公开(公告)号：US10671744B2

公开(公告)日：2020-06-02

申请号：US15190396

申请日：2016-06-23

Applicant: INTEL CORPORATION

Inventor： Li Zhao ,  Manoj R. Sastry ,  Arnab Raha

IPC: G06F21/62

Abstract: Lightweight trusted execution technologies for internet-of-things devices are described. In response to a memory request at a page unit from an application executing in a current domain, the page unit is to map a current virtual address (VA) to a current physical address (PA). The policy enforcement logic (PEL) reads, from a secure domain cache (SDC), a domain value (DID) and a VA value that correspond to the current PA. The PEL grants access when the current domain and the DID correspond to the unprotected region or the current domain and the DID correspond to the secure domain region, the current domain is equal to the DID, and the current VA is equal to the VA value. The PEL grants data access and denies code access when the current domain corresponds to the secure domain region and the DID corresponds to the unprotected region.

公开(公告)号：US20190044912A1

公开(公告)日：2019-02-07

申请号：US15942031

申请日：2018-03-30

Applicant: Intel Corporation

Inventor： Liuyang Lily Yang ,  Huaxin Li ,  Li Zhao ,  Marcio Juliato ,  Shabbir Ahmed ,  Manoj R. Sastry

IPC: H04L29/06 ,  G06F9/455

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform; a network interface to communicatively couple to a bus lacking native support for authentication; and an anomaly detection engine to operate on the hardware platform and configured to: receive a first data stream across a first time; symbolize and approximate the first data stream, including computing a first window sum; receive a second data stream across a second time substantially equal in length to the first time, the second data stream including data across the plurality of dimensions from the first data stream; symbolize and approximate the second data stream, including computing a second window sum; compute a difference between the first window sum and the second window sum; determine that difference exceeds a threshold and that the correlation across the plurality of dimensions is broken; and flag a potential anomaly.

公开(公告)号：US20180091550A1

公开(公告)日：2018-03-29

申请号：US15450650

申请日：2017-03-06

Applicant: Intel Corporation

Inventor： Kyong-Tak Cho ,  Li Zhao ,  Manoj R. Sastry

IPC: H04L29/06 ,  H04L12/40 ,  H04L5/00 ,  G01R19/04 ,  G01R19/165 ,  B60R16/023

Abstract: One embodiment provides an electronic control unit (ECU) for a vehicle. The ECU includes transceiver circuitry, voltage measurement circuitry and feature set circuitry. The transceiver circuitry is to at least one of send and/or receive a message. The voltage measurement circuitry is to determine at least one of a high bus line voltage (VCANH) value and/or a low bus line voltage (VCANL) value, for each zero bit of at least one zero bit of a received message. The received the message includes a plurality of bits. The feature set circuitry is to determine a value of at least one feature of a feature set based, at least in part, on at least one of a high acknowledge (ACK) threshold voltage (VthH) and/or a low ACK threshold voltage (VthL). The feature set includes at least one of an operating most frequently measured VCANH value (VfreqH2) of a number of VCANH values and/or an operating most frequently measured VCANL value (VfreqL2) of a number of VCANL values.

公开(公告)号：US09485178B2

公开(公告)日：2016-11-01

申请号：US14229545

申请日：2014-03-28

Applicant: Intel Corporation

Inventor： Srihari Makikeni ,  Ravi Iyer ,  Dave Minturn ,  Sujoy Sen ,  Donald Newell ,  Li Zhao

IPC: H04L12/741 ,  H04L29/06 ,  H04L12/931

CPC classification number: H04L45/74 ,  H04L49/20 ,  H04L69/16 ,  H04L69/161 ,  H04L69/166

Abstract: In general, in one aspect, the disclosures describes a method that includes receiving multiple ingress Internet Protocol packets, each of the multiple ingress Internet Protocol packets having an Internet Protocol header and a Transmission Control Protocol segment having a Transmission Control Protocol header and a Transmission Control Protocol payload, where the multiple packets belonging to a same Transmission Control Protocol/Internet Protocol flow. The method also includes preparing an Internet Protocol packet having a single Internet Protocol header and a single Transmission Control Protocol segment having a single Transmission Control Protocol header and a single payload formed by a combination of the Transmission Control Protocol segment payloads of the multiple Internet Protocol packets. The method further includes generating a signal that causes receive processing of the Internet Protocol packet.

公开(公告)号：US20200328973A1

公开(公告)日：2020-10-15

申请号：US16870991

申请日：2020-05-10

Applicant: Intel Corporation

Inventor： Srihari Makineni ,  Ravi Iyer ,  Dave Minturn ,  Sujoy Sen ,  Donald Newell ,  Li Zhao

IPC: H04L12/741 ,  H04L29/06 ,  H04L12/931

Abstract: In general, in one aspect, the disclosures describes a method that includes receiving multiple ingress Internet Protocol packets, each of the multiple ingress Internet Protocol packets having an Internet Protocol header and a Transmission Control Protocol segment having a Transmission Control Protocol header and a Transmission Control Protocol payload, where the multiple packets belonging to a same Transmission Control Protocol/Internet Protocol flow. The method also includes preparing an Internet Protocol packet having a single Internet Protocol header and a single Transmission Control Protocol segment having a single Transmission Control Protocol header and a single payload formed by a combination of the Transmission Control Protocol segment payloads of the multiple Internet Protocol packets. The method further includes generating a signal that causes receive processing of the Internet Protocol packet.

