公开(公告)号：US11816253B2

公开(公告)日：2023-11-14

申请号：US17130506

申请日：2020-12-22

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30 ,  G06F119/12 ,  G06F21/76 ,  G06N3/08 ,  H04L9/00 ,  G06F111/04 ,  G06F30/31 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57 ,  G06F21/73 ,  G06F21/74 ,  G06N20/00 ,  G06F21/71 ,  G06F21/44

CPC classification number: G06F21/85 ,  G06F9/30101 ,  G06F9/3877 ,  G06F9/505 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0754 ,  G06F11/0793 ,  G06F11/3058 ,  G06F15/177 ,  G06F15/7825 ,  G06F15/7867 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0772 ,  G06F11/3051 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F2111/04 ,  G06F2119/12 ,  G06F2221/034 ,  G06N3/08 ,  G06N20/00 ,  H04L9/008 ,  H04L9/0841

Abstract: An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); verify partial reconfiguration (PR) boundary setups and PR isolation of an accelerator device, the PR boundary setups and PR isolation published by the CSP; generate PR bitstream to fit within at least one PR region of the PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.

公开(公告)号：US11763043B2

公开(公告)日：2023-09-19

申请号：US17129243

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F15/177 ,  G06F9/00 ,  G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30 ,  G06F119/12 ,  G06F21/76 ,  G06N3/08 ,  H04L9/00 ,  G06F111/04 ,  G06F30/31 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57 ,  G06F21/73 ,  G06F21/74 ,  G06N20/00 ,  G06F21/71 ,  G06F21/44

CPC classification number: G06F21/85 ,  G06F9/30101 ,  G06F9/3877 ,  G06F9/505 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0754 ,  G06F11/0793 ,  G06F11/3058 ,  G06F15/177 ,  G06F15/7825 ,  G06F15/7867 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0772 ,  G06F11/3051 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F2111/04 ,  G06F2119/12 ,  G06F2221/034 ,  G06N3/08 ,  G06N20/00 ,  H04L9/008 ,  H04L9/0841

Abstract: An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to initialize as part of a secure boot and attestation chain of trust; receive configuration data for portions of the security controller, the portions comprising components of the security controller capable of re-programming; verify and validate the configuration data to as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program the portions of the security controller based on the configuration data.

公开(公告)号：US11556677B2

公开(公告)日：2023-01-17

申请号：US17132306

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Furkan Turan ,  Patrick Koeberl ,  Alpa Trivedi ,  Steffen Schulz ,  Scott Weber

IPC: G06F30/398 ,  G06F21/85 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30 ,  G06F119/12 ,  G06F21/76 ,  G06N3/08 ,  H04L9/00 ,  G06F111/04 ,  G06F30/31 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57 ,  G06F21/73 ,  G06F21/74 ,  G06N20/00 ,  G06F21/71 ,  G06F21/44

Abstract: An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.

公开(公告)号：US11537761B2

公开(公告)日：2022-12-27

申请号：US17129254

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  H04L9/40 ,  G06F11/07 ,  G06F9/38 ,  G06F11/30 ,  G06F119/12 ,  G06F21/76 ,  G06N3/08 ,  H04L9/00 ,  G06F111/04 ,  G06F30/31 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57 ,  G06F21/73 ,  G06F21/74 ,  G06N20/00 ,  G06F21/71 ,  G06F21/44

Abstract: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.

公开(公告)号：US20220222202A1

公开(公告)日：2022-07-14

申请号：US17708412

申请日：2022-03-30

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F15/78 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38

Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes an execution platform for secure execution of a workload of the tenant to: perform an attestation of the execution platform with a cloud service provider (CSP); receive a command from the CSP to create a group of trusted execution platforms; create the group comprising the execution platform; confirm an existence and a status of the group based on the attestation of the execution platform and based on a current group status of the group; report a trusted computing base (TCB) of the first execution platform to other member execution platforms of the group, wherein the other member execution platforms satisfy minimum TCB requirements of the group; and execute an encrypted workload of the tenant using a group private key, wherein the workload of the tenant is encrypted using a group public key.

