公开(公告)号：US20180352311A1

公开(公告)日：2018-12-06

申请号：US15913357

申请日：2018-03-06

Applicant: Intel Corporation

Inventor： Andrew J. Herdrich ,  Patrick L. Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey B. Shaw ,  Edwin Verplanke ,  Scott P. Dubal ,  James Robert Hearn

IPC: H04Q9/02 ,  H04L12/26 ,  H04L12/24

CPC classification number: H04Q9/02 ,  H04L41/5009 ,  H04L41/5019 ,  H04L43/08 ,  H04L43/10

Abstract: Devices and techniques for out-of-band platform tuning and configuration are described herein. A device can include a telemetry interface to a telemetry collection system and a network interface to network adapter hardware. The device can receive platform telemetry metrics from the telemetry collection system, and network adapter silicon hardware statistics over the network interface, to gather collected statistics. The device can apply a heuristic algorithm using the collected statistics to determine processing core workloads generated by operation of a plurality of software systems communicatively coupled to the device. The device can provide a reconfiguration message to instruct at least one software system to switch operations to a different processing core, responsive to detecting an overload state on at least one processing core, based on the processing core workloads. Other embodiments are also described.

公开(公告)号：US09560078B2

公开(公告)日：2017-01-31

申请号：US14709168

申请日：2015-05-11

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Valerie J. Young ,  Muthaiah Venkatachalam ,  Manuel Nedbal

IPC: H04L29/06

CPC classification number: H04L63/205 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2101 ,  H04L47/25 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/20 ,  H04L67/10 ,  H04Q9/00

Abstract: Technologies for performing security monitoring services of a network functions virtualization (NFV) security architecture that includes an NVF security services controller and one or more NFV security services agents. The NFV security services controller is configured to transmit a security monitoring policy to the NFV security services agents and enforce the security monitoring policy at the NFV security services agents. The NFV security services agents are configured to monitor telemetry data and package at least a portion of the telemetry for transmission to an NFV security monitoring analytics system of the NFV security architecture for security threat analysis. Other embodiments are described and claimed.

Abstract translation: 用于执行包括NVF安全服务控制器和一个或多个NFV安全服务代理的网络功能虚拟化（NFV）安全体系结构的安全监控服务的技术。 NFV安全服务控制器配置为向NFV安全服务代理传输安全监控策略，并在NFV安全服务代理处执行安全监控策略。 NFV安全服务代理被配置为监视遥测数据并封装至少一部分遥测以传输到用于安全威胁分析的NFV安全架构的NFV安全监控分析系统。 描述和要求保护其他实施例。

公开(公告)号：US20160277425A1

公开(公告)日：2016-09-22

申请号：US14661311

申请日：2015-03-18

Applicant: Intel Corporation

Inventor： Iosif Gasparakis ,  Scott P. Dubal ,  Patrick Connor ,  Kapil Sood ,  Eliezer Tamir

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L63/1416 ,  G06F21/60 ,  G06F21/85 ,  G06F2213/3808 ,  H04L9/32 ,  H04L63/0428

Abstract: Network interface devices with remote storage control. In some embodiments, a network interface device may include receiver circuitry and remote storage device control circuitry. The remote storage device control circuitry may be coupled to the receiver circuitry and may share a physical support with the receiver circuitry. The remote storage device control circuitry may be configured to control writing of data from the receiver circuitry to a remote storage device that does not share a physical support with the remote storage device control circuitry.

Abstract translation: 具有远程存储控制的网络接口设备。 在一些实施例中，网络接口设备可以包括接收器电路和远程存储设备控制电路。 远程存储设备控制电路可以耦合到接收器电路，并且可以与接收器电路共享物理支持。 远程存储设备控制电路可以被配置为控制从接收器电路向与远程存储设备控制电路不共享物理支持的远程存储设备的数据写入。

公开(公告)号：US20160180063A1

公开(公告)日：2016-06-23

申请号：US14581742

申请日：2014-12-23

Applicant: Intel Corporation

Inventor： Malini K. Bhandaru ,  Kapil Sood ,  Christian Maciocco ,  Isaku Yamahata ,  Yunhong Jiang

IPC: G06F21/10

CPC classification number: G06F21/105 ,  G06F2221/0704 ,  G06F2221/0711 ,  G06F2221/0773

Abstract: At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.

