公开(公告)号：US10552619B2

公开(公告)日：2020-02-04

申请号：US14974944

申请日：2015-12-18

Applicant: Intel Corporation

Inventor： Bin Xing ,  Pradeep M. Pappachan ,  Siddhartha Chhabra ,  Reshma Lal ,  Steven B. McGowan

IPC: H04K1/00 ,  H04L9/32 ,  G06F11/30 ,  G06F7/04 ,  G06F12/14 ,  G06F21/60 ,  G06F13/28

Abstract: Technologies for trusted I/O (TIO) include a computing device with a cryptographic engine and one or more I/O controllers. The computing device executes a TIO core service that has a cryptographic engine programming privileged granted by an operating system. The TIO core service receives a request from an application to protect a DMA channel. The TIO core service requests the operating system to protect the DMA channel, and the operating system verifies the cryptographic engine programming privilege of the TIO core service in response. The operating system programs the cryptographic engine to protect the DMA channel in response to verifying the cryptographic engine programming privilege of the TIO core service. If a privileged delegate determines that a user has confirmed termination of protection of the DMA channel, the TIO core service may unprotect the DMA channel. Other embodiments are described and claimed.

公开(公告)号：US20190228159A1

公开(公告)日：2019-07-25

申请号：US16369279

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Anna Trikalinou ,  Krystof Zmudzinski ,  Reshma Lal ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Raghunandan Makaram ,  Siddhartha Chhabra ,  Vincent R. Scarlata

IPC: G06F21/57

Abstract: Technologies for filtering transactions includes a compute device, which further includes an accelerator device and an I/O subsystem having an accelerator port. The I/O subsystem is configured to determine whether to enable a global attestation during a boot process of the compute device, receive a transaction from the accelerator device connected to the accelerator port via a coherent accelerator link, and filter the transaction based on a determination of whether to enable the global attestation.

公开(公告)号：US10360369B2

公开(公告)日：2019-07-23

申请号：US15243655

申请日：2016-08-22

Applicant: INTEL CORPORATION

Inventor： Reshma Lal ,  Pradeep M. Pappachan

IPC: G06F21/00 ,  G06F21/44 ,  H04L29/06 ,  G06F21/60 ,  G06F21/62 ,  G06F21/32 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: Systems and methods include establishing a secure communication between an application module and a sensor module. The application module is executing on an information-handling machine, and the sensor module is coupled to the information-handling machine. The establishment of the secure communication is at least partially facilitated by a mutually trusted module.

公开(公告)号：US20190155754A1

公开(公告)日：2019-05-23

申请号：US16236074

申请日：2018-12-28

Applicant: Intel Corporation

Inventor： Luis Kida ,  Siddhartha Chhabra ,  Reshma Lal ,  Pradeep M. Pappachan

IPC: G06F12/14 ,  H04L9/08 ,  G06F9/38 ,  G06F12/0802

Abstract: Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.

公开(公告)号：US20170364707A1

公开(公告)日：2017-12-21

申请号：US15628008

申请日：2017-06-20

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Gideon Gerzon ,  Baruch Chaikin ,  Siddhartha Chhabra ,  Pradeep M. Pappachan ,  Bin Xing

IPC: G06F21/62 ,  G06F21/57 ,  G06F21/60 ,  G06F13/20 ,  G06F21/51

Abstract: Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The channel identifier filter verifies that the memory address of the I/O transaction is within a processor reserved memory region associated with the channel identifier. The processor reserved memory region is not accessible to software executed by the computing device. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data. The processor may wrap and unwrap programming information for the channel identifier filter. Other embodiments are described and claimed.

公开(公告)号：US20160094558A1

公开(公告)日：2016-03-31

申请号：US14498701

申请日：2014-09-26

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep M. Pappachan

IPC: H04L29/06

CPC classification number: G06F21/44 ,  G06F21/32 ,  G06F21/602 ,  G06F21/606 ,  G06F21/6218 ,  H04L9/0816 ,  H04L9/083 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/10 ,  H04L2209/127

Abstract: Systems and methods include establishing a secure communication between an application module and a sensor module. The application module is executing on an information-handling machine, and the sensor module is coupled to the information-handling machine. The establishment of the secure communication is at least partially facilitated by a mutually trusted module.

Abstract translation: 系统和方法包括建立应用模块和传感器模块之间的安全通信。 应用模块正在信息处理机上执行，传感器模块耦合到信息处理机。 安全通信的建立至少部分地由相互信任的模块促成。

公开(公告)号：US20250013758A1

公开(公告)日：2025-01-09

申请号：US18742168

申请日：2024-06-13

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US12174754B2

公开(公告)日：2024-12-24

申请号：US18060702

申请日：2022-12-01

Applicant: Intel Corporation

Inventor： Luis Kida ,  Siddhartha Chhabra ,  Reshma Lal ,  Pradeep M. Pappachan

IPC: H04L29/06 ,  G06F9/38 ,  G06F9/455 ,  G06F12/0802 ,  G06F12/14 ,  G06F21/57 ,  G06F21/60 ,  G06F21/64 ,  G06F21/76 ,  G06F21/79 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32 ,  H04L41/046 ,  H04L41/28

Abstract: Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.

公开(公告)号：US20240104226A1

公开(公告)日：2024-03-28

申请号：US18358210

申请日：2023-07-25

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

CPC classification number: G06F21/602 ,  G06F12/1009 ,  G06F12/1458 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14 ,  G06F2212/1052 ,  G06F2221/2149

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US11848753B2

公开(公告)日：2023-12-19

申请号：US17573023

申请日：2022-01-11

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Reshma Lal ,  Rakesh A. Ughreja ,  Kumar N. Dwarakanath ,  Victoria C. Moore

IPC: H04L9/40 ,  H04L9/00 ,  G06F9/54 ,  G06F21/83 ,  G06F21/44 ,  G06F21/84 ,  G06F21/57 ,  G06F21/60 ,  H04L9/08

CPC classification number: H04L9/00 ,  G06F9/54 ,  G06F21/445 ,  G06F21/57 ,  G06F21/606 ,  G06F21/83 ,  G06F21/84 ,  H04L9/0838 ,  H04L63/145 ,  G06F2221/033 ,  H04L63/0428

Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.