-
1.发明授权公开(公告)号:US12124616B2
公开(公告)日:2024-10-22
申请号:US17830225
申请日:2022-06-01
申请人: Intel Corporation
发明人: Claire Vishik , Reshma Lal , Santosh Ghosh
CPC分类号: G06F21/64 , G06F21/602 , G06F16/152
摘要: A system and method of enhancing the trustworthiness of an artificial intelligence system include detecting whether a data element includes an existing data domain tag, processing the data element into a transformed data element, generating a data domain tag, where the data domain tag includes at least a data domain identifier and a timestamp, appending the data domain tag to the transformed data element, creating a signature for the transformed data element and the appended data domain tag using a private key, and creating another signature for the data domain tag using the private key.
-
公开(公告)号:US20240236058A1
公开(公告)日:2024-07-11
申请号:US18416569
申请日:2024-01-18
申请人: Intel Corporation
发明人: Luis Kida , Reshma Lal
CPC分类号: H04L63/0485 , G06F9/5044 , G06F9/5083 , G06F13/28 , H04L9/0825 , H04L9/085 , H04L9/3242 , H04L63/0435 , H04L63/061 , H04L63/123
摘要: An apparatus to facilitate protecting data transfer between a secure application and networked devices is disclosed. The apparatus includes a processor to provide a trusted execution environment (TEE) to run an application, wherein the processor is to: generate, via the application in the TEE, encrypted data, wherein the encrypted data comprises a payload; copy, via the application in the TEE, the encrypted data to a local buffer; interface, using the application in the TEE, with a source network interface controller (NIC) to initiate a copy over a network of the encrypted data from the local buffer to a remote buffer of a remote platform; and communicate, after completing the copy of the network of the encrypted data, at least one message with the remote platform to indicate that the encrypted data is available and to enable the remote platform to verify integrity of the encrypted data.
-
公开(公告)号:US12033005B2
公开(公告)日:2024-07-09
申请号:US17532562
申请日:2021-11-22
申请人: Intel Corporation
发明人: Reshma Lal , Pradeep Pappachan , Luis Kida , Soham Jayesh Desai , Sujoy Sen , Selvakumar Panneer , Robert Sharp
CPC分类号: G06F9/5083 , G06F9/3814 , G06F9/5027 , G06T1/20 , G06T1/60
摘要: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising secure device manager (SDM) hardware circuitry to: receive a tenant bitstream of a tenant and a tenant use policy for utilization of the programmable IC via the tenant bitstream, wherein the tenant use policy is cryptographically bound to the tenant bitstream by a cloud service provider (CSP) authorizing entity and signed with a signature of the CSP authorizing entity; in response to successfully verifying the signature, extract the tenant use policy to provide to a policy manager of the programmable IC for verification; in response to the policy manager verifying the tenant bitstream based on the tenant use policy, configure a partial reconfiguration (PR) region of the programmable IC using the tenant bitstream; and associate a slot ID of the PR region with the tenant use policy.
-
公开(公告)号:US20240220639A1
公开(公告)日:2024-07-04
申请号:US18148576
申请日:2022-12-30
申请人: Intel Corporation
发明人: Prateek Sahu , Reshma Lal
CPC分类号: G06F21/602 , G06F21/57 , G06F21/85
摘要: An apparatus comprises a compute complex comprising one or more processing resources to execute a software process, a hardware processor to initiate an authentication request to at least one adjunct processing hardware device communicatively coupled to the compute complex, establish a session key with the at least one adjunct processing hardware device, negotiate, with a hypervisor, a virtual function allocation for at least one virtual adjunct processing device to be implemented by the at least one adjunct processing hardware device to define a configuration in a trusted page table, verify the configuration with the at least one adjunct processing hardware device using the session key, and lock the configuration in the trusted table.
-
公开(公告)号:US20240121097A1
公开(公告)日:2024-04-11
申请号:US18391375
申请日:2023-12-20
申请人: Intel Corporation
发明人: Pradeep M. Pappachan , Reshma Lal
CPC分类号: H04L9/3226 , G06F21/602 , H04L9/085
摘要: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.
