protocol, and generates second ciphertext by encrypting the first ciphertext using a second encryption protocol based on the encryption key obtained at boot. The second ciphertext is transmitted to the memory module via the memory bus. The memory module decrypts the second ciphertext based on the encryption key obtained at boot to yield third ciphertext, and stores the third ciphertext.
-
公开(公告)号:US20210318966A1
公开(公告)日:2021-10-14
申请号:US17358315
申请日:2021-06-25
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan
Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.
-
公开(公告)号:US20210255962A1
公开(公告)日:2021-08-19
申请号:US17156175
申请日:2021-01-22
Applicant: Intel Corporation
Inventor: Krystof C. Zmudzinski , Siddhartha Chhabra , Uday R. Savagaonkar , Simon P. Johnson , Rebekah M. Leslie-Hurd , Francis X. McKeen , Gilbert Neiger , Raghunandan Makaram , Carlos V. Rozas , Amy L. Santoni , Vincent R. Scarlata , Vedvyas Shanbhogue , Ilya Alexandrovich , Ittai Anati , Wesley H. Smith , Michael Goldsmith
IPC: G06F12/1009 , G06F12/1027 , G06F12/1036 , G06F12/109 , G06F12/14 , G06F9/455
Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
-
公开(公告)号:US20210103682A1
公开(公告)日:2021-04-08
申请号:US17020486
申请日:2020-09-14
Applicant: Intel Corporation
Inventor: Shay Gueron , Siddhartha Chhabra , Nadav Bonen
Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.
-
-
-
-
-
-
-
-
-
Search Results
307
records
(took 0.028 seconds)
