公开(公告)号：US20210109889A1

公开(公告)日：2021-04-15

申请号：US17129254

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F15/78 ,  G06F15/177 ,  G06F21/85 ,  G06F9/30 ,  G06F9/50

Abstract: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.

公开(公告)号：US10313130B2

公开(公告)日：2019-06-04

申请号：US15277462

申请日：2016-09-27

Applicant: Intel Corporation

Inventor： Rafael Misoczki ,  Steffen Schulz ,  Manoj R. Sastry ,  Santosh Ghosh ,  Li Zhao

IPC: H04L29/06 ,  H04L9/32

Abstract: One embodiment provides a signer device. The signer device includes hash signature control logic and signer signature logic. The hash signature control logic is to retrieve a first nonce, to concatenate the first nonce and a message to be transmitted and to determine whether a first message representative satisfies a target threshold. The signer signature logic is to generate a first transmitted signature based, at least in part, on the first message representative, if the first message representative satisfies the target threshold. The hash signature control logic is to retrieve a second nonce, concatenate the second nonce and the message to be transmitted and to determine whether a second message representative satisfies the target threshold, if the first message representative does not satisfy the target threshold.

公开(公告)号：US10033534B2

公开(公告)日：2018-07-24

申请号：US14955255

申请日：2015-12-01

Applicant: INTEL CORPORATION

Inventor： Steffen Schulz ,  Rafael Misoczki ,  Manoj R. Sastry ,  Jesse Walker

IPC: H04L9/32 ,  G06F8/65 ,  H04L29/06 ,  H04L9/14 ,  H04L9/30 ,  G06F21/00

Abstract: In a method for validating software updates, a data processing system contains a current version of a software component. The data processing system saves at least first and second current advance keys (AKs). After saving the current AKs, the data processing system receives an update package for a new version of the software component. The data processing system extracts a digital signature and two or more new AKs from the update package. The data processing system uses at least one current AK to determine whether the digital signature is valid. In response to a determination that the digital signature is valid, the data processing system uses a software image from the update package to update the software component, and the data processing system saves the new AKs, for subsequent utilization as the current AKs. Other embodiments are described and claimed.

公开(公告)号：US20180157603A1

公开(公告)日：2018-06-07

申请号：US15651886

申请日：2017-07-17

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl

IPC: G06F12/14 ,  G06F11/30 ,  G06F11/07

Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

公开(公告)号：US20160283402A1

公开(公告)日：2016-09-29

申请号：US14666087

申请日：2015-03-23

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl

IPC: G06F12/14 ,  G06F11/07 ,  G06F11/30

CPC classification number: G06F12/145 ,  G06F11/073 ,  G06F11/0757 ,  G06F11/3034 ,  G06F11/3037 ,  G06F12/1483 ,  G06F21/00 ,  G06F2212/1052

Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

Abstract translation: 在各种实现中，系统包括存储器，处理器和执行感知存储器保护单元（EA-MPU）。 EA-MPU被配置为基于至少基于请求访问的主体可执行文件的身份以及请求访问的地址以及用于识别要授予哪个主体可执行文件的许可信息来调节处理器的存储器访问 访问几个内存区域中的每一个。 在各种实现中，权限信息本身存储在几个存储区域中。 可以使用许可信息的各种配置来提供用于在两个或更多个独立的可信软件模块之间进行通信的共享存储器区域，以保护对通过存储器映射I / O（MMIO）可访问的设备的访问，以实现灵活的看门狗定时器 为软件更新提供安全性，提供信任度量服务的动态根，和/或支持操作系统。

公开(公告)号：US09348997B2

公开(公告)日：2016-05-24

申请号：US14543097

申请日：2014-11-17

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Matthias Schunter

IPC: G06F21/51 ,  G06F21/53

CPC classification number: H04L9/0827 ,  G06F21/51 ,  G06F21/53 ,  G06F2221/033

Abstract: The present disclosure is directed to sealing data using chain of trust key derivation. In at least one embodiment, a chain of trust may be used to derive sealing keys for sealing data on a device. The device may comprise, for example, at least a memory and processor. The processor may be to at least load code modules from the memory. Following the loading of a code module, the processor may further be to measure the code module, determine a sealing key corresponding to the code module, wherein the sealing key is determined based at least on a prior sealing key corresponding to a previously loaded code module and the measurement of the code module, and seal data corresponding to the loaded code module using the sealing key. Since the sealing keys are state dependent, a method for authorized migration of sealed data during software upgrades is also disclosed.

