公开(公告)号：US20230068607A1

公开(公告)日：2023-03-02

申请号：US18049781

申请日：2022-10-26

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30

Abstract: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.

公开(公告)号：US20220114023A1

公开(公告)日：2022-04-14

申请号：US17560652

申请日：2021-12-23

Applicant: Intel Corporation

Inventor： Alpa Choksi ,  Patrick Koeberl ,  Steffen Schulz ,  Reshma Lal

IPC: G06F9/50 ,  G06F9/4401

Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.

公开(公告)号：US20210150033A1

公开(公告)日：2021-05-20

申请号：US17129243

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/57 ,  G06F21/44 ,  G06F30/331 ,  G06F9/38

Abstract: An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to initialize as part of a secure boot and attestation chain of trust; receive configuration data for portions of the security controller, the portions comprising components of the security controller capable of re-programming; verify and validate the configuration data to as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program the portions of the security controller based on the configuration data.

公开(公告)号：US20210112073A1

公开(公告)日：2021-04-15

申请号：US17129223

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: H04L29/06 ,  G06F21/76

Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes one or more processors to: request a group status report to confirm a status of a group of trusted execution platforms from a cloud service provider (CSP) providing scalable runtime validation for on-device design rule checks; validate, by a tenant, a minimum trusted computing base (TCB) declared with the group status report; determine, based on validation of the minimum TCB, whether a set of group members of the group of trusted execution platforms satisfies security requirements of the tenant; responsive to the set of group members satisfying the security requirement, utilize a group public key to encrypt a workload of the tenant; and send the encrypted workload to the CSP for storage by the CSP and subsequent execution by an execution platform of the group using a private group key.

公开(公告)号：US20210110099A1

公开(公告)日：2021-04-15

申请号：US17132306

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Furkan Turan ,  Patrick Koeberl ,  Alpa Trivedi ,  Steffen Schulz ,  Scott Weber

IPC: G06F30/398

Abstract: An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.

公开(公告)号：US20200226295A1

公开(公告)日：2020-07-16

申请号：US16829582

申请日：2020-03-25

Applicant: Intel Corporation

Inventor： Pratik Patel ,  Sriram Vangal ,  Patrick Koeberl ,  Miguel Bautista Gabriel ,  James Tschanz ,  Carlos Tokunaga

IPC: G06F21/75 ,  H03K5/00 ,  H03K3/037 ,  H03K19/21 ,  H01L23/00 ,  G06F11/07 ,  G01R19/165

Abstract: A voltage detection circuit includes a tunable delay circuit that receives a supply voltage and that generates a delayed signal in response to an input signal. A control circuit causes a first adjustment in a delay provided by the tunable delay circuit to the delayed signal. An error detection circuit generates an error indication in an error signal in response to a change in a timing of the delayed signal relative to a clock signal caused by the first adjustment in the delay provided to the delayed signal. The control circuit causes a second adjustment in the delay provided by the tunable delay circuit to the delayed signal in response to the error indication. The error detection circuit causes the error signal to be indicative of the supply voltage reaching a threshold voltage after the second adjustment in the delay.

公开(公告)号：US10565132B2

公开(公告)日：2020-02-18

申请号：US15651886

申请日：2017-07-17

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F12/14 ,  G06F11/30 ,  G06F11/07

Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

公开(公告)号：US10129036B2

公开(公告)日：2018-11-13

申请号：US14490402

申请日：2014-09-18

Applicant: Intel Corporation

Inventor： Jiangtao Li ,  Wei Wu ,  Patrick Koeberl

IPC: G06F11/30 ,  H04L9/32 ,  H04L9/08

Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value.

公开(公告)号：US09697142B2

公开(公告)日：2017-07-04

申请号：US15192049

申请日：2016-06-24

Applicant: INTEL CORPORATION

Inventor： Patrick Koeberl ,  Steffen Schulz

IPC: G06F12/14 ,  G06F9/38 ,  G06F9/30

CPC classification number: G06F12/1441 ,  G06F9/3005 ,  G06F9/3802 ,  G06F9/3824

Abstract: Execution-Aware Memory protection technologies are described. A processor includes a processor core and a memory protection unit (MPU). The MPU includes a memory protection table and memory protection logic. The memory protection table defines a first protection region in main memory, the first protection region including a first instruction region and a first data region. The memory protection logic determines a protection violation by a first instruction when 1) an instruction address, resulting from an instruction fetch operation corresponding to the first instruction, is not within the first instruction region or 2) a data address, resulting from an execute operation corresponding to the first instruction, is not within the first data region.

公开(公告)号：US12050722B2

公开(公告)日：2024-07-30

申请号：US18461867

申请日：2023-09-06

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F9/30 ,  G06F9/38 ,  G06F9/50 ,  G06F11/07 ,  G06F11/30 ,  G06F15/177 ,  G06F15/78 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  H04L9/40 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F111/04 ,  G06F119/12 ,  G06N3/08 ,  G06N20/00 ,  H04L9/00

CPC classification number: G06F21/85 ,  G06F9/30101 ,  G06F9/3877 ,  G06F9/505 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0754 ,  G06F11/0793 ,  G06F11/3058 ,  G06F15/177 ,  G06F15/7825 ,  G06F15/7867 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0772 ,  G06F11/3051 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F2111/04 ,  G06F2119/12 ,  G06F2221/034 ,  G06N3/08 ,  G06N20/00 ,  H04L9/008 ,  H04L9/0841

Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.