公开(公告)号：US20220261486A1

公开(公告)日：2022-08-18

申请号：US17731892

申请日：2022-04-28

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/76 ,  G06F21/44 ,  H04L9/14

Abstract: A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator device, the authentication tag in response to a finalization command from the trusted execution environment. Other embodiments are described and claimed.

公开(公告)号：US11775659B2

公开(公告)日：2023-10-03

申请号：US17731892

申请日：2022-04-28

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/72 ,  G06F21/76 ,  G06F21/44 ,  H04L9/14

CPC classification number: G06F21/606 ,  G06F21/44 ,  G06F21/602 ,  G06F21/72 ,  G06F21/76 ,  H04L9/14 ,  G06F2221/2149

Abstract: A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator device, the authentication tag in response to a finalization command from the trusted execution environment. Other embodiments are described and claimed.

公开(公告)号：US20200167487A1

公开(公告)日：2020-05-28

申请号：US16774338

申请日：2020-01-28

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F21/72 ,  G06F21/76 ,  H04L9/14 ,  G06F21/44

Abstract: A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator device, the authentication tag in response to a finalization command from the trusted execution environment. Other embodiments are described and claimed.

公开(公告)号：US20190340539A1

公开(公告)日：2019-11-07

申请号：US16513800

申请日：2019-07-17

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Nilesh K. Jain ,  Darshan Iyer ,  Ebrahim Al Safadi

IPC: G06N20/00

Abstract: Technologies for platform-targeted machine learning include a computing device to generate a machine learning algorithm model indicative of a plurality of classes between which a user input is to be classified and translate the machine learning algorithm model into hardware code for execution on the target platform. The user input is to be classified as being associated with a particular class based on an application of one or more features to the user input, and each of the one or more features has an associated implementation cost indicative of a cost to perform on a target platform on which the corresponding feature is to be applied to the user input.

公开(公告)号：US20190227827A1

公开(公告)日：2019-07-25

申请号：US16369295

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Krystof Zmudzinski ,  Siddhartha Chhabra ,  Reshma Lal ,  Alpa Narendra Trivedi ,  Luis S. Kida ,  Pradeep M. Pappachan ,  Abhishek Basak ,  Anna Trikalinou

IPC: G06F9/455 ,  G06F21/62 ,  G06F9/50 ,  G06F9/46 ,  G06F13/28 ,  G06F12/1009

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

公开(公告)号：US11755748B2

公开(公告)日：2023-09-12

申请号：US18068106

申请日：2022-12-19

Applicant: Intel Corporation

Inventor： Pradeep M. Pappachan ,  Luis S. Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F12/1009 ,  G06F12/14 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14

CPC classification number: G06F21/602 ,  G06F12/1009 ,  G06F12/1458 ,  G06F21/78 ,  G06T1/20 ,  H04L9/14 ,  G06F2212/1052 ,  G06F2221/2149

Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.

公开(公告)号：US11503000B2

公开(公告)日：2022-11-15

申请号：US16369303

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Luis S. Kida ,  Soham Jayesh Desai

IPC: G06F13/20 ,  G06F21/60 ,  H04L9/40 ,  H04L67/00 ,  G06F21/57 ,  H04L9/08

Abstract: Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.

公开(公告)号：US11347875B2

公开(公告)日：2022-05-31

申请号：US16774338

申请日：2020-01-28

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Reshma Lal

IPC: H04L29/00 ,  G06F21/60 ,  G06F21/72 ,  G06F21/76 ,  G06F21/44 ,  H04L9/14

Abstract: A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator device, the authentication tag in response to a finalization command from the trusted execution environment. Other embodiments are described and claimed.

公开(公告)号：US20220108224A1

公开(公告)日：2022-04-07

申请号：US17554975

申请日：2021-12-17

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Nilesh K. Jain ,  Darshan Iyer ,  Ebrahim Al Safadi

IPC: G06N20/00

Abstract: Technologies for platform-targeted machine learning include a computing device to generate a machine learning algorithm model indicative of a plurality of classes between which a user input is to be classified and translate the machine learning algorithm model into hardware code for execution on the target platform. Example instructions cause a processor to obtain dataset features indicative of a plurality of characteristics of an input dataset, rank, using multiple ranking algorithms, the dataset features, identify feature subsets for respective ones of the ranked dataset features, predict performance metrics based on the feature subsets, and select a final subset based on the predicted performance metrics.

公开(公告)号：US10373069B2

公开(公告)日：2019-08-06

申请号：US14866895

申请日：2015-09-26

Applicant: Intel Corporation

Inventor： Luis S. Kida ,  Nilesh K. Jain ,  Darshan Iyer ,  Ebrahim Al Safadi

IPC: G06N20/00

Abstract: Technologies for platform-targeted machine learning include a computing device to generate a machine learning algorithm model indicative of a plurality of classes between which a user input is to be classified and translate the machine learning algorithm model into hardware code for execution on the target platform. The user input is to be classified as being associated with a particular class based on an application of one or more features to the user input, and each of the one or more features has an associated implementation cost indicative of a cost to perform on a target platform on which the corresponding feature is to be applied to the user input.