Abstract translation: 包括响应于系统执行的多个指令的至少一个机器可读介质导致系统向许可证服务器发送唯一标识符，基于唯一标识符建立安全通道，请求激活设备的许可证 通过安全通道从许可证服务器通过安全通道从许可证服务器接收许可证数据; 确定许可证是否有效，并且响应于许可证数据有效的确定而激活设备。

公开(公告)号：US09098705B2

公开(公告)日：2015-08-04

申请号：US13770167

申请日：2013-02-19

Applicant: Intel Corporation

Inventor： Tsung-Yuan Charles Tai ,  Kapil Sood

IPC: G06F17/00 ,  G06F21/57 ,  G06F9/445 ,  G06F9/50 ,  G06F21/53 ,  G06F9/455

CPC classification number: G06F21/57 ,  G06F8/61 ,  G06F9/45545 ,  G06F9/45558 ,  G06F9/5077 ,  G06F21/53 ,  G06F2009/45587

Abstract: A method, apparatus and system enable a temporary partition on a host to be isolated. More specifically, a temporary partition may be initialized in a partitioned host, assigned its own security policy and given the necessary resources to complete a task. Thereafter, the temporary partition may be dismantled. Since the temporary partition is isolated from the remaining partitions on the host, the temporary partition may be allowed to run a “weaker” security policy than the rest of the partitions because the isolation of the temporary partition ensures that the security of the remaining partitions may remain uncompromised.

Abstract translation: 方法，装置和系统使主机上的临时分区能够被隔离。 更具体地说，可以在分配的主机中初始化临时分区，分配其自己的安全策略并给出必要的资源来完成任务。 此后，可以拆除临时隔离物。 由于临时分区与主机上的剩余分区隔离，因此临时分区可能会比其他分区运行“较弱”的安全策略，因为临时分区的隔离可确保其余分区的安全性 保持不妥协

公开(公告)号：US20240205198A1

公开(公告)日：2024-06-20

申请号：US18288955

申请日：2022-03-25

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Srinivasa Addepalli ,  Dong Guo ,  Sakari Poussa ,  Kailun Qin ,  Ismo Puustinen ,  Veronika Karperko

IPC: H04L9/40

CPC classification number: H04L63/0428 ,  H04L63/0823

Abstract: Various methods, systems, and use cases for securely managing, generating, and controlling access to keys in a service mesh are discussed herein. In various examples, key protection operations include service mesh signing key protection and service mesh communication key protection, for a secure transport session between services such as conducted with mutual transport layer security (mTLS). For instance, such key protection operations may be used to establish communications between the service host and another entity within the service mesh, in a secure transport session, based on use of a private key (secured using a confidential computing technology) in a secure enclave or other secure compute environment to sign one or more keys for the secure transport session.

公开(公告)号：US20240022405A1

公开(公告)日：2024-01-18

申请号：US18477370

申请日：2023-09-28

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Shaojun Ding ,  Dong Guo ,  Huailong Zhang ,  Ruijing Guo ,  Hejie Xu ,  Qiming Liu

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/40

CPC classification number: H04L9/3073 ,  H04L9/0894 ,  H04L63/0281

Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed to provide hardware enforced security for a service mesh. An example first server of a service mesh disclosed herein to provide hardware enforced security for a service mesh includes programmable circuitry to at least one of instantiate or execute the machine-readable instructions to detect a second server of the service mesh, cause a public key of the second server to be stored in the first enclave, and after an attestation for a second enclave is obtained, cause addition of the second server to the service mesh.

公开(公告)号：US11757647B2

公开(公告)日：2023-09-12

申请号：US17320762

申请日：2021-05-14

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Naveen Lakkakula ,  Hari K. Tadepalli ,  Lokpraveen Mosur ,  Rajesh Gadiyar ,  Patrick Fleming

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04L9/40 ,  H04L9/14 ,  G06F21/57 ,  G06F21/60

CPC classification number: H04L9/3234 ,  G06F21/57 ,  G06F21/602 ,  G06F21/606 ,  H04L9/0825 ,  H04L9/0861 ,  H04L9/0897 ,  H04L9/14 ,  H04L63/20 ,  H04L2209/122

Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.

公开(公告)号：US11736942B2

公开(公告)日：2023-08-22

申请号：US17076452

申请日：2020-10-21

Applicant: Intel Corporation

Inventor： Alexander Bachmutsky ,  Dario Sabella ,  Francesc Guim Bernat ,  John J. Browne ,  Kapil Sood ,  Kshitij Arun Doshi ,  Mats Gustav Agerstam ,  Ned M. Smith ,  Rajesh Poornachandran ,  Tarun Viswanathan

IPC: H04W12/08 ,  H04W76/10 ,  H04W28/02 ,  G06F9/455 ,  H04W4/46 ,  H04L67/10 ,  H04W12/42 ,  H04W12/60 ,  H04W12/06 ,  H04W84/12

CPC classification number: H04W12/08 ,  G06F9/45558 ,  H04L67/10 ,  H04W4/46 ,  H04W12/068 ,  H04W12/42 ,  H04W12/66 ,  H04W28/02 ,  H04W76/10 ,  H04W84/12

Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.

公开(公告)号：US11604882B2

公开(公告)日：2023-03-14

申请号：US16433709

申请日：2019-06-06

Applicant: Intel Corporation

Inventor： Yeluri Raghuram ,  Susanne M. Balle ,  Nigel Thomas Cook ,  Kapil Sood

IPC: G06F21/57 ,  H04L9/08 ,  G06F21/53 ,  G06F21/71 ,  G06F21/00

Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.