-
公开(公告)号:US20210144517A1
公开(公告)日:2021-05-13
申请号:US17119785
申请日:2020-12-11
Applicant: Intel Corporation
Inventor: Francesc Guim Bernat , Kshitij Arun Doshi , Kapil Sood , Tarun Viswanathan
Abstract: Various aspects of methods, systems, and use cases for multi-entity (e.g., multi-tenant) edge computing deployments are disclosed. Among other examples, various configurations and features enable the management of resources (e.g., controlling and orchestrating hardware, acceleration, network, processing resource usage), security (e.g., secure execution and communication, isolation, conflicts), and service management (e.g., orchestration, connectivity, workload coordination), in edge computing deployments, such as by a plurality of edge nodes of an edge computing environment configured for executing workloads from among multiple tenants.
-
公开(公告)号:US20190229897A1
公开(公告)日:2019-07-25
申请号:US16368982
申请日:2019-03-29
Applicant: Intel Corporation
Inventor: Timothy Verrall , Thomas Willhalm , Francesc Guim Bernat , Karthik Kumar , Ned M. Smith , Rajesh Poornachandran , Kapil Sood , Tarun Viswanathan , John J. Browne , Patrick Kutch
IPC: H04L9/08
Abstract: Technologies for accelerated key caching in an edge hierarchy include multiple edge appliance devices organized in tiers. An edge appliance device receives a request for a key, such as a private key. The edge appliance device determines whether the key is included in a local key cache and, if not, requests the key from an edge appliance device included in an inner tier of the edge hierarchy. The edge appliance device may request the key from an edge appliance device included in a peer tier of the edge hierarchy. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys in the key cache for eviction. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys for pre-fetching. Those functions of the edge appliance device may be performed by an accelerator such as an FPGA. Other embodiments are described and claimed.
-
公开(公告)号:US20190042783A1
公开(公告)日:2019-02-07
申请号:US16143724
申请日:2018-09-27
Applicant: Intel Corporation
Inventor: Francesc Guim Bernat , Mark Schmisseur , Kshitij Doshi , Kapil Sood , Tarun Viswanathan
Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.
-
公开(公告)号:US20190042314A1
公开(公告)日:2019-02-07
申请号:US15869909
申请日:2018-01-12
Applicant: Intel Corporation
Inventor: Timothy Verrall , John J. Browne , Tomasz Kantecki , Maryam Tahhan , Eoin Walsh , Andrew Duignan , Alan Carey , Wojciech Andralojc , Damien Power , Tarun Viswanathan
Abstract: Particular embodiments described herein provide for an electronic device that can be configured to partition a resource into a plurality of partitions and allocate a reserved portion and a corresponding burst portion in each of the plurality of partitions. Each of the allocated reserved portions and corresponding burst portions are reserved for a specific component or application, where any part of the allocated burst portion not being used by the specific component or application can be used by other components and/or applications.
-
公开(公告)号:US20170171218A1
公开(公告)日:2017-06-15
申请号:US15435550
申请日:2017-02-17
Applicant: Intel Corporation
Inventor: Keith Shippy , Tobias Kohlenberg , Mubashir Mian , Ned Smith , Omer Ben-Shalom , Tarun Viswanathan , Dennis Morgan , Timothy Verrall , Manish Dave , Eran Birk
IPC: H04L29/06
CPC classification number: H04L63/105 , G06F21/316 , G06F2221/2105 , G06F2221/2113 , H04L63/08 , H04L2463/082 , H04W12/06 , H04W88/02
Abstract: Systems and methods may provide for receiving runtime input from one or more unlock interfaces of a device and selecting a level of access with regard to the device from a plurality of levels of access based on the runtime input. The selected level of access may have an associated security policy, wherein an authentication of the runtime input may be conducted based on the associated security policy. In one example, one or more cryptographic keys are used to place the device in an unlocked state with regard to the selected level of access if the authentication is successful. If the authentication is unsuccessful, on the other hand, the device may be maintained in a locked state with regard to the selected level of access.
-
公开(公告)号:US12199962B2
公开(公告)日:2025-01-14
申请号:US18435546
申请日:2024-02-07
Applicant: Intel Corporation
Inventor: Kapil Sood , Seosamh O'Riordain , Ned M. Smith , Tarun Viswanathan
Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.
-
公开(公告)号:US11797690B2
公开(公告)日:2023-10-24
申请号:US16845885
申请日:2020-04-10
Applicant: Intel Corporation
Inventor: Ned Smith , Kshitij A. Doshi , Francesc Guim Bernat , Kapil Sood , Tarun Viswanathan
IPC: G06F21/60 , H04L9/32 , G06F15/173
CPC classification number: G06F21/602 , G06F15/17331 , H04L9/3268
Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.
-
公开(公告)号:US20230171234A1
公开(公告)日:2023-06-01
申请号:US18047934
申请日:2022-10-19
Applicant: Intel Corporation
Inventor: Kapil Sood , Seosamh O'Riordain , Ned M. Smith , Tarun Viswanathan
CPC classification number: H04L63/06 , G06F9/45533 , G06F9/5077 , G06F21/53 , G06F21/6209 , H04L63/083 , G06F21/57 , H04L63/062 , H04L63/0435 , G06F9/4401 , G06F9/45558 , G06F9/468 , G06F2009/45587 , G06F2009/45595
Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.
-
公开(公告)号:US20220200788A1
公开(公告)日:2022-06-23
申请号:US17561558
申请日:2021-12-23
Applicant: Intel Corporation
Inventor: Timothy Verrall , Thomas Willhalm , Francesc Guim Bernat , Karthik Kumar , Ned M. Smith , Rajesh Poornachandran , Kapil Sood , Tarun Viswanathan , John J. Browne , Patrick Kutch
IPC: H04L9/08
Abstract: Technologies for accelerated key caching in an edge hierarchy include multiple edge appliance devices organized in tiers. An edge appliance device receives a request for a key, such as a private key. The edge appliance device determines whether the key is included in a local key cache and, if not, requests the key from an edge appliance device included in an inner tier of the edge hierarchy. The edge appliance device may request the key from an edge appliance device included in a peer tier of the edge hierarchy. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys in the key cache for eviction. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys for pre-fetching. Those functions of the edge appliance device may be performed by an accelerator such as an FPGA. Other embodiments are described and claimed.
-
公开(公告)号:US11157642B2
公开(公告)日:2021-10-26
申请号:US16143724
申请日:2018-09-27
Applicant: Intel Corporation
Inventor: Francesc Guim Bernat , Mark Schmisseur , Kshitij Doshi , Kapil Sood , Tarun Viswanathan
Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.
-
-
-
-
-
-
-
-
-