公开(公告)号：US20240106625A1

公开(公告)日：2024-03-28

申请号：US18502763

申请日：2023-11-06

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Rakesh A. Ughreja ,  Kumar N. Dwarakanath ,  Victoria C. Moore

IPC: H04L9/00 ,  G06F9/54 ,  G06F21/44 ,  G06F21/57 ,  G06F21/60 ,  G06F21/83 ,  G06F21/84 ,  H04L9/08 ,  H04L9/40

CPC classification number: H04L9/00 ,  G06F9/54 ,  G06F21/445 ,  G06F21/57 ,  G06F21/606 ,  G06F21/83 ,  G06F21/84 ,  H04L9/0838 ,  H04L63/145 ,  G06F2221/033 ,  H04L63/0428

Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.

公开(公告)号：US20220405403A1

公开(公告)日：2022-12-22

申请号：US17820628

申请日：2022-08-18

Applicant: Intel Corporation

Inventor： Soham Jayesh Desai ,  Siddhartha Chhabra ,  Bin Xing ,  Pradeep M. Pappachan ,  Reshma Lal

IPC: G06F21/60 ,  H04L9/40 ,  G06F21/57 ,  G06F13/28 ,  H04L9/32 ,  G06F21/62 ,  G06F21/85 ,  G09C1/00 ,  G06F13/20

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

公开(公告)号：US20200266969A1

公开(公告)日：2020-08-20

申请号：US16706095

申请日：2019-12-06

Applicant: INTEL CORPORATION

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Rakesh A. Ughreja ,  Kumar N. Owarakanath ,  Victoria C. Moore

IPC: H04L9/00 ,  H04L9/08 ,  G06F21/60 ,  G06F21/57 ,  G06F21/84 ,  G06F21/44 ,  H04L29/06 ,  G06F21/83 ,  G06F9/54

Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.

公开(公告)号：US10691404B2

公开(公告)日：2020-06-23

申请号：US16290307

申请日：2019-03-01

Applicant: Intel Corporation

Inventor： Sudha Krishnakumar ,  Reshma Lal ,  Pradeep M. Pappachan ,  Kar Leong Wong ,  Steven B. McGowan ,  Adeel A. Aslam

IPC: G06F17/00 ,  G06F3/16 ,  H04L29/08 ,  H04L29/06 ,  G06F15/167 ,  H04L9/32

Abstract: Technologies for cryptographic protection of I/O audio data include a computing device with a cryptographic engine and an audio controller. A trusted software component may request an untrusted audio driver to establish an audio session with the audio controller that is associated with an audio codec. The trusted software component may verify that a stream identifier associated with the audio session received from the audio driver matches a stream identifier received from the codec. The trusted software may program the cryptographic engine with a DMA channel identifier associated with the codec, and the audio controller may assert the channel identifier in each DMA transaction associated with the audio session. The cryptographic engine cryptographically protects audio data associated with the audio session. The audio controller may lock the controller topology after establishing the audio session, to prevent re-routing of audio during a trusted audio session. Other embodiments are described and claimed.

公开(公告)号：US20200167488A1

公开(公告)日：2020-05-28

申请号：US16774719

申请日：2020-01-28

Applicant: Intel Corporation

Inventor： Salessawi Ferede Yitbarek ,  Lawrence A. Booth Jr. ,  Brent Thomas ,  Reshma Lal ,  Pradeep M. Pappachan ,  Akshay Kadam

IPC: G06F21/60 ,  G06F21/76 ,  H04L9/14 ,  H04L9/08

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

公开(公告)号：US10552620B2

公开(公告)日：2020-02-04

申请号：US15628006

申请日：2017-06-20

Applicant: Intel Corporation

Inventor： Soham Jayesh Desai ,  Siddhartha Chhabra ,  Bin Xing ,  Pradeep M. Pappachan ,  Reshma Lal

IPC: G06F21/00 ,  G06F21/60 ,  H04L29/06 ,  G06F21/57 ,  G06F13/28 ,  H04L9/32 ,  G06F21/62 ,  G06F21/85 ,  G09C1/00 ,  G06F13/20 ,  H04L9/06 ,  G06F21/51

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

公开(公告)号：US20190130120A1

公开(公告)日：2019-05-02

申请号：US16232146

申请日：2018-12-26

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Alpa Narendra Trivedi ,  Luis Kida ,  Pradeep M. Pappachan ,  Soham Jayesh Desai ,  Nanda Kumar Unnikrishnan

IPC: G06F21/60 ,  H04L9/32 ,  G06F21/76

Abstract: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data. Other embodiments are described and claimed.

公开(公告)号：US10261748B2

公开(公告)日：2019-04-16

申请号：US14974645

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Sudha Krishnakumar ,  Reshma Lal ,  Pradeep M. Pappachan ,  Kar Leong Wong ,  Steven B. McGowan ,  Adeel A. Aslam

IPC: G06F17/00 ,  G06F3/16 ,  G06F15/167 ,  H04L9/32 ,  H04L29/06 ,  H04L29/08

Abstract: Technologies for cryptographic protection of I/O audio data include a computing device with a cryptographic engine and an audio controller. A trusted software component may request an untrusted audio driver to establish an audio session with the audio controller that is associated with an audio codec. The trusted software component may verify that a stream identifier associated with the audio session received from the audio driver matches a stream identifier received from the codec. The trusted software may program the cryptographic engine with a DMA channel identifier associated with the codec, and the audio controller may assert the channel identifier in each DMA transaction associated with the audio session. The cryptographic engine cryptographically protects audio data associated with the audio session. The audio controller may lock the controller topology after establishing the audio session, to prevent re-routing of audio during a trusted audio session. Other embodiments are described and claimed.

公开(公告)号：US20190042766A1

公开(公告)日：2019-02-07

申请号：US16113013

申请日：2018-08-27

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Siddhartha Chhabra ,  Bin Xing ,  Reshma Lal ,  Baruch Chaikin

IPC: G06F21/60 ,  H04L9/08 ,  G06F21/62

Abstract: In one embodiment, an apparatus includes: a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave. Other embodiments are described and claimed.

公开(公告)号：US10103872B2

公开(公告)日：2018-10-16

申请号：US14498711

申请日：2014-09-26

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Rakesh A. Ughreja ,  Kumar N. Dwarakanath ,  Victoria C. Moore

IPC: G06F21/44 ,  H04L9/00 ,  G06F9/54 ,  G06F21/83 ,  G06F21/57 ,  G06F21/60 ,  H04L9/08 ,  H04L29/06

Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.