公开(公告)号：US11698973B2

公开(公告)日：2023-07-11

申请号：US17546243

申请日：2021-12-09

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F21/71 ,  G06F21/79 ,  G06F21/78

CPC classification number: G06F21/575 ,  G06F9/4413 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/3278 ,  G06F2221/034

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US11288206B2

公开(公告)日：2022-03-29

申请号：US16831381

申请日：2020-03-26

Applicant: Intel Corporation

Inventor： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC: G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

Abstract: Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.

公开(公告)号：US11205003B2

公开(公告)日：2021-12-21

申请号：US16832138

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401 ,  G06F21/71 ,  G06F21/79

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20210319138A1

公开(公告)日：2021-10-14

申请号：US17358287

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel ,  Siddhartha Chhabra ,  Ofir Shwartz ,  Kumar Dwarakanath

IPC: G06F21/72 ,  G06F21/79 ,  G06F21/73 ,  G06F21/60 ,  G06F15/78 ,  G06F7/58

Abstract: Methods and apparatus relating to utilization of logic and a serial number to provide persistent unique platform secret for generation of System on Chip (SOC or SoC) root keys are described. In an embodiment, stepping logic circuitry generates a stepping identifier in response to a first signal. Unique identifier logic circuitry generates a unique identifier in response to a second signal. Secret generation logic circuitry generates a key based at least in part on the stepping identifier and the unique identifier. The unique identifier is stored in persistent memory. Other embodiments are also disclosed and claimed.

公开(公告)号：US20210224202A1

公开(公告)日：2021-07-22

申请号：US17222722

申请日：2021-04-05

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Hormuzd M. Khosravi ,  Gideon Gerzon ,  Barry E. Huntley ,  Gilbert Neiger ,  Ido Ouziel ,  Baiju Patel ,  Ravi L. Sahita ,  Amy L. Santoni ,  Ioannis T. Schoinas

IPC: G06F12/14 ,  H04L29/06 ,  H04L9/06 ,  H04L9/08

Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.

公开(公告)号：US20200226071A1

公开(公告)日：2020-07-16

申请号：US16831381

申请日：2020-03-26

Applicant: Intel Corporation

Inventor： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC: G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

Abstract: Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.

公开(公告)号：US10509734B2

公开(公告)日：2019-12-17

申请号：US16204067

申请日：2018-11-29

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  G06F21/72 ,  G06F21/55 ,  H04L29/06

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US20190146932A1

公开(公告)日：2019-05-16

申请号：US16204067

申请日：2018-11-29

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  H04L29/06 ,  G06F21/55 ,  G06F21/72

CPC classification number: G06F12/1408 ,  G06F21/556 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2221/034 ,  G06F2221/2107 ,  H04L63/0435 ,  H04L63/061 ,  H04L63/1433

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US09459874B2

公开(公告)日：2016-10-04

申请号：US14541933

申请日：2014-11-14

Applicant: Intel Corporation

Inventor： Hong Wang ,  John Shen ,  Hong Jiang ,  Richard Hankins ,  Per Hammarlund ,  Dion Rodgers ,  Gautham Chinya ,  Baiju Patel ,  Shiv Kaushik ,  Bryant Bigbee ,  Gad Sheaffer ,  Yoav Talgam ,  Yuval Yosef ,  James P. Held

IPC: G06F9/38 ,  G06F9/30 ,  G06T1/20

CPC classification number: G06F9/30145 ,  G06F9/30 ,  G06F9/30181 ,  G06F9/3877 ,  G06F9/3879 ,  G06T1/20

Abstract: In one embodiment, the present invention includes a method for directly communicating between an accelerator and an instruction sequencer coupled thereto, where the accelerator is a heterogeneous resource with respect to the instruction sequencer. An interface may be used to provide the communication between these resources. Via such a communication mechanism a user-level application may directly communicate with the accelerator without operating system support. Further, the instruction sequencer and the accelerator may perform operations in parallel. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，本发明包括一种用于在加速器和与其耦合的指令定序器之间直接通信的方法，其中加速器相对于指令定序器是异质资源。 可以使用接口来提供这些资源之间的通信。 通过这种通信机制，用户级应用可以直接与加速器进行通信，而无需操作系统支持。 此外，指令定序器和加速器可以并行地执行操作。 描述和要求保护其他实施例。

公开(公告)号：US09417880B2

公开(公告)日：2016-08-16

申请号：US13843558

申请日：2013-03-15

Applicant: Intel Corporation

Inventor： Martin Dixon ,  Baiju Patel ,  Rajeev Gopalakrishna

IPC: G06F9/30 ,  G06F9/40 ,  G06F9/38

CPC classification number: G06F9/3016 ,  G06F9/30014 ,  G06F9/30021 ,  G06F9/30076 ,  G06F9/3802 ,  G06F9/3838 ,  G06F9/3861

Abstract: A processor is described having a functional unit within an instruction execution pipeline. The functional unit having circuitry to determine whether substantive data from a larger source data size will fit within a smaller data size that the substantive data is to flow to.

Abstract translation: 描述了处理器在指令执行流水线内具有功能单元。 功能单元具有用于确定来自较大源数据大小的实质数据是否适合实质数据要流向的较小数据大小的电路。