公开(公告)号：US09112867B2

公开(公告)日：2015-08-18

申请号：US14304307

申请日：2014-06-13

Applicant: Intel Corporation

Inventor： Manoj R. Sastry ,  Ioannis T. Schoinas ,  Daniel M. Cermak

IPC: G06F12/14 ,  H04L29/06 ,  G06F21/62 ,  G06F21/78

CPC classification number: H04L63/10 ,  G06F12/1458 ,  G06F21/6218 ,  G06F21/78

Abstract: A method and system for enforcing access control to system resources and assets. Security attributes associated with devices that initiate transactions in the system are automatically generated and forwarded with transaction messages. The security attributes convey access privileges assigned to each initiator. One or more security enforcement mechanisms are implemented in the system to evaluate the security attributes against access policy requirements to access various system assets and resources, such as memory, registers, address ranges, etc. If the privileges identified by the security attributes indicate the access request is permitted, the transaction is allowed to proceed. The security attributes of the initiator scheme provides a modular, consistent secure access enforcement scheme across system designs.

Abstract translation: 一种执行对系统资源和资产的访问控制的方法和系统。 与系统中发起事务的设备相关联的安全属性将自动生成并使用事务消息进行转发。 安全属性传达分配给每个启动器的访问权限。 在系统中实现一个或多个安全执行机制以根据访问策略要求评估安全属性以访问诸如存储器，寄存器，地址范围等的各种系统资产和资源。如果由安全属性标识的特权指示访问 允许请求，允许交易进行。 启动器方案的安全属性提供跨系统设计的模块化，一致的安全访问实施方案。

公开(公告)号：US11516012B2

公开(公告)日：2022-11-29

申请号：US17144216

申请日：2021-01-08

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Andrew H. Reinders ,  Sudhir K. Satpathy ,  Manoj R. Sastry

IPC: H04L9/30 ,  G06F7/72 ,  G06F7/544 ,  G06F7/00

Abstract: In one embodiment, an apparatus includes a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include a multiplier circuit comprising a parallel combinatorial multiplier, and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.

公开(公告)号：US11445362B2

公开(公告)日：2022-09-13

申请号：US16729077

申请日：2019-12-27

Applicant: Intel Corporation

Inventor： Xiruo Liu ,  Liuyang Yang ,  Leonardo Gomes Baltar ,  Moreno Ambrosin ,  Manoj R. Sastry

IPC: H04L29/06 ,  H04W12/00 ,  H04W72/04 ,  H04W4/80 ,  H04L9/32 ,  H04W4/40 ,  H04W12/069 ,  H04W12/106 ,  H04W12/64

Abstract: Embodiments of the present disclosure describe methods, apparatuses, storage media, and systems for a device disposed at an edge of a vehicular communication network or vehicles within a coverage area of the device. The device is to generate a list of vehicle security data to be distributed to vehicles currently within a coverage area of the device, based at least in part on a context related to the vehicles. The device is further to announce, on a control channel communicatively coupling the device and the vehicles, that the list of vehicle security data are available and a service channel to receive the list of vehicle security data. The list of vehicle security data are to be provided to the vehicles via the service channel. Other embodiments may be described and claimed.

公开(公告)号：US20220240168A1

公开(公告)日：2022-07-28

申请号：US17483528

申请日：2021-09-23

Applicant: Intel Corporation

Inventor： Vallabhajosyula S. Somayazulu ,  Rath Vannithamby ,  Kathiravetpillai Sivanesan ,  Markus Dominik Mueck ,  Leonardo Gomes Baltar ,  Marcio Rogerio Juliato ,  Liuyang Lily Yang ,  Manoj R. Sastry ,  Shabbir Ahmed ,  Christopher Gutierrez ,  Vuk Lesi ,  Qian Wang

IPC: H04W48/16 ,  H04W48/14 ,  H04W4/40 ,  H04W72/04 ,  H04W8/24

Abstract: A computing node to implement a management entity in a CP-based network. The node including processing circuitry configured to encode an inquiry message requesting information on CPS capabilities. Response messages are received from a set of sensing nodes of a plurality of sensing nodes in response to the inquiry message. The response messages include the information on the CPS capabilities of the set of sensing nodes. A notification message indicating selecting of a sensing node as a sensing coordinator is encoded for transmission. Sensed data received in a broadcast message from the sensing coordinator is decoded. The sensed data including data associated with one or more non-V2X capable sensing nodes.

