公开(公告)号：US20250077299A1

公开(公告)日：2025-03-06

申请号：US18955650

申请日：2024-11-21

Applicant: Intel Corporation

Inventor： Alpa Choksi ,  Patrick Koeberl ,  Steffen Schulz ,  Reshma Lal

IPC: G06F9/50 ,  G06F9/4401

Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.

公开(公告)号：US20230409762A1

公开(公告)日：2023-12-21

申请号：US18461867

申请日：2023-09-06

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30

CPC classification number: G06F21/85 ,  G06F2119/12 ,  G06N3/04 ,  H04L9/0877 ,  G06F9/30101 ,  G06F9/505 ,  G06F15/177 ,  G06F15/7825 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0793 ,  G06F30/331 ,  G06F9/3877 ,  G06F15/7867 ,  G06F11/0754 ,  G06F11/3058 ,  G06F30/398

Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.

公开(公告)号：US20230297727A1

公开(公告)日：2023-09-21

申请号：US18300622

申请日：2023-04-14

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Scott Weber ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30

CPC classification number: G06F21/85 ,  G06F9/30101 ,  G06F9/3877 ,  G06F9/505 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0754 ,  G06F11/0793 ,  G06F11/3058 ,  G06F15/177 ,  G06F15/7825 ,  G06F15/7867 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F2119/12

Abstract: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to perform, as part of a PR configuration sequence for a new partial reconfiguration (PR) persona corresponding to a PR bitstream, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation.

公开(公告)号：US10715335B2

公开(公告)日：2020-07-14

申请号：US16026657

申请日：2018-07-03

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Rafael Misoczki ,  Manoj R. Sastry ,  Jesse Walker

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08 ,  H04L9/08 ,  G06F8/65 ,  H04L9/14 ,  H04L9/30

Abstract: In a method for validating software updates, a data processing system contains a current version of a software component. The data processing system saves at least first and second current advance keys (AKs). After saving the current AKs, the data processing system receives an update package for a new version of the software component. The data processing system extracts a digital signature and two or more new AKs from the update package. The data processing system uses at least one current AK to determine whether the digital signature is valid. In response to a determination that the digital signature is valid, the data processing system uses a software image from the update package to update the software component, and the data processing system saves the new AKs, for subsequent utilization as the current AKs.

公开(公告)号：US20180091309A1

公开(公告)日：2018-03-29

申请号：US15277462

申请日：2016-09-27

Applicant: Intel Corporation

Inventor： Rafael Misoczki ,  Steffen Schulz ,  Manoj R. Sastry ,  Santosh Ghosh ,  Li Zhao

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/3242 ,  H04L9/3252 ,  H04L2209/30 ,  H04L2209/38

Abstract: One embodiment provides a signer device. The signer device includes hash signature control logic and signer signature logic. The hash signature control logic is to retrieve a first nonce, to concatenate the first nonce and a message to be transmitted and to determine whether a first message representative satisfies a target threshold. The signer signature logic is to generate a first transmitted signature based, at least in part, on the first message representative, if the first message representative satisfies the target threshold. The hash signature control logic is to retrieve a second nonce, concatenate the second nonce and the message to be transmitted and to determine whether a second message representative satisfies the target threshold, if the first message representative does not satisfy the target threshold.

公开(公告)号：US20170272415A1

公开(公告)日：2017-09-21

申请号：US15070166

申请日：2016-03-15

Applicant: Intel Corporation

Inventor： Meiyuan Zhao ,  Jesse Walker ,  Xiruo Liu ,  Steffen Schulz ,  Jianqing Zhang

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0807 ,  H04L63/0884 ,  H04W12/06

Abstract: In one embodiment, a computing device includes at least one hardware processor to execute instructions, a network interface to enable communication with a second computing device and a third computing device, and at least one storage medium. Such medium may store instructions that when executed by the computing device enable the computing device to request delegation of a key provisioning privilege for the second computing device from the third computing device via a parent-guardian delegation protocol comprising a three-party key distribution protocol with the second computing device and the third computing device, the three-party key distribution protocol having interposed therein a two-party authenticated key exchange protocol between the computing device and the third computing device. Other embodiments are described and claimed.

公开(公告)号：US09710404B2

公开(公告)日：2017-07-18

申请号：US14666087

申请日：2015-03-23

Applicant: Intel Corporation

Inventor： Steffen Schulz ,  Patrick Koeberl

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F12/14 ,  G06F11/30 ,  G06F11/07

CPC classification number: G06F12/145 ,  G06F11/073 ,  G06F11/0757 ,  G06F11/3034 ,  G06F11/3037 ,  G06F12/1483 ,  G06F21/00 ,  G06F2212/1052

Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.

公开(公告)号：US20240012951A1

公开(公告)日：2024-01-11

申请号：US18474661

申请日：2023-09-26

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30

CPC classification number: G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  G06F9/30101 ,  G06F9/505 ,  G06F15/177 ,  G06F15/7825 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0793 ,  G06F30/331 ,  G06F9/3877 ,  G06F15/7867 ,  G06F11/0754 ,  G06F11/3058 ,  G06F2119/12

Abstract: An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); generate a partial reconfiguration (PR) bitstream based on the base bitstream, the PR bitstream to fit within at least one PR region of PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.

公开(公告)号：US20210117268A1

公开(公告)日：2021-04-22

申请号：US17132221

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Patrick Koeberl ,  Scott Weber ,  Alpa Trivedi ,  Steffen Schulz ,  Sriram Vangal

IPC: G06F11/07 ,  G06N20/00 ,  G06F21/71

Abstract: An apparatus to facilitate runtime fault detection, fault location, and circuit recovery in an accelerator device is disclosed. In one implementation, the accelerator device comprises a sensor network comprising a plurality of sensors; a secure device manager (SDM); and a sensor aggregator communicably coupled to the sensor network and the SDM. In one implementation, the sensor aggregator can receive sensor data from the sensor network; analyze the sensor data to detect a fault condition; determine a spatial location of the fault condition based on the sensor data; and generate an event for the SDM to cause the SDM to mitigate the fault condition.

公开(公告)号：US20210110069A1

公开(公告)日：2021-04-15

申请号：US17129250

申请日：2020-12-21

Applicant: Intel Corporation

Inventor： Alpa Trivedi ,  Scott Weber ,  Steffen Schulz ,  Patrick Koeberl

IPC: G06F21/76 ,  G06F21/57 ,  G06F21/53 ,  G06F21/30

Abstract: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to receive an incoming partial reconfiguration (PR) bitstream corresponding to a new PR persona to configure a region of the apparatus; perform, as part of a PR configuration sequence for the new PR persona, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation, the second clear operation performed using a persona-dependent mask corresponding to the new PR persona.