公开(公告)号：US12050702B2

公开(公告)日：2024-07-30

申请号：US18358210

申请日：2023-07-25

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

CPC classification number: G06F21/602 ,  G06F12/1009 ,  G06F12/1458 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14 ,  G06F2212/1052 ,  G06F2221/2149

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US11782829B2

公开(公告)日：2023-10-10

申请号：US17686854

申请日：2022-03-04

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F12/06 ,  G06F12/14 ,  G06F12/0895 ,  G06F21/76 ,  G06F9/48

CPC classification number: G06F12/063 ,  G06F9/4806 ,  G06F12/0895 ,  G06F12/1408 ,  G06F21/76

Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.

公开(公告)号：US11625275B2

公开(公告)日：2023-04-11

申请号：US17109742

申请日：2020-12-02

Applicant: Intel Corporation

Inventor： Krystof Zmudzinski ,  Siddhartha Chhabra ,  Reshma Lal ,  Alpa Narendra Trivedi ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F9/445 ,  G06F9/50 ,  G06F9/455 ,  G06F21/62 ,  G06F12/1009 ,  G06F9/46 ,  G06F13/28 ,  G06F21/85 ,  G06F21/78 ,  G06F21/53 ,  G06F21/57 ,  H04L9/32 ,  H04W12/30 ,  H04W12/48 ,  H04L69/16

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

公开(公告)号：US11531770B2

公开(公告)日：2022-12-20

申请号：US16725267

申请日：2019-12-23

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US11281579B2

公开(公告)日：2022-03-22

申请号：US16774293

申请日：2020-01-28

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F12/06 ,  G06F12/14 ,  G06F12/0895 ,  G06F21/76 ,  G06F9/48

Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.

公开(公告)号：US20210117576A1

公开(公告)日：2021-04-22

申请号：US17109742

申请日：2020-12-02

Applicant: Intel Corporation

Inventor： Krystof Zmudzinski ,  Siddhartha Chhabra ,  Reshma Lal ,  Alpa Narendra Trivedi ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F21/78 ,  G06F9/455 ,  G06F9/46 ,  G06F9/50 ,  G06F12/1009 ,  G06F13/28 ,  G06F21/53 ,  G06F21/57 ,  G06F21/62 ,  G06F21/85 ,  H04L9/32

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

公开(公告)号：US20190228159A1

公开(公告)日：2019-07-25

申请号：US16369279

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Krystof Zmudzinski ,  Reshma Lal ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Raghunandan Makaram ,  Siddhartha Chhabra ,  Vincent R. Scarlata

IPC: G06F21/57

Abstract: Technologies for filtering transactions includes a compute device, which further includes an accelerator device and an I/O subsystem having an accelerator port. The I/O subsystem is configured to determine whether to enable a global attestation during a boot process of the compute device, receive a transaction from the accelerator device connected to the accelerator port via a coherent accelerator link, and filter the transaction based on a determination of whether to enable the global attestation.

公开(公告)号：US09807288B2

公开(公告)日：2017-10-31

申请号：US14866688

申请日：2015-09-25

Applicant: Intel Corporation

Inventor： Daniel C. Middleton ,  Evan R. Green ,  Luis S. Kida

IPC: H04N5/225 ,  G02B7/02 ,  G02B7/14 ,  G02B3/00

CPC classification number: H04N5/2254 ,  G02B3/0056 ,  G02B7/021 ,  G02B7/14 ,  H04N5/2252 ,  H04N5/23209 ,  H04N5/247

Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing multi-lens array cameras and mounts. In one embodiment there is a lens mount assembly, having therein a lens mount with a front side and a back side; a lens array mounted to the front side of the lens mount, the lens array having a plurality of optics embedded within lenses mounted to the front side of the lens mount; a plurality of image capture circuits at the back side of the lens mount, the plurality of image capture circuits having a one to one correspondence to the lenses of the lens array mounted to the front side of the lens mount; and a plurality of receiving couplers at the front side of the lens mount, each to receive one of the lenses of the lens array, wherein the receiving couplers mechanically bring the optics of the respective lens mounted thereto into alignment with a corresponding one of the image capture circuits on the back side of the lens mount opposing the mounted lens. The lens mount assembly may be embodied within a camera body assembly such as a hand-held smart phone, a tablet computing device or a stand alone hand held camera. The lens mount assembly may be interchangeable with other lens mount assemblies for a multi-lens array camera. Other related embodiments are disclosed.

公开(公告)号：US20250013758A1

公开(公告)日：2025-01-09

申请号：US18742168

申请日：2024-06-13

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US20240126691A1

公开(公告)日：2024-04-18

申请号：US18462605

申请日：2023-09-07

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F12/06 ,  G06F9/48 ,  G06F12/0895 ,  G06F12/14 ,  G06F21/76

CPC classification number: G06F12/063 ,  G06F9/4806 ,  G06F12/0895 ,  G06F12/1408 ,  G06F21/76

Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.