-
公开(公告)号:US12093431B2
公开(公告)日:2024-09-17
申请号:US18363176
申请日:2023-08-01
申请人: Intel Corporation
发明人: Manoj R. Sastry , Alpa Narendra Trivedi , Men Long
CPC分类号: G06F21/72 , G06F21/85 , G09C1/00 , H04L9/0643 , H04L9/0897 , G06F2207/7219 , G06F2211/008 , G06F2213/0038 , H04L2209/76
摘要: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
-
公开(公告)号:US11386017B2
公开(公告)日:2022-07-12
申请号:US16232143
申请日:2018-12-26
申请人: Intel Corporation
IPC分类号: H04L9/32 , H04L9/08 , G06F21/60 , G06F21/76 , G06F12/14 , G06F9/455 , G06F21/57 , G06F21/64 , H04L41/28 , G06F21/79 , H04L41/046 , H04L9/06 , G06F9/38 , G06F12/0802
摘要: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.
-
公开(公告)号:US11263352B2
公开(公告)日:2022-03-01
申请号:US16936999
申请日:2020-07-23
申请人: Intel Corporation
发明人: Manoj R. Sastry , Alpa Narendra Trivedi , Men Long
摘要: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
-
公开(公告)号:US20190130120A1
公开(公告)日:2019-05-02
申请号:US16232146
申请日:2018-12-26
申请人: Intel Corporation
发明人: Reshma Lal , Alpa Narendra Trivedi , Luis Kida , Pradeep M. Pappachan , Soham Jayesh Desai , Nanda Kumar Unnikrishnan
摘要: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data. Other embodiments are described and claimed.
-
公开(公告)号:US20220405427A1
公开(公告)日:2022-12-22
申请号:US17679009
申请日:2022-02-23
申请人: Intel Corporation
发明人: Manoj R. Sastry , Alpa Narendra Trivedi , Men Long
摘要: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
-
公开(公告)号:US20210390063A1
公开(公告)日:2021-12-16
申请号:US17446194
申请日:2021-08-27
申请人: Intel Corporation
发明人: Reshma Lal , Alpa Narendra Trivedi , Luis Kida , Pradeep M. Pappachan , Soham Jayesh Desai , Nanda Kumar Unnikrishnan
IPC分类号: G06F12/14 , H04L9/32 , G06F21/76 , G06F21/60 , H04L9/08 , G06F9/455 , G06F21/57 , G06F21/64 , H04L12/24 , G06F21/79 , H04L9/06 , G06F9/38 , G06F12/0802
摘要: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data. Other embodiments are described and claimed.
-
公开(公告)号:US10565370B2
公开(公告)日:2020-02-18
申请号:US14998362
申请日:2015-12-24
申请人: INTEL CORPORATION
发明人: Alpa Narendra Trivedi , Ravi Sahita , David Durham , Karanvir Grewal , Prashant Dewan , Siddhartha Chhabra
IPC分类号: G06F21/53 , G06F12/1009 , G06F13/28
摘要: Various embodiments are generally directed to an apparatus, method, and other techniques to provide direct-memory access, memory-mapped input-output, and/or other memory transactions between devices designated for use by an enclave and the enclave itself. A secure device address map may be configured to map addresses for the enslave device and the enclave, and a register filter component may grant access to the enclave device to the enclave.
-
公开(公告)号:US20160180114A1
公开(公告)日:2016-06-23
申请号:US14577812
申请日:2014-12-19
申请人: Intel Corporation
发明人: Manoj R. Sastry , Alpa Narendra Trivedi , Men Long
摘要: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.
摘要翻译: 本文描述了片上系统(SoC)安全插件的系统和技术。 可以在来自SoC组件的互连端点处接收组件消息。 互连端点可以通过安全互连将组件消息传递给安全组件。 安全组件可以使用加密引擎来保护组件消息来创建安全消息。 安全消息通过安全互连传递回互连端点,并通过互连端点在互连上传输。
-
公开(公告)号:US11720503B2
公开(公告)日:2023-08-08
申请号:US17724743
申请日:2022-04-20
申请人: Intel Corporation
IPC分类号: G06F12/14 , H04L9/32 , G06F21/76 , G06F21/60 , H04L9/08 , G06F9/455 , G06F21/57 , G06F21/64 , H04L41/28 , G06F21/79 , H04L41/046 , H04L9/06 , G06F9/38 , G06F12/0802
CPC分类号: G06F12/1408 , G06F9/3877 , G06F9/45558 , G06F12/0802 , G06F21/57 , G06F21/602 , G06F21/606 , G06F21/64 , G06F21/76 , G06F21/79 , H04L9/0631 , H04L9/0637 , H04L9/083 , H04L9/085 , H04L9/0838 , H04L9/0844 , H04L9/0891 , H04L9/321 , H04L9/3215 , H04L9/3226 , H04L9/3268 , H04L9/3278 , H04L41/046 , H04L41/28 , G06F2009/45591 , G06F2009/45595
摘要: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.
-
公开(公告)号:US20200372188A1
公开(公告)日:2020-11-26
申请号:US16993469
申请日:2020-08-14
申请人: Intel Corporation
发明人: Abhishek Basak , Pradeep Pappachan , Siddhartha Chhabra , Alpa Narendra Trivedi , Erdem Aktas , Ravi Sahita
摘要: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.017 秒)
