-
公开(公告)号:US11212085B2
公开(公告)日:2021-12-28
申请号:US16368982
申请日:2019-03-29
Applicant: Intel Corporation
Inventor: Timothy Verrall , Thomas Willhalm , Francesc Guim Bernat , Karthik Kumar , Ned M. Smith , Rajesh Poornachandran , Kapil Sood , Tarun Viswanathan , John J. Browne , Patrick Kutch
IPC: H04L9/08
Abstract: Technologies for accelerated key caching in an edge hierarchy include multiple edge appliance devices organized in tiers. An edge appliance device receives a request for a key, such as a private key. The edge appliance device determines whether the key is included in a local key cache and, if not, requests the key from an edge appliance device included in an inner tier of the edge hierarchy. The edge appliance device may request the key from an edge appliance device included in a peer tier of the edge hierarchy. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys in the key cache for eviction. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys for pre-fetching. Those functions of the edge appliance device may be performed by an accelerator such as an FPGA. Other embodiments are described and claimed.
-
公开(公告)号:US11146288B2
公开(公告)日:2021-10-12
申请号:US16815666
申请日:2020-03-11
Applicant: Intel Corporation
Inventor: Patrick Connor , Kapil Sood , Scott Dubal , Andrew Herdrich , James Hearn
Abstract: Technologies for applying a redundancy encoding scheme to segmented portions of a data block include an endpoint computing device communicatively coupled to a destination computing device. The endpoint computing device is configured to divide a block of data into a plurality of data segments as a function of a transmit window size and a redundancy encoding scheme, and generate redundant data usable to reconstruct each of the plurality of data segments. The endpoint computing device is additionally configured to format a series of network packets that each includes a data segment of the plurality of data segments and generated redundant data for at least one other data segment of the plurality of data segments. Further, the endpoint computing device is configured to transport each of the series of network packets to a destination computing device. Other embodiments are described herein.
-
公开(公告)号:US11018871B2
公开(公告)日:2021-05-25
申请号:US15941407
申请日:2018-03-30
Applicant: Intel Corporation
Inventor: Kapil Sood , Naveen Lakkakula , Hari K. Tadepalli , Lokpraveen Mosur , Rajesh Gadiyar , Patrick Fleming
Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.
-
公开(公告)号:US20210105258A1
公开(公告)日:2021-04-08
申请号:US16876626
申请日:2020-05-18
Applicant: Intel Corporation
Inventor: Kapil Sood , Seosamh O'Riordain , Ned M. Smith , Tarun Viswanathan
Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.
-
15.发明授权公开(公告)号:US10970103B2
公开(公告)日:2021-04-06
申请号:US16234731
申请日:2018-12-28
Applicant: Intel Corporation
Inventor: Ned Smith , Bing Zhu , Vincent Scarlata , Kapil Sood , Francesc Guim Bernat
IPC: G06F9/455
Abstract: Technologies for hybrid virtualization and secure enclave include a computing device and an edge orchestrator. The edge orchestrator securely provisions a container-enclave policy to the computing device. A VMM of the computing device constructs a platform services enclave that includes the container-enclave policy. The platform services enclave requests a local attestation report from an application enclave, and the application enclave generates the attestation report using secure enclave support of a compute engine of the computing device. The attestation report is indicative of a virtualization context of the application enclave, and may include a VM flag, a VMM flag, and a source address of the application enclave. The platform services enclave enforces the container-enclave policy based on the virtualization context of the application enclave. The platform services enclave may control access to functions of the computing device based on the virtualization context. Other embodiments are described and claimed.
-
Patent Agency Ranking
公开(公告)号:US10959039B2
公开(公告)日:2021-03-23
申请号:US16533149
申请日:2019-08-06
Applicant: Intel Corporation
Inventor: Valerie J. Young , Kapil Sood
Abstract: Technologies for performing an automated application exchange negotiation in an operator network include an endpoint device, a mobile edge computing device, a core computing device, an application provider computing device, and a network operator computing device. The mobile edge computing device is configured to receive a request to access an application and/or service stored at the mobile edge computing device and/or the application provider computing device. The mobile edge computing device is further configured to initiate the automated application exchange negotiation between the application provider computing device and the network operator computing device to determine one or more terms of the negotiation, including one or more terms of a service level agreement (SLA). Other embodiments are described herein.
-
公开(公告)号:US20200028880A1
公开(公告)日:2020-01-23
申请号:US16542670
申请日:2019-08-16
Applicant: Intel Corporation
Inventor: Kapil Sood , Valerie J. Young , Muthaiah Venkatachalam , Manuel Nedbal
Abstract: Technologies for performing security monitoring services of a network functions virtualization (NFV) security architecture that includes an NVF security services controller and one or more NFV security services agents. The NFV security services controller is configured to transmit a security monitoring policy to the NFV security services agents and enforce the security monitoring policy at the NFV security services agents. The NFV security services agents are configured to monitor telemetry data and package at least a portion of the telemetry for transmission to an NFV security monitoring analytics system of the NFV security architecture for security threat analysis. Other embodiments are described and claimed.
-
公开(公告)号:US20190281025A1
公开(公告)日:2019-09-12
申请号:US16372353
申请日:2019-04-01
Applicant: Intel Corporation
Inventor: David J. Harriman , Raghunandan Makaram , Ioannis T. Schoinas , Kapil Sood , Yu-Yuan Chen , Vedvyas Shanbhogue , Siddhartha Chhabra , Reshma Lal , Reouven Elbaz
Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.
-
公开(公告)号:US10397280B2
公开(公告)日:2019-08-27
申请号:US15420858
申请日:2017-01-31
Applicant: Intel Corporation
Inventor: Kapil Sood , Valerie J. Young , Muthaiah Venkatachalam , Manuel Nedbal
Abstract: Technologies for performing security monitoring services of a network functions virtualization (NFV) security architecture that includes an NVF security services controller and one or more NFV security services agents. The NFV security services controller is configured to transmit a security monitoring policy to the NFV security services agents and enforce the security monitoring policy at the NFV security services agents. The NFV security services agents are configured to monitor telemetry data and package at least a portion of the telemetry for transmission to an NFV security monitoring analytics system of the NFV security architecture for security threat analysis. Other embodiments are described and claimed.
-
公开(公告)号:US10339317B2
公开(公告)日:2019-07-02
申请号:US15060844
申请日:2016-03-04
Applicant: Intel Corporation
Inventor: Yeluri Raghuram , Susanne M. Balle , Nigel Thomas Cook , Kapil Sood
Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.
-
-
-
-
-
-
-
-
-
Search Results
142
records
(took 0.029 seconds)
