-
公开(公告)号:US11921645B2
公开(公告)日:2024-03-05
申请号:US17946762
申请日:2022-09-16
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan , Abhishek Basak , David M. Durham
CPC classification number: G06F12/1408 , G06F12/0835 , G06F12/1466 , G06F13/28 , G06F21/602 , G06F21/78 , G06F21/85 , G06F2212/1052 , G06F2212/402
Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).
-
公开(公告)号:US11886316B2
公开(公告)日:2024-01-30
申请号:US17733347
申请日:2022-04-29
Applicant: Intel Corporation
Inventor: Prashant Dewan , Uttam Sengupta , Aditya Katragada
IPC: G06F11/34 , H04L9/32 , H04L67/125
CPC classification number: G06F11/3414 , G06F11/3495 , H04L9/3263 , H04L67/125
Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.
-
公开(公告)号:US11876835B2
公开(公告)日:2024-01-16
申请号:US17502787
申请日:2021-10-15
Applicant: INTEL CORPORATION
Inventor: Siddhartha Chhabra , Prashant Dewan
CPC classification number: H04L63/20 , G06F9/30101 , G06F21/57 , G06F21/62 , G06F21/74 , H04L9/3242 , H04L63/105 , H04L63/1458 , H04L2209/12
Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack. In several such embodiments, a second ISA instruction implemented by microcode may enable untrusted software to verify the validity of the wrapped blobs and program registers associated with the platform resource with policy information provided via the wrapped blobs.
-
公开(公告)号:US11829483B2
公开(公告)日:2023-11-28
申请号:US17548825
申请日:2021-12-13
Applicant: Intel Corporation
Inventor: Baiju Patel , Prashant Dewan
IPC: G06F21/57 , G06F9/4401 , G06F21/60 , H04L9/08 , H04L9/14 , H04L9/32 , G06F21/71 , G06F21/79 , G06F21/78 , G06F15/78
CPC classification number: G06F21/575 , G06F9/4413 , G06F21/602 , H04L9/0861 , H04L9/14 , H04L9/3278 , G06F2221/034
Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.
-
公开(公告)号:US11720363B2
公开(公告)日:2023-08-08
申请号:US17485400
申请日:2021-09-25
Applicant: Intel Corporation
Inventor: Prashant Dewan , Arun Hodigere , Karunakara Karunakara Kotary
CPC classification number: G06F9/30145 , G06F9/268 , G06F9/3017 , G06F12/0246
Abstract: An apparatus and method for efficient microcode patching. For example, one embodiment of an apparatus comprises: a package comprising one or more integrated circuit dies, the one or more integrated circuit dies comprising: a plurality of cores; and a security controller coupled to the plurality of cores, a first core of the plurality of cores comprising: a decoder to decode a microcode patching instruction, the microcode patching instruction comprising an operand to be used to identify an address; and execution circuitry to execute the microcode patching instruction, wherein responsive to the microcode patching instruction, the execution circuitry and/or security controller are to: retrieve a microcode patch from a location in memory based on the address, validate the microcode patch, apply the microcode patch to update or replace microcode associated with the one or more integrated circuit dies, and transmit the microcode patch to a persistent storage device; wherein the microcode patch is to be subsequently retrieved from the persistent storage device by one or more external security controllers of one or more external integrated circuit dies, the one or more external security controllers to cause the microcode patch to be applied to update or replace microcode associated with the one or more external integrated circuit dies.
-
公开(公告)号:US20230032740A1
公开(公告)日:2023-02-02
申请号:US17946762
申请日:2022-09-16
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan , Abhishek Basak , David M. Durham
Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modem data central processor units (CPUs).
-
公开(公告)号:US11570010B2
公开(公告)日:2023-01-31
申请号:US17134365
申请日:2020-12-26
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan , Baiju Patel
Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.
-
公开(公告)号:US11550917B2
公开(公告)日:2023-01-10
申请号:US16457184
申请日:2019-06-28
Applicant: Intel Corporation
Inventor: Aditya Katragada , Prashant Dewan , Karunakara Kotary , Vinupama Godavarthi , Kumar Dwarakanath , Alex Izbinsky , Purushottam Goel
Abstract: There is disclosed in one example, a system-on-a-chip (SoC), including: a processor core; a fabric; an intellectual property (IP) block communicatively coupled to the processor core via the fabric, the IP block having a microcontroller configured to provide a microcontroller architecture; a firmware load interface configured to provide a standardized hardware interface to the microcontroller architecture, wherein the standardized hardware interface provides an architecture-agnostic mechanism to securely load a firmware to the intellectual property block; and logic to provide a loader to load a firmware to the IP block via the firmware load interface.
-
公开(公告)号:US20220416997A1
公开(公告)日:2022-12-29
申请号:US17357973
申请日:2021-06-24
Applicant: Intel Corporation
Inventor: Prashant Dewan , Siddhartha Chhabra , Robert J. Royer, JR. , Michael Glik , Baiju Patel
Abstract: Methods and apparatus relating to handling unaligned transactions for inline encryption are described. In an embodiment, cryptographic logic circuitry receives a plurality of incoming packets and store two or more incoming packets from the plurality of incoming packets in memory. The cryptographic logic circuitry is informs software in response to detection of the two or more incoming packets. Other embodiments are also disclosed and claimed.
-
公开(公告)号:US11481337B2
公开(公告)日:2022-10-25
申请号:US17022029
申请日:2020-09-15
Applicant: Intel Corporation
Inventor: Siddhartha Chhabra , Prashant Dewan , Abhishek Basak , David M. Durham
Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).
-
-
-
-
-
-
-
-
-