公开(公告)号：US10404468B2

公开(公告)日：2019-09-03

申请号：US15351606

申请日：2016-11-15

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Manoj R. Sastry ,  Jesse Walker ,  Li Zhao ,  Rafael Misoczki

IPC: G06F11/30 ,  G06F12/14 ,  H04L9/32 ,  H04L9/06

Abstract: Technologies for counter with CBC-MAC (CCM) mode encryption include a computing device that performs a CBC-MAC authentication operation on a message with an encryption key, using a 64-bit block cipher to generate a message authentication code. The computing device generates a first 64-bit authentication block including an 8-bit flag field and a length field of between 11 and 32 bits. The flag field indicates the length of the length field. Performing the CBC-MAC authentication operation includes formatting the message into one or more 64-bit authentication blocks. The computing device performs a counter mode encryption operation on the message with the encryption key using the 64-bit block cipher to generate a cipher text. Performing the counter mode encryption includes generating multiple 64-bit keystream blocks. The computing device generates an authentication tag based on the message authentication code and a first keystream block of keystream blocks. Other embodiments are described and claimed.

公开(公告)号：US20180091309A1

公开(公告)日：2018-03-29

申请号：US15277462

申请日：2016-09-27

Applicant: Intel Corporation

Inventor： Rafael Misoczki ,  Steffen Schulz ,  Manoj R. Sastry ,  Santosh Ghosh ,  Li Zhao

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/3242 ,  H04L9/3252 ,  H04L2209/30 ,  H04L2209/38

Abstract: One embodiment provides a signer device. The signer device includes hash signature control logic and signer signature logic. The hash signature control logic is to retrieve a first nonce, to concatenate the first nonce and a message to be transmitted and to determine whether a first message representative satisfies a target threshold. The signer signature logic is to generate a first transmitted signature based, at least in part, on the first message representative, if the first message representative satisfies the target threshold. The hash signature control logic is to retrieve a second nonce, concatenate the second nonce and the message to be transmitted and to determine whether a second message representative satisfies the target threshold, if the first message representative does not satisfy the target threshold.

公开(公告)号：US20170372088A1

公开(公告)日：2017-12-28

申请号：US15190396

申请日：2016-06-23

Applicant: INTEL CORPORATION

Inventor： Li Zhao ,  Manoj R. Sastry ,  Arnab Raha

IPC: G06F21/62

Abstract: Lightweight trusted execution technologies for internet-of-things devices are described. In response to a memory request at a page unit from an application executing in a current domain, the page unit is to map a current virtual address (VA) to a current physical address (PA). The policy enforcement logic (PEL) reads, from a secure domain cache (SDC), a domain value (DID) and a VA value that correspond to the current PA. The PEL grants access when the current domain and the DID correspond to the unprotected region or the current domain and the DID correspond to the secure domain region, the current domain is equal to the DID, and the current VA is equal to the VA value. The PEL grants data access and denies code access when the current domain corresponds to the secure domain region and the DID corresponds to the unprotected region.

公开(公告)号：US20220300607A1

公开(公告)日：2022-09-22

申请号：US17834446

申请日：2022-06-07

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Shabbir Ahmed ,  Manoj Sastry ,  Liuyang L. Yang ,  Vuk Lesi ,  Li Zhao

IPC: G06F21/55 ,  H04L9/40 ,  H04W4/48 ,  H04W4/38 ,  H04W12/122

Abstract: Methods and apparatus relating to a physics-based approach for attack detection and/or localization in closed-loop controls for autonomous vehicles are described. In an embodiment, multiple state estimators are used to compute a set of residuals to detect, classify, and/or localize attacks. This allows for determination of an attacker's location and the kind of attack being perpetrated. Other embodiments are also disclosed and claimed.

公开(公告)号：US11354406B2

公开(公告)日：2022-06-07

申请号：US16021409

申请日：2018-06-28

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Shabbir Ahmed ,  Manoj Sastry ,  Liuyang L. Yang ,  Vuk Lesi ,  Li Zhao

IPC: G06F21/55 ,  H04L9/40 ,  H04W4/48 ,  H04W4/38 ,  H04W12/122

Abstract: Methods and apparatus relating to a physics-based approach for attack detection and/or localization in closed-loop controls for autonomous vehicles are described. In an embodiment, multiple state estimators are used to compute a set of residuals to detect, classify, and/or localize attacks. This allows for determination of an attacker's location and the kind of attack being perpetrated. Other embodiments are also disclosed and claimed.