-
公开(公告)号:US11947801B2
公开(公告)日:2024-04-02
申请号:US17876936
申请日:2022-07-29
申请人: Intel Corporation
发明人: Reshma Lal , Sarbartha Banerjee
IPC分类号: G06F12/1009 , G06F3/06 , G06F12/14
CPC分类号: G06F3/0611 , G06F3/0659 , G06F3/0673 , G06F12/1009 , G06F12/1408
摘要: An apparatus to facilitate in-place memory copy during remote data transfer in a heterogeneous compute environment is disclosed. The apparatus includes a processor to receive data via a network interface card (NIC) of a hardware accelerator device; identify a destination address of memory of the hardware accelerator device to write the data; determine that access control bits of the destination address in page tables maintained by a memory management unit (MMU) indicate that memory pages of the destination address are both registered and free; write the data to the memory pages of the destination address; and update the access control bits for memory pages of the destination address to indicate that the memory pages are restricted, wherein setting the access control bits to restricted prevents the NIC and a compute kernel of the hardware accelerator device from accessing the memory pages.
-
公开(公告)号:US20240106625A1
公开(公告)日:2024-03-28
申请号:US18502763
申请日:2023-11-06
申请人: Intel Corporation
发明人: Pradeep M. Pappachan , Reshma Lal , Rakesh A. Ughreja , Kumar N. Dwarakanath , Victoria C. Moore
IPC分类号: H04L9/00 , G06F9/54 , G06F21/44 , G06F21/57 , G06F21/60 , G06F21/83 , G06F21/84 , H04L9/08 , H04L9/40
CPC分类号: H04L9/00 , G06F9/54 , G06F21/445 , G06F21/57 , G06F21/606 , G06F21/83 , G06F21/84 , H04L9/0838 , H04L63/145 , G06F2221/033 , H04L63/0428
摘要: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.
-
公开(公告)号:US20240070091A1
公开(公告)日:2024-02-29
申请号:US17822847
申请日:2022-08-29
申请人: Intel Corporation
IPC分类号: G06F12/14
CPC分类号: G06F12/1441 , G06F12/1408 , G06F12/1458
摘要: An apparatus comprises a hardware processor to program a memory table for a trusted domain with a first device identifier associated with a device, a guest physical address (GPA) range associated with the device, and a guest physical address offset, receive a memory access request from the device, the memory access request comprising a second device identifier and a guest physical address, and validate the memory access request using the memory table.
-
公开(公告)号:US20240045968A1
公开(公告)日:2024-02-08
申请号:US18492007
申请日:2023-10-23
申请人: Intel Corporation
发明人: Kapil Sood , Ioannis T. Schoinas , Yu-Yuan Chen , Raghunandan Makaram , David J. Harriman , Baiju Patel , Ronald Perez , Matthew E. Hoekstra , Reshma Lal
摘要: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
-
10.发明公开公开(公告)号:US20240036733A1
公开(公告)日:2024-02-01
申请号:US17876936
申请日:2022-07-29
申请人: Intel Corporation
发明人: Reshma Lal , Sarbartha Banerjee
IPC分类号: G06F3/06
CPC分类号: G06F3/0611 , G06F3/0659 , G06F3/0673
摘要: An apparatus to facilitate in-place memory copy during remote data transfer in a heterogeneous compute environment is disclosed. The apparatus includes a processor to receive data via a network interface card (NIC) of a hardware accelerator device; identify a destination address of memory of the hardware accelerator device to write the data; determine that access control bits of the destination address in page tables maintained by a memory management unit (MMU) indicate that memory pages of the destination address are both registered and free; write the data to the memory pages of the destination address; and update the access control bits for memory pages of the destination address to indicate that the memory pages are restricted, wherein setting the access control bits to restricted prevents the NIC and a compute kernel of the hardware accelerator device from accessing the memory pages.
-
-
-
-
-
-
-
-
-
搜索结果
222 条记录 (耗时 0.027 秒)
