公开(公告)号：US20220417005A1

公开(公告)日：2022-12-29

申请号：US17358952

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： BAIJU PATEL ,  SIDDHARTHA CHHABRA ,  PRASHANT DEWAN ,  OFIR SHWARTZ

IPC: H04L9/08

Abstract: Systems, methods, and apparatuses for providing chiplet binding to a disaggregated architecture for a system on a chip are described. In one embodiment, system includes a plurality of physically separate dies, an interconnect to electrically couple the plurality of physically separate dies together, a first die-to-die communication circuit, of a first die of the plurality of physically separate dies, comprising a transmitter circuit and an encryption circuit having a link key to encrypt data to be sent from the transmitter circuit into encrypted data, and a second die-to-die communication circuit, of a second die of the plurality of physically separate dies, comprising a receiver circuit and a decryption circuit having the link key to decrypt the encrypted data sent from the transmitter circuit to the receiver circuit.

公开(公告)号：US20220100679A1

公开(公告)日：2022-03-31

申请号：US17033745

申请日：2020-09-26

Applicant: Intel Corporation

Inventor： MAHESH NATU ,  ANAND K. ENAMANDRAM ,  MANJULA PEDDIREDDY ,  ROBERT A. BRANCH ,  TIFFANY J. KASANICKY ,  SIDDHARTHA CHHABRA ,  HORMUZD KHOSRAVI

IPC: G06F12/14 ,  G06F12/02 ,  G06F9/30

Abstract: Systems, methods, and apparatuses to implement spatially unique and location independent persistent memory encryption are described. In one embodiment, a system on a chip (SoC) includes at least one persistent range register to indicate a persistent range of memory, an address modifying circuit to check if an address for a memory store request is within the persistent range indicated by the at least one persistent range register, and append a unique identifier value, for a component corresponding to the memory store request for the address, to the address to generate a modified address and output the modified address as an output address when the address is within the persistent range, and output the address as the output address when the address is not within the persistent range, and an encryption engine circuit to generate a ciphertext based on the output address.

公开(公告)号：US20180336342A1

公开(公告)日：2018-11-22

申请号：US15600666

申请日：2017-05-19

Applicant: INTEL CORPORATION

Inventor： ALPA T. NARENDRA TRIVEDI ,  SIDDHARTHA CHHABRA

IPC: G06F21/53 ,  G06F21/78 ,  G06F21/72 ,  G06F21/62

Abstract: Techniques for secure-chip memory for trusted execution environments are described. A processor may include a memory configured to interface with a trusted execution environment. The processor may be configured to indicate to a trusted execution environment that the memory supports dedicated access to the trusted execution environment. The processor may receive an instruction from the trusted execution environment. The processor may enforce an access control policy of an interface plugin to limit access of the memory by the trusted execution environment to a partition of the memory associated with the trusted execution environment. Other embodiments are described and claimed.

公开(公告)号：US20180191716A1

公开(公告)日：2018-07-05

申请号：US15396157

申请日：2016-12-30

Applicant: INTEL CORPORATION

Inventor： SIDDHARTHA CHHABRA ,  DAVID M. DURHAM

IPC: H04L29/06 ,  G06F12/14

CPC classification number: G06F12/1408 ,  G06F21/57 ,  G06F21/602 ,  G06F2212/1052 ,  H04L9/0897 ,  H04L9/3242

Abstract: Various embodiments are generally directed to techniques for multi-domain memory encryption, such as with a plurality of cryptographically isolated domains, for instance. Some embodiments are particularly directed to a multi-domain encryption system that provides one or more of memory encryption, integrity, and replay protection services to a plurality of cryptographic domains. In one embodiment, for example, an apparatus may comprise a memory and logic for an encryption engine, at least a portion of the logic implemented in circuitry coupled to the memory. In various embodiments, the logic may receive a memory operation request associated with a data line of a set of data lines stored in a protected memory separate from the memory.

公开(公告)号：US20180191491A1

公开(公告)日：2018-07-05

申请号：US15394516

申请日：2016-12-29

Applicant: INTEL CORPORATION

Inventor： SIDDHARTHA CHHABRA ,  DAVID M. DURHAM

IPC: H04L9/06 ,  G06F3/06 ,  G06F21/53 ,  G06F12/14 ,  G06F21/72

CPC classification number: H04L9/0618 ,  G06F12/08 ,  G06F12/1408 ,  G06F21/53 ,  G06F21/602 ,  G06F21/72 ,  G06F2212/1052 ,  G06F2221/034 ,  H04L9/06 ,  H04L2209/12

Abstract: Various embodiments are generally directed to techniques for converting between different cipher systems, such as, for instance, between a cipher system used for a first encryption environment and a different cipher system used for a second encryption environment, for instance. Some embodiments are particularly directed to an encryption engine that supports memory operations between two or more encryption environments. Each encryption environment can use different cipher systems while the encryption engine can translate ciphertext between the different cipher systems. In various embodiments, for instance, the first encryption environment may include a main memory that uses a position dependent cipher system and the second encrypted environment may include a secondary memory that uses a position independent cipher system.

