公开(公告)号：US11836272B2

公开(公告)日：2023-12-05

申请号：US17875815

申请日：2022-07-28

Applicant: Intel Corporation

Inventor： Lawrence A. Booth, Jr. ,  Salessawi Ferede Yitbarek ,  Reshma Lal ,  Pradeep M. Pappachan ,  Brent D. Thomas

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/31 ,  G06F16/783 ,  G06F16/14 ,  G06F21/44 ,  G06F21/10

CPC classification number: G06F21/6245 ,  G06F16/152 ,  G06F16/783 ,  G06F21/31 ,  G06F21/44 ,  G06F21/107

Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.

公开(公告)号：US11423171B2

公开(公告)日：2022-08-23

申请号：US16725187

申请日：2019-12-23

Applicant: Intel Corporation

Inventor： Lawrence A. Booth, Jr. ,  Salessawi Ferede Yitbarek ,  Reshma Lal ,  Pradeep M. Pappachan ,  Brent D. Thomas

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/31 ,  G06F16/783 ,  G06F16/14 ,  G06F21/44

Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.

公开(公告)号：US11461483B2

公开(公告)日：2022-10-04

申请号：US16774719

申请日：2020-01-28

Applicant: Intel Corporation

Inventor： Salessawi Ferede Yitbarek ,  Lawrence A. Booth, Jr. ,  Brent D. Thomas ,  Reshma Lal ,  Pradeep M. Pappachan ,  Akshay Kadam

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/76 ,  H04L9/08 ,  H04L9/14

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

公开(公告)号：US12204662B2

公开(公告)日：2025-01-21

申请号：US18496108

申请日：2023-10-27

Applicant: Intel Corporation

Inventor： Salessawi Ferede Yitbarek ,  Lawrence A. Booth, Jr. ,  Brent D. Thomas ,  Reshma Lal ,  Pradeep M. Pappachan ,  Akshay Kadam

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/76 ,  H04L9/08 ,  H04L9/14

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

公开(公告)号：US20240143802A1

公开(公告)日：2024-05-02

申请号：US18496108

申请日：2023-10-27

Applicant: Intel Corporation

Inventor： Salessawi Ferede Yitbarek ,  Lawrence A. Booth, Jr. ,  Brent D. Thomas ,  Reshma Lal ,  Pradeep M. Pappachan ,  Akshay Kadam

IPC: G06F21/60 ,  G06F21/76 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/606 ,  G06F21/76 ,  H04L9/0827 ,  H04L9/14 ,  G06F2221/2149

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

公开(公告)号：US11836262B2

公开(公告)日：2023-12-05

申请号：US17958621

申请日：2022-10-03

Applicant: Intel Corporation

Inventor： Salessawi Ferede Yitbarek ,  Lawrence A. Booth, Jr. ,  Brent D. Thomas ,  Reshma Lal ,  Pradeep M. Pappachan ,  Akshay Kadam

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/76 ,  H04L9/08 ,  H04L9/14

CPC classification number: G06F21/606 ,  G06F21/76 ,  H04L9/0827 ,  H04L9/14 ,  G06F2221/2149

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.