公开(公告)号：US20240243913A1

公开(公告)日：2024-07-18

申请号：US18560368

申请日：2021-11-23

Applicant: Intel Corporation

Inventor： Junyuan WANG ,  Kapil SOOD ,  Brian WILL ,  Thomas Joseph O'DWYER ,  Zijuan FAN ,  Kaijie GUO ,  Maksim LUKOSHKOV ,  Seosamh O'RIORDAIN ,  Jun XU ,  Guodong ZHU ,  Siming WAN

IPC: H04L9/30

CPC classification number: H04L9/3066 ,  H04L9/302

Abstract: Methods and apparatus for customers key protection for cloud native deployments. Compute resources for a compute platform comprising platform hardware including one or more processors are allocated to one or more customers that use the compute resources to execute applications and/or services used to perform customer workloads. The compute platform includes a per-part device key that is used to generate hardware protected key used by the applications and services. Mechanisms are provided to ensure hardware protected keys can only be accessed by associated customers and/or customer applications and services, while preventing other customers and/or applications and services from accessing the hardware protected keys. The hardware protected keys include keys employing various forms of RSA and ECC Wrapped Private Keys (WPKs) including RSA WPKs, RSA Chinese Remainder Theorem CRT WPK and ECC WPKs.

公开(公告)号：US20220329573A1

公开(公告)日：2022-10-13

申请号：US17845898

申请日：2022-06-21

Applicant: Intel Corporation

Inventor： Kapil SOOD ,  Patrick CONNOR ,  Scott P. DUBAL ,  James R. HEARN ,  Andrew J. HERDRICH

IPC: H04L9/40

Abstract: Examples described herein relate to a executing a service mesh in a trust domain in a network interface device and executing one or more services in a second trust domain in one or more devices. In some examples, the network interface device is configured to determine trust domain capabilities of the network interface device and provide the trust domain capabilities based on a query.

公开(公告)号：US20200242258A1

公开(公告)日：2020-07-30

申请号：US16845885

申请日：2020-04-10

Applicant: Intel Corporation

Inventor： Ned SMITH ,  Kshitij A. DOSHI ,  Francesc GUIM BERNAT ,  Kapil SOOD ,  Tarun VISWANATHAN

IPC: G06F21/60 ,  G06F15/173 ,  H04L9/32

Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.

公开(公告)号：US20240160568A1

公开(公告)日：2024-05-16

申请号：US17987773

申请日：2022-11-15

Applicant: Intel Corporation

Inventor： Kapil SOOD ,  Lokpraveen MOSUR ,  Aneesh AGGARWAL ,  Niall D. MCDONNELL ,  Chitra NATARAJAN ,  Ritu GUPTA ,  Edwin VERPLANKE ,  George Leonard TKACHUK

IPC: G06F12/0802

CPC classification number: G06F12/0802 ,  G06F2212/60

Abstract: Examples include techniques associated with data movement to a cache in a disaggregated die system. Examples include circuitry at a first die receiving and granting requests to move data to a first cache resident on the first die or to a second cache resident on a second die that also includes a core of a processor. The granting of the request based, at least in part, on a traffic source type associated with a source of the request.

公开(公告)号：US20230297410A1

公开(公告)日：2023-09-21

申请号：US18200458

申请日：2023-05-22

Applicant: Intel Corporation

Inventor： Kapil SOOD ,  Scott P. DUBAL ,  Patrick CONNOR ,  James R. HEARN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45587 ,  G06F2009/45579

Abstract: Examples described herein relate to a trusted and secure emulated device. The emulated device can be assigned to a service based on attestation of a hardware platform of the emulated device, assignment of the emulated device to a trust domain, and attestation of a device configuration associated with the emulated device.

公开(公告)号：US20210019172A1

公开(公告)日：2021-01-21

申请号：US17042114

申请日：2018-06-28

Applicant: INTEL CORPORATION

Inventor： Baiju V. PATEL ,  Kapil SOOD ,  Weigang LI ,  Ping YU ,  Changzheng WEI ,  Junyuan WANG ,  Xin ZENG

IPC: G06F9/455 ,  G06F21/60 ,  G06F21/53 ,  G06F21/64 ,  G06F12/14

Abstract: A cryptographic data item utilized to derive a first cryptographic key employed by a first memory controller for implementing a first cryptographically protected execution environment for storing memory pages associated with a virtual machine may be received from a first host system via a first secure communication channel. The cryptographic data item may be transmitted to a second host system via a second secure communication channel for implementing a second cryptographically protected environment on the second host system. The first host system may be caused to migrate the memory pages of the virtual machine via an unsecured communication channel to the second host system for storing in the second cryptographically protected execution environment.

公开(公告)号：US20240111879A1

公开(公告)日：2024-04-04

申请号：US18370137

申请日：2023-09-19

Applicant: Intel Corporation

Inventor： Ned SMITH ,  Kshitij A. DOSHI ,  Francesc GUIM BERNAT ,  Kapil SOOD ,  Tarun VISWANATHAN

IPC: G06F21/60 ,  G06F15/173 ,  H04L9/32

CPC classification number: G06F21/602 ,  G06F15/17331 ,  H04L9/3268

Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.

公开(公告)号：US20220279057A1

公开(公告)日：2022-09-01

申请号：US17746611

申请日：2022-05-17

Applicant: Intel Corporation

Inventor： Patrick CONNOR ,  Scott P. DUBAL ,  James R. HEARN ,  Andrew J. HERDRICH ,  Kapil SOOD

IPC: H04L69/326 ,  H04L49/356 ,  H04L9/40

Abstract: Examples described herein relate to a network interface device. In some examples, the network interface device is to receive a request to transmit data, based on a first reliable transport protocol, and cause the data to be transmitted in at least one packet, based on a second reliable transport protocol, to a destination device and receive at least one packet, from a sender device, based on the second reliable transport protocol and indicate receipt of the at least one packet, based on the first reliable transport protocol, wherein the first reliable transport protocol is different than the second reliable transport protocol.

公开(公告)号：US20230353508A1

公开(公告)日：2023-11-02

申请号：US18220206

申请日：2023-07-10

Applicant: Intel Corporation

Inventor： Kapil SOOD ,  Patrick CONNOR ,  Scott P. DUBAL ,  James R. HEARN ,  Brendan RYAN ,  Chris MACNAMARA ,  Conor WALSH ,  David HUNT ,  John J. BROWNE ,  Kevin LAATZ

IPC: H04L49/00 ,  H04L47/625

CPC classification number: H04L49/3018 ,  H04L47/626

Abstract: Examples described herein relate to a system within a package. In some examples, the system includes a communication fabric and circuitry to adjust a packet throughput rate associated with the communication fabric based at least in part on incoming receive rate across multiple input ports and fabric usage. In some examples, the communication fabric is to communicatively couple devices in the package including one or more of: an accelerator, a processor, a memory, or a network interface device.

公开(公告)号：US20210157935A1

公开(公告)日：2021-05-27

申请号：US17165769

申请日：2021-02-02

Applicant: Intel Corporation

Inventor： Kapil SOOD ,  Patrick CONNOR

IPC: G06F21/60 ,  G06F21/71 ,  G06F21/53 ,  G06F12/14 ,  G06F12/1009

Abstract: A network interface controller (NIC) to interact with virtual environments (e.g., virtual machines, containers) when they are within a trusted environment protected by a cryptography scheme.