公开(公告)号：US20180181337A1

公开(公告)日：2018-06-28

申请号：US15390359

申请日：2016-12-23

Applicant: INTEL CORPORATION

Inventor： DAVID M. DURHAM ,  SERGEJ DEUTSCH ,  SAEEDEH KOMIJANI ,  ALPA T. NARENDRA TRIVEDI ,  SIDDHARTHA CHHABRA

IPC: G06F3/06

CPC classification number: G06F9/30047 ,  G06F21/79 ,  H03M7/30 ,  H03M7/6064

Abstract: Techniques and computing devices for compression memory coloring are described. In one embodiment, for example, an apparatus may include at least one memory, at least on processor, and logic for compression memory coloring, at least a portion of the logic comprised in hardware coupled to the at least one memory and the at least one processor, the logic to determine whether data to be written to memory is compressible, generate a compressed data element responsive to determining data is compressible, the data element comprising a compression indicator, a color, and compressed data, and write the compressed data element to memory. Other embodiments are described and claimed.

公开(公告)号：US20170177505A1

公开(公告)日：2017-06-22

申请号：US14975588

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： ABHISHEK BASAK ,  SIDDHARTHA CHHABRA ,  JUNGJU OH ,  DAVID M. DURHAM

IPC: G06F12/14 ,  H04L9/06 ,  G06F3/06 ,  G06F12/12 ,  G06F12/08

CPC classification number: G06F21/79 ,  G06F3/0623 ,  G06F3/0661 ,  G06F3/0673 ,  G06F7/724 ,  G06F12/0886 ,  G06F12/0891 ,  G06F12/124 ,  G06F12/1408 ,  G06F2212/1052 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2212/60 ,  G06F2212/70 ,  H03M13/15 ,  H04L9/0637 ,  H04L9/3242 ,  H04N19/463 ,  H04N19/93

Abstract: Examples include techniques for compressing counter values included in cryptographic metadata. In some examples, a cache line to fill a cache included in on-die processor memory may be received. The cache arranged to store cryptographic metadata. The cache line includes a counter value generated by a counter. The counter value to serve as version information for a memory encryption scheme to write a data cache line to a memory location of an off-die memory. In some examples, the counter value is compressed based on whether the counter value includes a pattern that matches a given pattern and is then stored to the cache. In some examples, a compression aware and last recently used (LRU) scheme is used to determine whether to evict cryptographic metadata from the cache.

公开(公告)号：US20160283748A1

公开(公告)日：2016-09-29

申请号：US14670061

申请日：2015-03-26

Applicant: Intel Corporation

Inventor： JUNGJU OH ,  SIDDHARTHA CHHABRA ,  DAVID M. DURHAM

IPC: G06F21/78 ,  G06F21/72

CPC classification number: G06F21/78 ,  G06F21/52 ,  G06F21/72

Abstract: The present disclosure is directed to a flexible counter system for memory protection. In general, a counter system for supporting memory protection operations in a device may be made more efficient utilizing flexible counter structures. A device may comprise a processing module and a memory module. A flexible counter system in the memory module may comprise at least one data line including a plurality of counters. The bit-size of the counters may be reduced and/or varied from existing implementations through an overflow counter that may account for smaller counters entering an overflow state. Counters that utilize the overflow counter may be identified using a bit indicator. In at least one embodiment selectors corresponding to each of the plurality of counters may be able to map particular memory locations to particular counters.

Abstract translation: 本公开涉及用于存储器保护的灵活计数器系统。 通常，利用灵活的计数器结构，可以使用于支持设备中的存储器保护操作的计数器系统更有效。 设备可以包括处理模块和存储器模块。 存储器模块中的灵活的计数器系统可以包括至少一个包括多个计数器的数据线。 计数器的位大小可以通过可能导致较小计数器进入溢出状态的溢出计数器从现有实现中减少和/或变化。 可以使用位指示器来识别利用溢出计数器的计数器。 在至少一个实施例中，对应于多个计数器中的每一个的选择器可以能够将特定存储器位置映射到特定计数器。