公开(公告)号：US20240045968A1

公开(公告)日：2024-02-08

申请号：US18492007

申请日：2023-10-23

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Ioannis T. Schoinas ,  Yu-Yuan Chen ,  Raghunandan Makaram ,  David J. Harriman ,  Baiju Patel ,  Ronald Perez ,  Matthew E. Hoekstra ,  Reshma Lal

IPC: G06F21/57 ,  G06F9/50 ,  G06F21/85 ,  G06F21/72 ,  G06F21/53

CPC classification number: G06F21/57 ,  G06F9/505 ,  G06F21/85 ,  G06F21/72 ,  G06F21/53 ,  G06F2221/034

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

公开(公告)号：US11658947B2

公开(公告)日：2023-05-23

申请号：US17369824

申请日：2021-07-07

Applicant: Intel Corporation

Inventor： David J. Harriman ,  Raghunandan Makaram ,  Ioannis T. Schoinas ,  Kapil Sood ,  Yu-Yuan Chen ,  Vedvyas Shanbhogue ,  Siddhartha Chhabra ,  Reshma Lal ,  Reouven Elbaz

IPC: G06F13/42 ,  H04L9/40 ,  H04L9/08 ,  H04L9/06

CPC classification number: H04L63/0428 ,  G06F13/4282 ,  H04L9/0631 ,  H04L9/0637 ,  H04L9/0894 ,  G06F2213/0026

Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.

公开(公告)号：US10657071B2

公开(公告)日：2020-05-19

申请号：US15714217

申请日：2017-09-25

Applicant: Intel Corporation

Inventor： David M. Durham ,  Siddhartha Chhabra ,  Amy L. Santoni ,  Gilbert Neiger ,  Barry E. Huntley ,  Hormuzd M. Khosravi ,  Baiju V. Patel ,  Ravi L. Sahita ,  Gideon Gerzon ,  Ido Ouziel ,  Ioannis T. Schoinas ,  Rajesh M. Sankaran

IPC: G06F12/14 ,  G06F21/60 ,  G06F21/82 ,  G06F3/06 ,  G06F21/53 ,  G06F21/78

Abstract: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.

公开(公告)号：US10594491B2

公开(公告)日：2020-03-17

申请号：US15816901

申请日：2017-11-17

Applicant: INTEL CORPORATION

Inventor： David M. Durham ,  Rajat Agarwal ,  Siddhartha Chhabra ,  Sergej Deutsch ,  Karanvir S. Grewal ,  Ioannis T. Schoinas

IPC: H04L9/32 ,  G06F12/14 ,  G06F3/06 ,  G11C29/52 ,  H04L9/06 ,  G06F11/10 ,  G06F12/0886 ,  G06F21/79 ,  H04L9/08 ,  G06F21/78 ,  G11C29/44

Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.

公开(公告)号：US20190220617A1

公开(公告)日：2019-07-18

申请号：US16367204

申请日：2019-03-27

Applicant: Intel Corporation

Inventor： David J. Harriman ,  Ioannis T. Schoinas ,  Kapil Sood ,  Raghunandan Makaram ,  Yu-Yuan Chen

IPC: G06F21/62 ,  G06F21/64

CPC classification number: G06F21/6218 ,  G06F21/64

Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.

公开(公告)号：US09535860B2

公开(公告)日：2017-01-03

申请号：US13743795

申请日：2013-01-17

Applicant: Intel Corporation

Inventor： Daniel F. Cutter ,  Blaise Fanning ,  Ramadass Nagarajan ,  Jose S. Niell ,  Debra Bernstein ,  Deepak Limaye ,  Ioannis T. Schoinas ,  Ravishankar Iyer

IPC: G06F12/00 ,  G06F13/16

CPC classification number: G06F13/1663 ,  G06F13/1605 ,  G06F13/161 ,  G06F2212/1024 ,  G06F2213/0064 ,  Y02D10/14

Abstract: In an embodiment, a shared memory fabric is configured to receive memory requests from multiple agents, where at least some of the requests have an associated deadline value to indicate a maximum latency prior to completion of the memory request. Responsive to the requests, the fabric is to arbitrate between the requests based at least in part on the deadline values. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，共享存储器结构被配置为从多个代理接收存储器请求，其中至少一些请求具有关联的最终期限值，以在完成存储器请求之前指示最大等待时间。 响应于请求，结构是至少部分地基于期限值来在请求之间进行仲裁。 描述和要求保护其他实施例。

公开(公告)号：US20230421545A1

公开(公告)日：2023-12-28

申请号：US18345278

申请日：2023-06-30

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Siddhartha Chhabra ,  David J. Harriman ,  Raghunandan Makaram ,  Ioannis T. Schoinas

IPC: H04L9/40 ,  G06F21/60 ,  G06F21/64 ,  G06F13/42

CPC classification number: H04L63/0457 ,  G06F21/606 ,  G06F21/64 ,  H04L9/3242 ,  G06F2213/0026 ,  H04L63/0464 ,  G06F13/4282

Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.

公开(公告)号：US11743240B2

公开(公告)日：2023-08-29

申请号：US16445019

申请日：2019-06-18

Applicant: Intel Corporation

Inventor： Vedvyas Shanbhogue ,  Siddhartha Chhabra ,  David J. Harriman ,  Raghunandan Makaram ,  Ioannis T. Schoinas

IPC: H04L9/40 ,  G06F21/60 ,  G06F21/64 ,  G06F13/42 ,  H04L9/32

CPC classification number: H04L63/0457 ,  G06F13/4282 ,  G06F21/606 ,  G06F21/64 ,  G06F2213/0026 ,  H04L9/3242 ,  H04L63/0464

Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.

公开(公告)号：US20220350912A1

公开(公告)日：2022-11-03

申请号：US17745740

申请日：2022-05-16

Applicant: Intel Corporation

Inventor： David J. Harriman ,  Ioannis T. Schoinas ,  Kapil Sood ,  Raghunandan Makaram ,  Yu-Yuan Chen

IPC: G06F21/62 ,  G06F21/64

Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.

公开(公告)号：US11196565B2

公开(公告)日：2021-12-07

申请号：US16689575

申请日：2019-11-20

Applicant: INTEL CORPORATION

Inventor： David M. Durham ,  Rajat Agarwal ,  Siddhartha Chhabra ,  Sergej Deutsch ,  Karanvir S. Grewal ,  Ioannis T. Schoinas

IPC: H04L9/32 ,  G06F3/06 ,  G06F11/10 ,  G06F12/14 ,  G06F12/0886 ,  G06F21/78 ,  H04L9/06 ,  H04L9/08 ,  H04L9/30 ,  G06F21/14 ,  G11C29/52 ,  G06F21/79 ,  G11C29/44

Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.