-
公开(公告)号:US20220245070A1
公开(公告)日:2022-08-04
申请号:US17724743
申请日:2022-04-20
申请人: Intel Corporation
IPC分类号: G06F12/14 , H04L9/32 , G06F21/76 , G06F21/60 , H04L9/08 , G06F9/455 , G06F21/57 , G06F21/64 , H04L41/28 , G06F21/79 , H04L41/046 , H04L9/06 , G06F9/38 , G06F12/0802
摘要: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.
-
公开(公告)号:US11386017B2
公开(公告)日:2022-07-12
申请号:US16232143
申请日:2018-12-26
申请人: Intel Corporation
IPC分类号: H04L9/32 , H04L9/08 , G06F21/60 , G06F21/76 , G06F12/14 , G06F9/455 , G06F21/57 , G06F21/64 , H04L41/28 , G06F21/79 , H04L41/046 , H04L9/06 , G06F9/38 , G06F12/0802
摘要: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.
-
公开(公告)号:US20180270068A1
公开(公告)日:2018-09-20
申请号:US15459939
申请日:2017-03-15
申请人: INTEL CORPORATION
发明人: Eric Innis , Raghunandan Makaram , TING Lu
CPC分类号: H04L9/3234 , G06F21/57 , G06F21/602 , G06F21/6209 , G06F21/64 , G06F21/76 , H04L9/0631 , H04L9/0637 , H04L9/0838 , H04L9/0841 , H04L9/0894 , H04L9/14 , H04L9/3247 , H04L63/0428 , H04L63/105 , H04L63/123 , H04L63/1458 , H04L67/10 , H04W4/60
摘要: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.
-
公开(公告)号:US11720503B2
公开(公告)日:2023-08-08
申请号:US17724743
申请日:2022-04-20
申请人: Intel Corporation
IPC分类号: G06F12/14 , H04L9/32 , G06F21/76 , G06F21/60 , H04L9/08 , G06F9/455 , G06F21/57 , G06F21/64 , H04L41/28 , G06F21/79 , H04L41/046 , H04L9/06 , G06F9/38 , G06F12/0802
CPC分类号: G06F12/1408 , G06F9/3877 , G06F9/45558 , G06F12/0802 , G06F21/57 , G06F21/602 , G06F21/606 , G06F21/64 , G06F21/76 , G06F21/79 , H04L9/0631 , H04L9/0637 , H04L9/083 , H04L9/085 , H04L9/0838 , H04L9/0844 , H04L9/0891 , H04L9/321 , H04L9/3215 , H04L9/3226 , H04L9/3268 , H04L9/3278 , H04L41/046 , H04L41/28 , G06F2009/45591 , G06F2009/45595
摘要: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.
-
公开(公告)号:US10972277B2
公开(公告)日:2021-04-06
申请号:US15459939
申请日:2017-03-15
申请人: INTEL CORPORATION
发明人: Eric Innis , Raghunandan Makaram , Ting Lu
IPC分类号: H04L29/06 , H04L9/32 , H04L29/08 , H04L9/08 , G06F21/76 , H04W4/60 , G06F21/57 , G06F21/60 , G06F21/62 , G06F21/64 , H04L9/06 , H04L9/14
摘要: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.
-
公开(公告)号:US11489822B2
公开(公告)日:2022-11-01
申请号:US17063485
申请日:2020-10-05
申请人: Intel Corporation
发明人: Brent D. Thomas , Eric Innis , Raghunandan Makaram
摘要: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD. The apparatus may also include an EK communication module operated by the processor to: receive, from the MN, a request to send to a targeted EPS an encrypted lookup table (LUT), the LUT including PKHs and associated EKs for a set of the one or more AFUDs from which the targeted EPS is authorized to receive AFUs, and in response to the request, send, to the targeted EPS, the LUT.
-
7.发明申请公开(公告)号:US20200167506A1
公开(公告)日:2020-05-28
申请号:US16586131
申请日:2019-09-27
申请人: Intel Corporation
发明人: Prakash Iyer , Eric Innis , Evan Custodio , Ting Lu
IPC分类号: G06F21/76
摘要: A PCIe card includes an FPGA and a memory that is discrete from the FPGA. The memory is accessible by the FPGA and not other devices on the card. The FPGA's core fabric is configured with a security processor that verifies a bitstream loaded through the FGPA into the memory as authentic or not authentic to limit unauthorized access to data from a user circuit that is associated with a not authentic bitstream. The security processor is loaded into the FPGA when a request is made for bitstream verification and is allowed to be overwritten after the security processor processes the bitstream to determine if the bitstream is authentication or not authentic. Allowing the security processor to be overwritten allows for high percentage usage of the core fabric for user circuits and limits the inclusion of a static circuit in the core fabric that is infrequently used.
-
公开(公告)号:US20190132136A1
公开(公告)日:2019-05-02
申请号:US16232143
申请日:2018-12-26
申请人: Intel Corporation
摘要: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.
-
公开(公告)号:US20210036998A1
公开(公告)日:2021-02-04
申请号:US17063485
申请日:2020-10-05
申请人: Intel Corporation
发明人: Brent D. Thomas , Eric Innis , Raghunandan Makaram
摘要: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD. The apparatus may also include an EK communication module operated by the processor to: receive, from the MN, a request to send to a targeted EPS an encrypted lookup table (LUT), the LUT including PKHs and associated EKs for a set of the one or more AFUDs from which the targeted EPS is authorized to receive AFUs, and in response to the request, send, to the targeted EPS, the LUT.
-
公开(公告)号:US20190044731A1
公开(公告)日:2019-02-07
申请号:US16017770
申请日:2018-06-25
申请人: Intel Corporation
发明人: Brent D. Thomas , Eric Innis , Raghunandan Makaram
摘要: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD. The apparatus may also include an EK communication module operated by the processor to: receive, from the MN, a request to send to a targeted EPS an encrypted lookup table (LUT), the LUT including PKHs and associated EKs for a set of the one or more AFUDs from which the targeted EPS is authorized to receive AFUs, and in response to the request, send, to the targeted EPS, the LUT.
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.014 秒)
