公开(公告)号：US20220198027A1

公开(公告)日：2022-06-23

申请号：US17133627

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan ,  Baiju Patel

IPC: G06F21/60 ,  G06F21/62 ,  G06F21/79 ,  G06F15/78

Abstract: Methods and apparatus relating to a Converged Cryptographic Engine (CCE) for storage encryption are described. In an embodiment, decode circuitry decodes an instruction to determine whether Converged Cryptographic Engine (CCE) circuitry is enabled. Execution circuitry executes the instruction to program a plurality of keys in response to the CCE circuitry being enabled. The CCE circuitry performs all encryption and all decryption of data to be transferred between a memory and a storage device based at least in part on at least one of the plurality of keys. Other embodiments are also disclosed and claimed.

公开(公告)号：US20220100864A1

公开(公告)日：2022-03-31

申请号：US17547739

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20220100863A1

公开(公告)日：2022-03-31

申请号：US17546243

申请日：2021-12-09

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/14 ,  H04L9/32 ,  H04L9/08

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20220083678A1

公开(公告)日：2022-03-17

申请号：US17379470

申请日：2021-07-19

Applicant: Intel Corporation

Inventor： Sudeep Divakaran ,  Ranjit Sivaram Narjala ,  Prashant Dewan

IPC: G06F21/62 ,  G06F9/451 ,  G06F3/0488 ,  G06F3/0484 ,  G06F3/0362 ,  G06F3/0482 ,  G06F21/32

Abstract: Technologies provide hardware-assisted privacy protection of sensor data. One embodiment includes unlocking a user interface coupled to a trusted execution environment of a processor in a device, where the user interface includes a plurality of selectable settings associated with a plurality of access levels for sensor data captured by a sensor. The embodiment also includes receiving a selection signal from the user interface indicating that a user selected a first setting associated with a first access level for the sensor data captured by the sensor, and restricting access to the sensor data based on a first set of one or more entities associated with the first access level. In more specific embodiments, the user interface includes a knob that is rotatably attached to a housing of the device or a privacy panel including a slider bar that is to be displayed on a touch screen display of the device.

公开(公告)号：US11258861B2

公开(公告)日：2022-02-22

申请号：US16023233

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Siddhartha Chhabra ,  Uttam K. Sengupta ,  Howard C. Herbert

IPC: H04L29/06 ,  G06F21/54 ,  G06F21/30 ,  H04L67/142

Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.

公开(公告)号：US20210318966A1

公开(公告)日：2021-10-14

申请号：US17358315

申请日：2021-06-25

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: G06F12/14 ,  G06F21/79 ,  G06F13/16

Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.

公开(公告)号：US20210073145A1

公开(公告)日：2021-03-11

申请号：US17022029

申请日：2020-09-15

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan ,  Abhishek Basak ,  David M. Durham

IPC: G06F12/14 ,  G06F12/0831 ,  G06F21/78 ,  G06F21/60 ,  G06F13/28 ,  G06F21/85

Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

公开(公告)号：US10783089B2

公开(公告)日：2020-09-22

申请号：US16023661

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan ,  Abhishek Basak ,  David M. Durham

IPC: G06F21/85 ,  G06F12/14 ,  G06F12/0831 ,  G06F21/78 ,  G06F21/60 ,  G06F13/28

Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

公开(公告)号：US20200228531A1

公开(公告)日：2020-07-16

申请号：US16551221

申请日：2019-08-26

Applicant: Intel Corporation

Inventor： Hong C. Li ,  John B. Vicente ,  Prashant Dewan

IPC: H04L29/06 ,  G06F21/51 ,  G06F21/53

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

公开(公告)号：US20200226263A1

公开(公告)日：2020-07-16

申请号：US16832138

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/08

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.