公开(公告)号：US20210110069A1

公开(公告)日：2021-04-15

申请号：US17129250

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Scott Weber ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/76 ,  G06F21/57 ,  G06F21/53 ,  G06F21/30

Abstract: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to receive an incoming partial reconfiguration (PR) bitstream corresponding to a new PR persona to configure a region of the apparatus; perform, as part of a PR configuration sequence for the new PR persona, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation, the second clear operation performed using a persona-dependent mask corresponding to the new PR persona.

公开(公告)号：US20210109889A1

公开(公告)日：2021-04-15

申请号：US17129254

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F15/78 ,  G06F15/177 ,  G06F21/85 ,  G06F9/30 ,  G06F9/50

Abstract: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.

公开(公告)号：US20180157603A1

公开(公告)日：2018-06-07

申请号：US15651886

申请日：2017-07-17

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl

IPC: G06F12/14 ,  G06F11/30 ,  G06F11/07

Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

公开(公告)号：US20160283402A1

公开(公告)日：2016-09-29

申请号：US14666087

申请日：2015-03-23

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl

IPC: G06F12/14 ,  G06F11/07 ,  G06F11/30

CPC classification number: G06F12/145 ,  G06F11/073 ,  G06F11/0757 ,  G06F11/3034 ,  G06F11/3037 ,  G06F12/1483 ,  G06F21/00 ,  G06F2212/1052

Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

Abstract translation: 在各种实现中，系统包括存储器，处理器和执行感知存储器保护单元（EA-MPU）。 EA-MPU被配置为基于至少基于请求访问的主体可执行文件的身份以及请求访问的地址以及用于识别要授予哪个主体可执行文件的许可信息来调节处理器的存储器访问 访问几个内存区域中的每一个。 在各种实现中，权限信息本身存储在几个存储区域中。 可以使用许可信息的各种配置来提供用于在两个或更多个独立的可信软件模块之间进行通信的共享存储器区域，以保护对通过存储器映射I / O（MMIO）可访问的设备的访问，以实现灵活的看门狗定时器 为软件更新提供安全性，提供信任度量服务的动态根，和/或支持操作系统。

公开(公告)号：US20150189509A1

公开(公告)日：2015-07-02

申请号：US14141477

申请日：2013-12-27

Applicant: Intel Corporation

Inventor： Farhana Asrar Sheikh ,  Patrick Koeberl ,  Jesse Walker ,  Hossein Alavi ,  Men Long ,  Ram Kumar Krishnamurthy ,  Alpa T. Narendra Trivedi

IPC: H04W12/08 ,  H04L29/06 ,  H04W24/04 ,  H04W88/06

CPC classification number: H04W12/08 ,  H04L63/10 ,  H04L67/025 ,  H04L67/04 ,  H04W24/04 ,  H04W88/06

Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of protecting domains of a multimode wireless radio transceiver. For example, an apparatus may include a protection domain controller (PDC) to restrict access of a configuration software to a protection domain of a plurality of protection domains of a multimode wireless radio transceiver based on a security level of the configuration software, wherein the protection domain includes one or more radio configuration parameters of the multimode wireless radio transceiver.

Abstract translation: 一些演示实施例包括保护多模无线电收发机的域的设备，系统和/或方法。 例如，设备可以包括保护域控制器（PDC），其基于配置软件的安全级别来限制配置软件到多模无线无线电收发器的多个保护域的保护域的访问，其中保护 域包括多模无线收发器的一个或多个无线电配置参数。

公开(公告)号：US09048834B2

公开(公告)日：2015-06-02

申请号：US13997268

申请日：2013-01-16

Applicant: Intel Corporation

Inventor： Jiangtao Li ,  Patrick Koeberl ,  Sanu K. Mathew ,  Wei Wu

IPC: H03K19/00 ,  H03K19/003 ,  G06F1/26 ,  H03K19/177

CPC classification number: H03K19/17768 ,  G06F21/72 ,  H04L9/3247 ,  H04L9/3278

Abstract: A physically unclonable function (PUF) includes a plurality of PUF elements to generate an N-bit PUF signature. For each bit in the N-bit PUF signature, a PUF group of K number of individual PUF elements indicating a single-bit PUF value is used to generate a group bit. The group bits are more repeatable than the individual PUF elements. The value K may be selected such that (K+1)/2 is an odd number.

