公开(公告)号：US20200076923A1

公开(公告)日：2020-03-05

申请号：US16674346

申请日：2019-11-05

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  David M. Durham ,  Karanvir Grewal ,  Wenjie Xiong ,  Sergej Deutsch

IPC: H04L29/06 ,  H04L29/12 ,  H03M7/30

Abstract: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).

公开(公告)号：US20160261570A1

公开(公告)日：2016-09-08

申请号：US15085114

申请日：2016-03-30

Applicant: Intel Corporation

Inventor： Karanvir Grewal ,  Men Long ,  Prashant Dewan

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L9/083 ,  H04L9/321 ,  H04L9/3247

Abstract: Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.

公开(公告)号：US12254203B2

公开(公告)日：2025-03-18

申请号：US18145095

申请日：2022-12-22

Applicant: Intel Corporation

Inventor： Sergej Deutsch ,  Christoph Dobraunig ,  Rajat Agarwal ,  David M. Durham ,  Santosh Ghosh ,  Karanvir Grewal ,  Krystian Matusiewicz

IPC: G06F3/06 ,  G11C7/24

Abstract: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.

公开(公告)号：US12045128B1

公开(公告)日：2024-07-23

申请号：US18147521

申请日：2022-12-28

Applicant: Intel Corporation

Inventor： David M. Durham ,  Sergej Deutsch ,  Karanvir Grewal

IPC: G06F11/10 ,  H04L9/08

CPC classification number: G06F11/1044 ,  H04L9/0816

Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.

公开(公告)号：US20230418608A1

公开(公告)日：2023-12-28

申请号：US17848142

申请日：2022-06-23

Applicant: Intel Corporation

Inventor： David M. Durham ,  Michael LeMay ,  Karanvir Grewal

IPC: G06F9/30 ,  G06F9/38

CPC classification number: G06F9/30145 ,  G06F9/30029 ,  G06F9/30105 ,  G06F9/3836

Abstract: Techniques for an instruction for a conditional jump operation (such as a Jump True operation) to detect memory corruption are described. An example apparatus comprises decoder circuitry to decode a single instruction, the single instruction to include fields for identifiers of a source operand, a destination operand, and a field for an opcode, the opcode to indicate execution circuitry is to generate an exception when a value of the source operand is not a first value and not a second value, execute a next instruction when the value of the source operand is the first value, and jump to a destination indicated by the destination operand when the value of the source operand is the second value. Other examples are described and claimed.

公开(公告)号：US11469902B2

公开(公告)日：2022-10-11

申请号：US16369989

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  Sergej Deutsch ,  David Durham ,  Karanvir Grewal

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/06 ,  G06F11/20

Abstract: The present disclosure is directed to systems and methods for the secure transmission of plaintext data blocks encrypted using a NIST standard encryption to provide a plurality of ciphertext data blocks, and using the ciphertext data blocks to generate a Galois multiplication-based authentication tag and parity information that is communicated in parallel with the ciphertext blocks and provides a mechanism for error detection, location and correction for a single ciphertext data block or a plurality of ciphertext data blocks included on a storage device. The systems and methods include encrypting a plurality of plaintext blocks to provide a plurality of ciphertext blocks. The systems and methods include generating a Galois Message Authentication Code (GMAC) authentication tag and parity information using the ciphertext blocks. The GMAC authentication tag may be encrypted to provide a GIMAC authentication tag that is communicated in parallel with the ciphertext blocks to one or more recipient systems or devices.

公开(公告)号：US20220123930A1

公开(公告)日：2022-04-21

申请号：US17561828

申请日：2021-12-24

Applicant: Intel Corporation

Inventor： Salmin Sultana ,  David M. Durham ,  Michael LeMay ,  Karanvir Grewal ,  Sergej Deutsch

IPC: H04L9/08 ,  G06F21/60

Abstract: A method comprises detecting execution of a fork( ) operation in a cryptographic computing system that generates a parent process and a child process, assigning a parent kernel data structure to the parent process and a child kernel data structure to the child process, detecting, in the child process, a write operation comprising write data and a cryptographic target address, and in response to the write operation blocking access to a corresponding page in the parent process, allocating a new physical page in memory for the child process, encrypting the write data with a cryptographic key unique to the child process, and filling the new physical page in memory with magic marker data.

公开(公告)号：US10860709B2

公开(公告)日：2020-12-08

申请号：US16024547

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Michael Lemay ,  David M. Durham ,  Michael E. Kounavis ,  Barry E. Huntley ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Josh Triplett ,  Gilbert Neiger ,  Karanvir Grewal ,  Baiju V. Patel ,  Ye Zhuang ,  Jr-Shian Tsai ,  Vadim Sukhomlinov ,  Ravi Sahita ,  Mingwei Zhang ,  James C. Farwell ,  Amitabh Das ,  Krishna Bhuyan

IPC: G06F21/53 ,  G06F12/02

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

公开(公告)号：US10855815B2

公开(公告)日：2020-12-01

申请号：US16674346

申请日：2019-11-05

Applicant: Intel Corporation

Inventor： Michael Kounavis ,  David M. Durham ,  Karanvir Grewal ,  Wenjie Xiong ,  Sergej Deutsch

IPC: H03M7/30 ,  H04L29/06 ,  H04L29/12 ,  H04W12/06

Abstract: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).

公开(公告)号：US10761928B2

公开(公告)日：2020-09-01

申请号：US16368430

申请日：2019-03-28

Applicant: Intel Corporation

Inventor： Sergej Deutsch ,  Wei Wu ,  David M. Durham ,  Karanvir Grewal

IPC: G06F11/10 ,  H04L9/32 ,  H04L9/08 ,  G06F21/00

Abstract: In one example a computer implemented method comprises generating an error correction code for a memory line, the memory line comprising a first plurality of data blocks, wherein the error correction code comprises a first plurality of parity bits and a second plurality of parity bits, applying a domain-specific function to the second plurality of parity bits to generate a modified block of parity bits, generating a metadata block corresponding to the memory line, wherein the metadata block comprises the error correction code for the memory line and at least a portion of the modified block of parity bits, encoding the first plurality of data blocks and the metadata block to generate a first encoded data set, and providing the encoded data set and the encoded metadata block for storage on a memory module. Other examples may be described.