公开(公告)号：US11328111B2

公开(公告)日：2022-05-10

申请号：US17129223

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F21/00 ,  G06F30/398 ,  G06N3/04 ,  H04L9/00 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L29/06 ,  G06N20/00 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F119/12 ,  G06F21/76 ,  G06N3/08 ,  G06F21/85 ,  G06F111/04 ,  G06F30/31 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57 ,  G06F21/73 ,  G06F21/74 ,  G06F21/71 ,  G06F21/44

Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes one or more processors to: request a group status report to confirm a status of a group of trusted execution platforms from a cloud service provider (CSP) providing scalable runtime validation for on-device design rule checks; validate, by a tenant, a minimum trusted computing base (TCB) declared with the group status report; determine, based on validation of the minimum TCB, whether a set of group members of the group of trusted execution platforms satisfies security requirements of the tenant; responsive to the set of group members satisfying the security requirement, utilize a group public key to encrypt a workload of the tenant; and send the encrypted workload to the CSP for storage by the CSP and subsequent execution by an execution platform of the group using a private group key.

公开(公告)号：US11101804B2

公开(公告)日：2021-08-24

申请号：US16711330

申请日：2019-12-11

Applicant: Intel Corporation

Inventor： Scott Jeremy Weber ,  Aravind Raghavendra Dasu ,  Mahesh A. Iyer ,  Patrick Koeberl

IPC: H03K19/17756 ,  H01L25/065 ,  H01L25/00

Abstract: An integrated circuit device may include a programmable fabric die having programmable logic fabric and configuration memory that may configure the programmable logic fabric. The integrated circuit device may also include a base die that may provide fabric support circuitry, including memory and/or communication interfaces as well as compute elements that may also be application-specific. The memory in the base die may be directly accessed by the programmable fabric die using a low-latency, high capacity, and high bandwidth interface.

公开(公告)号：US20210110065A1

公开(公告)日：2021-04-15

申请号：US17130506

申请日：2020-12-22

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F21/85

Abstract: An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); verify partial reconfiguration (PR) boundary setups and PR isolation of an accelerator device, the PR boundary setups and PR isolation published by the CSP; generate PR bitstream to fit within at least one PR region of the PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.

公开(公告)号：US10395035B2

公开(公告)日：2019-08-27

申请号：US15277195

申请日：2016-09-27

Applicant: Intel Corporation

Inventor： Sanu K. Mathew ,  Sudhir K Satpathy ,  Vikram B Suresh ,  Patrick Koeberl

IPC: H01L27/02 ,  G06F21/56 ,  G06F21/72 ,  G06F21/75 ,  H01L23/00

Abstract: Some embodiments include apparatuses having diffusion regions located adjacent each other in a substrate, and connections coupled to the diffusion regions. The diffusion regions include first diffusion regions, second diffusion regions, and third diffusion regions. One of the second diffusion regions and one of the third diffusion regions are between two of the first diffusion regions. One of the first diffusion regions and one of the third diffusion regions are between two of the second diffusion regions. The connections include a first connection coupled to each of the first diffusion regions, a second connection coupled to each of the second diffusion regions, and a third connection coupled to each of the third diffusion regions.

公开(公告)号：US20180173644A1

公开(公告)日：2018-06-21

申请号：US15384267

申请日：2016-12-19

Applicant: Intel Corporation

Inventor： Patrick Koeberl ,  Steffen Schulz ,  Vedvyas Shanbhogue ,  Jason W. Brandt ,  Venkateswara R. Madduri ,  Sang W. Kim ,  Julien Carreno

IPC: G06F12/14 ,  G06F3/06 ,  G06F9/44 ,  G06F21/57

Abstract: Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.