Abstract translation: 物理上不可克隆的功能（PUF）包括多个PUF元件以产生N位PUF签名。 对于N位PUF签名中的每个比特，使用指示单位PUF值的K个个体PUF元素的PUF组来生成组比特。 组位比PUF单个元件更可重复。 可以选择值K使得（K + 1）/ 2是奇数。

公开(公告)号：US20250077299A1

公开(公告)日：2025-03-06

申请号：US18955650

申请日：2024-11-21

Applicant: Intel Corporation

Inventor： Alpa Choksi ,  Patrick Koeberl ,  Steffen Schulz ,  Reshma Lal

IPC: G06F9/50 ,  G06F9/4401

Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.

公开(公告)号：US12237832B2

公开(公告)日：2025-02-25

申请号：US17479963

申请日：2021-09-20

Applicant: Intel Corporation

Inventor： Miguel Bautista Gabriel ,  Sriram Vangal ,  Patrick Koeberl ,  Pratik Patel ,  Muhammad Khellah ,  James Tschanz ,  Carlos Tokunaga ,  Suyoung Bang

IPC: H03K19/177 ,  G01R31/28 ,  H03K19/0175 ,  H03K19/0185 ,  H03K19/17768 ,  H03K19/17784

Abstract: A detection circuit includes a tunable delay circuit that generates a delayed signal and that receives a supply voltage. The detection circuit includes a control circuit that adjusts a delay provided by the tunable delay circuit to the delayed signal. The detection circuit includes a time-to-digital converter circuit that converts the delay provided by the tunable delay circuit to the delayed signal to a digital code and adjusts the digital code based on changes in the supply voltage. The control circuit causes the tunable delay circuit to maintain the delay provided to the delayed signal constant in response to the digital code reaching an alignment value. The detection circuit may continuously monitor timing margin of a data signal relative to a clock signal and update the digital code in every clock cycle. The detection circuit may be a security sensor that detects changes in the supply voltage.

公开(公告)号：US20230409762A1

公开(公告)日：2023-12-21

申请号：US18461867

申请日：2023-09-06

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30

CPC classification number: G06F21/85 ,  G06F2119/12 ,  G06N3/04 ,  H04L9/0877 ,  G06F9/30101 ,  G06F9/505 ,  G06F15/177 ,  G06F15/7825 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0793 ,  G06F30/331 ,  G06F9/3877 ,  G06F15/7867 ,  G06F11/0754 ,  G06F11/3058 ,  G06F30/398

Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.

公开(公告)号：US11828776B2

公开(公告)日：2023-11-28

申请号：US16829582

申请日：2020-03-25

Applicant: Intel Corporation

Inventor： Pratik Patel ,  Sriram Vangal ,  Patrick Koeberl ,  Miguel Bautista Gabriel ,  James Tschanz ,  Carlos Tokunaga

IPC: G01R19/165 ,  G06F21/75 ,  H03K5/00 ,  H03K3/037 ,  H03K19/21 ,  H01L23/00 ,  G06F11/07

CPC classification number: G01R19/16533 ,  G06F11/0736 ,  G06F11/0757 ,  G06F11/0772 ,  G06F21/755 ,  H01L23/576 ,  H03K3/037 ,  H03K5/00 ,  H03K19/21 ,  H03K2005/00058 ,  H03K2005/00078

Abstract: A voltage detection circuit includes a tunable delay circuit that receives a supply voltage and that generates a delayed signal in response to an input signal. A control circuit causes a first adjustment in a delay provided by the tunable delay circuit to the delayed signal. An error detection circuit generates an error indication in an error signal in response to a change in a timing of the delayed signal relative to a clock signal caused by the first adjustment in the delay provided to the delayed signal. The control circuit causes a second adjustment in the delay provided by the tunable delay circuit to the delayed signal in response to the error indication. The error detection circuit causes the error signal to be indicative of the supply voltage reaching a threshold voltage after the second adjustment in the delay.