Abstract translation: 本披露旨在使用信任密钥导出链密封数据。 在至少一个实施例中，可以使用信任链来导出用于密封设备上的数据的密封密钥。 该设备可以包括例如至少一个存储器和处理器。 处理器可能至少要从存储器加载代码模块。 在加载代码模块之后，处理器还可以测量代码模块，确定对应于代码模块的密封密钥，其中密封密钥至少基于与先前加载的代码模块对应的先前密封密钥来确定 以及代码模块的测量，以及使用密封密封对应于加载的代码模块的数据。 由于密封密钥是取决于状态的，所以还公开了在软件升级过程中授权的密封数据迁移的方法。

公开(公告)号：US20240314213A1

公开(公告)日：2024-09-19

申请号：US18410707

申请日：2024-01-11

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl ,  Alpa Narendra Trivedi ,  Scott Weber

IPC: H04L67/51 ,  H04L9/40 ,  H04L67/00

CPC classification number: H04L67/51 ,  H04L63/08 ,  H04L67/00

Abstract: A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

公开(公告)号：US11895201B2

公开(公告)日：2024-02-06

申请号：US16832593

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl ,  Alpa Narendra Trivedi ,  Scott Weber

IPC: H04L67/51 ,  H04L9/40 ,  H04L67/00

CPC classification number: H04L67/51 ,  H04L63/08 ,  H04L67/00

Abstract: A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

公开(公告)号：US20230367916A1

公开(公告)日：2023-11-16

申请号：US18359621

申请日：2023-07-26

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/85 ,  H04L9/08 ,  G06F9/38 ,  G06F15/78 ,  G06F11/30 ,  H04L9/40 ,  G06F9/30 ,  G06F11/07 ,  G06F30/398 ,  G06F30/331 ,  G06F9/50 ,  G06N3/04 ,  G06F15/177 ,  G06F21/71 ,  G06F21/73 ,  G06F21/53 ,  G06F21/57 ,  G06N20/00 ,  G06F21/76 ,  G06F21/44 ,  G06F21/74 ,  G06F119/12 ,  G06F21/30 ,  G06F30/31 ,  H04L9/00 ,  G06F111/04 ,  G06N3/08

CPC classification number: G06F21/85 ,  H04L9/0877 ,  G06F9/3877 ,  G06F15/7825 ,  G06F11/3058 ,  H04L63/0442 ,  G06F9/30101 ,  G06F11/0709 ,  G06F30/398 ,  G06F15/7867 ,  G06F30/331 ,  G06F9/505 ,  H04L63/20 ,  G06N3/04 ,  G06F11/0751 ,  G06F11/0754 ,  G06F15/177 ,  H04L63/12 ,  G06F11/0793 ,  G06F21/71 ,  G06F21/73 ,  G06F21/53 ,  G06F11/3051 ,  G06F21/575 ,  G06N20/00 ,  G06F2221/034 ,  G06F21/76 ,  G06F21/44 ,  G06F21/74 ,  H04L9/0841 ,  G06F2119/12 ,  G06F11/0772 ,  G06F21/30 ,  G06F30/31 ,  H04L9/008 ,  G06F21/57 ,  G06F2111/04 ,  G06N3/08

Abstract: An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to manage security and configuration of the apparatus, wherein the security controller comprises a programmable portion and a non-programmable portion, and wherein the security controller is further to: initialize the programmable portion of the security controller as part of a secure boot and attestation chain of trust; receive configuration data for the programmable portion of the security controller, the programmable portion comprising components of the security controller capable of re-programming; verify and validate the configuration data as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program, during runtime of the apparatus, the programmable portion of the security controller using configurations that are based on a security threat model for a given deployment.

公开(公告)号：US11783096B2

公开(公告)日：2023-10-10

申请号：US17708412

申请日：2022-03-30

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F21/00 ,  G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30 ,  G06F119/12 ,  G06F21/76 ,  G06N3/08 ,  H04L9/00 ,  G06F111/04 ,  G06F30/31 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57 ,  G06F21/73 ,  G06F21/74 ,  G06N20/00 ,  G06F21/71 ,  G06F21/44

CPC classification number: G06F21/85 ,  G06F9/30101 ,  G06F9/3877 ,  G06F9/505 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0754 ,  G06F11/0793 ,  G06F11/3058 ,  G06F15/177 ,  G06F15/7825 ,  G06F15/7867 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0772 ,  G06F11/3051 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F2111/04 ,  G06F2119/12 ,  G06F2221/034 ,  G06N3/08 ,  G06N20/00 ,  H04L9/008 ,  H04L9/0841

Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes an execution platform for secure execution of a workload of the tenant to: perform an attestation of the execution platform with a cloud service provider (CSP); receive a command from the CSP to create a group of trusted execution platforms; create the group comprising the execution platform; confirm an existence and a status of the group based on the attestation of the execution platform and based on a current group status of the group; report a trusted computing base (TCB) of the first execution platform to other member execution platforms of the group, wherein the other member execution platforms satisfy minimum TCB requirements of the group; and execute an encrypted workload of the tenant using a group private key, wherein the workload of the tenant is encrypted using a group public key.