公开(公告)号：US10972277B2

公开(公告)日：2021-04-06

申请号：US15459939

申请日：2017-03-15

Applicant: INTEL CORPORATION

Inventor： Eric Innis ,  Raghunandan Makaram ,  Ting Lu

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08 ,  H04L9/08 ,  G06F21/76 ,  H04W4/60 ,  G06F21/57 ,  G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  H04L9/06 ,  H04L9/14

Abstract: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.

公开(公告)号：US20190050603A1

公开(公告)日：2019-02-14

申请号：US15940887

申请日：2018-03-29

Applicant: Intel Corporation

Inventor： Sean R. Atsatt ,  Ting Lu ,  James Ryan Kenny ,  Bruce B. Pedersen ,  Robert Landon Pelt ,  Andrew Martyn Draper

IPC: G06F21/76 ,  G06F21/72 ,  G06F21/44 ,  H04L9/32 ,  H04L9/06

Abstract: Integrated circuit devices and methods include utilizing security features including authenticating incoming data by receiving one or more hash blocks each including multiple hash sub-blocks. Authenticating also includes receiving encrypted data including multiple data sub-blocks. Authenticating also includes authenticating a first hash block of the one or more hash blocks using a root hash of an integrated circuit device. Authenticating further includes authenticating each of the multiple data sub-blocks using a corresponding hash sub-block of the multiple hash sub-blocks.

公开(公告)号：US20200167506A1

公开(公告)日：2020-05-28

申请号：US16586131

申请日：2019-09-27

Applicant: Intel Corporation

Inventor： Prakash Iyer ,  Eric Innis ,  Evan Custodio ,  Ting Lu

IPC: G06F21/76

Abstract: A PCIe card includes an FPGA and a memory that is discrete from the FPGA. The memory is accessible by the FPGA and not other devices on the card. The FPGA's core fabric is configured with a security processor that verifies a bitstream loaded through the FGPA into the memory as authentic or not authentic to limit unauthorized access to data from a user circuit that is associated with a not authentic bitstream. The security processor is loaded into the FPGA when a request is made for bitstream verification and is allowed to be overwritten after the security processor processes the bitstream to determine if the bitstream is authentication or not authentic. Allowing the security processor to be overwritten allows for high percentage usage of the core fabric for user circuits and limits the inclusion of a static circuit in the core fabric that is infrequently used.

公开(公告)号：US20190138754A1

公开(公告)日：2019-05-09

申请号：US16222564

申请日：2018-12-17

Applicant: Intel Corporation

Inventor： Wei Yee Koay ,  Ting Lu ,  Ching Kooi Hor ,  Chin Ghee Ch'ng

IPC: G06F21/76 ,  H03K3/03 ,  H03K5/24 ,  G06F1/08

Abstract: An integrated circuit includes a comparator circuit that generates a control signal based on a comparison between a threshold voltage and a supply voltage. The integrated circuit also includes a clock signal generation circuit that generates a clock signal and that receives the control signal. The clock signal generation circuit decreases a frequency of the clock signal to a reduced frequency in response to the control signal indicating that the supply voltage has decreased below the threshold voltage. The integrated circuit also includes a secure device manager circuit that has a timing circuit. The clock signal is provided to a clock input of the timing circuit. The timing circuit receives supply current from the supply voltage. The secure device manager circuit performs a security function for the integrated circuit using the timing circuit in response to the clock signal with the reduced frequency.

公开(公告)号：US20190095113A1

公开(公告)日：2019-03-28

申请号：US15719058

申请日：2017-09-28

Applicant: Intel Corporation

Inventor： Sean R. Atsatt ,  Andrew Draper ,  Ting Lu ,  Steve Tuyen Vu ,  Scott Weber

IPC: G06F3/06

Abstract: A system for maintaining reconfigurable partitions in an integrated device includes a first buffer having channels that store configuration data and a mask. The system also includes first decompression circuitry having a second buffer coupled to the first buffer that stores the configuration data and second decompression circuitry having a third buffer coupled to the first buffer that stores the mask. The system also includes partition maintenance circuitry that applies the mask to the configuration data after the first decompression circuitry has decompressed the configuration data and the second decompression circuitry has decompressed the mask.

公开(公告)号：US20190042118A1

公开(公告)日：2019-02-07

申请号：US15940799

申请日：2018-03-29

Applicant: Intel Corporation

Inventor： Ting Lu ,  Sean R. Atsatt ,  Andrew Martyn Draper ,  Eric Michael Innis

IPC: G06F3/06 ,  G06F21/60 ,  G06F21/79 ,  G06F12/16 ,  G11C17/18

Abstract: The disclosed systems and methods may secure the fuse programming process in programmable devices to reduce or eliminate malicious discovery of data (e.g., the encryption key, the configuration bitstream) stored in nonvolatile memory via side-channel attacks. A processor may generate a randomized fuse list and the fuses may be blown in the randomized order. Additionally or alternatively, the processor may randomize the wait time between programming of each fuse. Further, the processor may generate a simplified fuse list including only fuses to be blown. The disclosed security systems and methods may be used individually or in combination to prevent determination of sensitive data, such as the encryption key, by monitoring, for example, power consumption in side-channel attacks.