公开(公告)号：US12164650B2

公开(公告)日：2024-12-10

申请号：US17482370

申请日：2021-09-22

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel

IPC: G06F21/60 ,  G06F12/02 ,  G06F12/14 ,  G06F13/28 ,  G06F15/78 ,  G06F21/10 ,  G06F21/62 ,  G06F21/79

Abstract: The disclosed embodiments are generally directed to inline encryption of data at line speed at a chip interposed between two memory components. The inline encryption may be implemented at a System-on-Chip (“SOC” or “SOC”). The memory components may comprise Non-Volatile Memory express (NVMe) and a dynamic random access memory (DRAM). An exemplary device includes an SOC to communicate with a Non-Volatile Memory NVMe circuitry to provide direct memory access (DMA) to an external memory component. The SOC may include: a cryptographic controller circuitry; a cryptographic memory circuitry in communication with the cryptographic controller, the cryptographic memory circuitry configured to store instructions to encrypt or decrypt data transmitted through the SOC; and an encryption engine in communication with the crypto controller circuitry, the encryption engine configured to encrypt or decrypt data according to instructions stored at the crypto memory circuitry. Other embodiments are also disclosed and claimed.

公开(公告)号：US20240129315A1

公开(公告)日：2024-04-18

申请号：US18478692

申请日：2023-09-29

Applicant: Intel Corporation

Inventor： Hong C. Li ,  John B. Vicente ,  Prashant Dewan

IPC: H04L9/40 ,  G06F21/51 ,  G06F21/53

CPC classification number: H04L63/101 ,  G06F21/51 ,  G06F21/53 ,  H04L67/02

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

公开(公告)号：US11775652B2

公开(公告)日：2023-10-03

申请号：US17547739

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F21/71 ,  G06F21/79 ,  G06F21/78 ,  G06F15/78

CPC classification number: G06F21/575 ,  G06F9/4413 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/3278 ,  G06F2221/034

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US11768941B2

公开(公告)日：2023-09-26

申请号：US16832489

申请日：2020-03-27

Applicant: Intel Corporation

Inventor： Vinupama Godavarthi ,  Andrzej Mialkowski ,  Kar Leong Wong ,  Aditya Katragada ,  Maciej Kusio ,  Prashant Dewan ,  Karunakara Kotary

IPC: G06F21/57 ,  G06F21/78 ,  G06F12/0804 ,  G06F12/08

CPC classification number: G06F21/572 ,  G06F12/0804 ,  G06F21/575 ,  G06F21/78

Abstract: An apparatus to implement an IP independent secure firmware load into an IP agent without a ROM to establish hardware root of trust is disclosed. The apparatus includes a plurality of agents, at least one agent including an isolated memory region accessible only to a trusted entity of the at least one agent and a main memory, and a processor to allocate a section of the isolated memory region of the at least one agent, verify a first stage firmware module, the first stage firmware module comprising instructions to enable the at least one agent to load and verify a second stage firmware module, place the first stage firmware module into memory of the at least one agent without a ROM to establish the hardware root of trust.

公开(公告)号：US20220278836A1

公开(公告)日：2022-09-01

申请号：US17698269

申请日：2022-03-18

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: H04L9/08 ,  G06F21/85 ,  G06F21/78

Abstract: There is disclosed in one example a computing system, including: a processor; a memory; and a memory encryption engine (MEE) including circuitry and logic to: allocate a protected isolated memory region (IMR); encrypt the protected IMR; set an access control policy to allow access to the IMR by a device identified by a device identifier; and upon receiving a memory access request directed to the IMR, enforce the access control policy.

公开(公告)号：US11429496B2

公开(公告)日：2022-08-30

申请号：US17132227

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Karunakara Kotary ,  Prashant Dewan ,  Vincent Zimmer ,  Rajesh Poornachandran

IPC: G06F12/00 ,  G06F11/14 ,  G06F11/20 ,  G06F9/4401

Abstract: An apparatus to facilitate data resiliency in a computer system platform is disclosed. The apparatus comprises a non-volatile memory to store data resiliency logic and one or more processors to execute the data resiliency logic to collect boot critical data from a plurality of platform components and store the data within the non-volatile memory.

公开(公告)号：US20220100866A1

公开(公告)日：2022-03-31

申请号：US17548938

申请日：2021-12-13

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20220035749A1

公开(公告)日：2022-02-03

申请号：US17504609

申请日：2021-10-19

Applicant: Intel Corporation

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: G06F12/14 ,  G06F13/16 ,  G06F21/79

Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.

公开(公告)号：US20220004668A1

公开(公告)日：2022-01-06

申请号：US17477202

申请日：2021-09-16

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Thomas Bowen ,  Anoop Mukker

IPC: G06F21/78 ,  G06F3/06 ,  H04L9/32

Abstract: Methods and apparatus relating to a lockable partition in NVMe (Non-Volatile Memory express) drives with drive migration support are described. In an embodiment, a Non-Volatile Memory (NVM) device stores data and partition logic circuitry locks or unlocks a partition on the NVM device in response to a command. The NVM device is physically migratable to a different platform and the NVM device is protected after power loss during runtime. The partition logic circuitry locks or unlocks the partition in response to the command and a cryptographic key. Other embodiments are also disclosed and claimed.

公开(公告)号：US11184396B2

公开(公告)日：2021-11-23

申请号：US16143639

申请日：2018-09-27

Applicant: INTEL CORPORATION

Inventor： Siddhartha Chhabra ,  Prashant Dewan

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/30 ,  G06F21/57 ,  G06F21/62 ,  G06F21/74

Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack. In several such embodiments, a second ISA instruction implemented by microcode may enable untrusted software to verify the validity of the wrapped blobs and program registers associated with the platform resource with policy information provided via the wrapped blobs.