公开(公告)号：US11222127B2

公开(公告)日：2022-01-11

申请号：US16709837

申请日：2019-12-10

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Michael LeMay ,  Manoj R. Sastry ,  David M. Durham

IPC: G06F21/60 ,  G06F21/72 ,  H04L9/06 ,  G06F9/30

Abstract: A microcoded processor instruction may invoke a number of microinstructions to perform a round of a SHA3 operation using a circuit that includes a first stage circuit to perform a set of first bitwise XOR operations on a set of five input blocks to yield first intermediate output blocks; perform a set of second bitwise XOR operations on a first intermediate block and a rotation of another first intermediate block to yield second intermediate blocks; and perform a set of third bitwise XOR operations on a second intermediate block and an input block to yield third intermediate blocks. The circuit further includes a second stage circuit to rotate bits within each of the third intermediate blocks to yield a set of fourth intermediate blocks, and a third stage circuit to perform an affine mapping on bits within each of the fourth intermediate blocks to yield a set of output blocks.

公开(公告)号：US11151007B2

公开(公告)日：2021-10-19

申请号：US16199383

申请日：2018-11-26

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Marcio Juliato ,  Manoj R. Sastry

IPC: G06F11/27 ,  H04L9/30 ,  G06F11/22 ,  H04L9/32 ,  H04L9/00

Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults. Other embodiments are described and claimed.

公开(公告)号：US11012409B2

公开(公告)日：2021-05-18

申请号：US15942031

申请日：2018-03-30

Applicant: Intel Corporation

Inventor： Liuyang Lily Yang ,  Huaxin Li ,  Li Zhao ,  Marcio Juliato ,  Shabbir Ahmed ,  Manoj R. Sastry

IPC: H04L29/06 ,  G06F21/50 ,  G06F9/455

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; a network interface to communicatively couple to a bus lacking native support for authentication; and an anomaly detection engine to operate on the hardware platform and configured to: receive a first data stream across a first time; symbolize and approximate the first data stream, including computing a first window sum; receive a second data stream across a second time substantially equal in length to the first time, the second data stream including data across the plurality of dimensions from the first data stream; symbolize and approximate the second data stream, including computing a second window sum; compute a difference between the first window sum and the second window sum; determine that difference exceeds a threshold and that the correlation across the plurality of dimensions is broken; and flag a potential anomaly.

公开(公告)号：US10924276B2

公开(公告)日：2021-02-16

申请号：US15982278

申请日：2018-05-17

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Andrew H. Reinders ,  Sudhir K. Satpathy ,  Manoj R. Sastry

IPC: H04L9/30 ,  G06F7/72 ,  G06F7/544 ,  G06F7/00

Abstract: In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.

公开(公告)号：US10805086B2

公开(公告)日：2020-10-13

申请号：US15848785

申请日：2017-12-20

Applicant: INTEL CORPORATION

Inventor： Mohammed Karmoose ,  Rafael Misoczki ,  Liuyang Yang ,  Xiruo Liu ,  Moreno Ambrosin ,  Manoj R. Sastry

IPC: H04L29/06 ,  H04L9/32 ,  G08G1/00 ,  H04L9/14 ,  H04L9/30 ,  H04L9/06 ,  H04L9/12 ,  H04L29/12

Abstract: Logic may implement protocols and procedures for vehicle-to-vehicle communications for platooning. Logic may implement a communications topology to distinguish time-critical communications from non-time-critical communications. Logic may sign time-critical communications with a message authentication code (MAC) algorithm with a hash function such as Keccak MAC or a Cipher-based MAC. Logic may generate a MAC based on pairwise, symmetric keys to sign the time-critical communications. Logic may sign non-time-critical communications with a digital signature. Logic may encrypt non-time-critical communications. Logic may append a certificate to non-time-critical communications. Logic may append a header to messages to create data packets and may include a packet type to identify time-critical communications. Logic may decode and verify the time-critical messages with a pairwise symmetric key. And logic may prioritize time-critical communications to meet a specified latency.

公开(公告)号：US10741098B2

公开(公告)日：2020-08-11

申请号：US15716170

申请日：2017-09-26

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Li Zhao ,  Manoj R. Sastry

IPC: H04L9/00 ,  G09C1/00 ,  H04L9/06

Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.