公开(公告)号：US11893425B2

公开(公告)日：2024-02-06

申请号：US17531005

申请日：2021-11-19

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep Pappachan ,  Luis Kida ,  Soham Jayesh Desai ,  Sujoy Sen ,  Selvakumar Panneer ,  Robert Sharp

IPC: G06F9/50 ,  G06T1/60 ,  G06T1/20 ,  G06F9/38

CPC classification number: G06F9/5083 ,  G06F9/3814 ,  G06F9/5027 ,  G06T1/20 ,  G06T1/60

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a processor executing a trusted execution environment (TEE) comprising a field-programmable gate array (FPGA) driver to interface with an FPGA device that is remote to the apparatus; and a remote memory-mapped input/output (MMIO) driver to expose the FPGA device as a legacy device to the FPGA driver, wherein the processor to utilize the remote MMIO driver to: enumerate the FPGA device using FPGA enumeration data provided by a remote management controller of the FPGA device, the FPGA enumeration data comprising a configuration space and device details; load function drivers for the FPGA device in the TEE; create corresponding device files in the TEE based on the FPGA enumeration data; and handle remote MMIO reads and writes to the FPGA device via a network transport protocol.

公开(公告)号：US11838411B2

公开(公告)日：2023-12-05

申请号：US18068663

申请日：2022-12-20

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Luis Kida ,  Reshma Lal

IPC: H04L9/08 ,  H04L9/06

CPC classification number: H04L9/088 ,  H04L9/0618

Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first permutation cipher pipeline to defuse a count and a key into a permutation state; a first exclusive-OR (XOR) to generate ciphertext data from 64-bits of the new permutation state; and plaintext data; a concatenator to concatenate the plaintext data and additional authenticated data (AAD) to produce a concatenation result; a second XOR to generate an XOR result from the concatenation result and the latest permutation state; and a second permutation pipeline to generate an authentication tag of the XOR result and the key.

公开(公告)号：US20230117518A1

公开(公告)日：2023-04-20

申请号：US18068663

申请日：2022-12-20

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Luis Kida ,  Reshma Lal

IPC: H04L9/08 ,  H04L9/06

Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first permutation cipher pipeline to defuse a count and a key into a permutation state; a first exclusive-OR (XOR) to generate ciphertext data from 64-bits of the new permutation state; and plaintext data; a concatenator to concatenate the plaintext data and additional authenticated data (AAD) to produce a concatenation result; a second XOR to generate an XOR result from the concatenation result and the latest permutation state; and a second permutation pipeline to generate an authentication tag of the XOR result and the key.

公开(公告)号：US20230110230A1

公开(公告)日：2023-04-13

申请号：US18060702

申请日：2022-12-01

Applicant: Intel Corporation

Inventor： Luis Kida ,  Siddhartha Chhabra ,  Reshma Lal ,  Pradeep M. Pappachan

IPC: G06F12/14 ,  H04L9/32 ,  G06F21/76 ,  G06F21/60 ,  H04L9/08 ,  G06F9/455 ,  G06F21/57 ,  G06F21/64 ,  H04L41/28 ,  G06F21/79 ,  H04L41/046 ,  H04L9/06 ,  G06F9/38 ,  G06F12/0802

Abstract: Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.

公开(公告)号：US20220103536A1

公开(公告)日：2022-03-31

申请号：US17549014

申请日：2021-12-13

Applicant: Intel Corporation

Inventor： Luis Kida ,  Reshma Lal

IPC: G06F21/60 ,  G06F13/28

Abstract: An apparatus to facilitate protecting data transfer between a secure application and networked devices is disclosed. The apparatus includes a source network interface controller (NIC); and a processor to provide a trusted execution environment (TEE) to run an application, wherein the source NIC operates outside of a trust boundary of the TEE, and wherein the processor is to utilize the application in the TEE to: generate encrypted data of the application; copy the encrypted data to a local shared buffer; interface with the source NIC to initiate a copy, over a network, of the encrypted data from the local shared buffer to a remote buffer of a remote platform; and communicate at least one message with the remote platform to indicate that the encrypted data is available and to enable the remote platform to verify integrity of the encrypted data, wherein the one least one message comprises an authentication tag.

公开(公告)号：US20220103516A1

公开(公告)日：2022-03-31

申请号：US17547655

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Pradeep Pappachan ,  Luis Kida ,  Donald E. Wood ,  Tony Hurson ,  Reouven Elbaz ,  Reshma Lal

IPC: H04L9/30 ,  G06F9/455

Abstract: An apparatus comprising a first computing platform including a processor to execute a first trusted executed environment (TEE) to host a first plurality of virtual machines and a first network interface controller to establish a trusted communication channel with a second computing platform via an orchestration controller.

公开(公告)号：US20220100582A1

公开(公告)日：2022-03-31

申请号：US17531005

申请日：2021-11-19

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep Pappachan ,  Luis Kida ,  Soham Jayesh Desai ,  Sujoy Sen ,  Selvakumar Panneer ,  Robert Sharp

IPC: G06F9/50 ,  G06T1/60 ,  G06T1/20 ,  G06F9/38

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a processor executing a trusted execution environment (TEE) comprising a field-programmable gate array (FPGA) driver to interface with an FPGA device that is remote to the apparatus; and a remote memory-mapped input/output (MMIO) driver to expose the FPGA device as a legacy device to the FPGA driver, wherein the processor to utilize the remote MMIO driver to: enumerate the FPGA device using FPGA enumeration data provided by a remote management controller of the FPGA device, the FPGA enumeration data comprising a configuration space and device details; load function drivers for the FPGA device in the TEE; create corresponding device files in the TEE based on the FPGA enumeration data; and handle remote MMIO reads and writes to the FPGA device via a network transport protocol.

公开(公告)号：US20220021517A1

公开(公告)日：2022-01-20

申请号：US17342271

申请日：2021-06-08

Applicant: Intel Corporation

Inventor： Santosh Ghosh ,  Luis Kida ,  Reshma Lal

IPC: H04L9/06 ,  H04L9/08

Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first block cipher pipeline to encrypt a count using a key; a first exclusive-OR (XOR) to generate a first XOR result of the encrypted count and a length multiplied by an authentication key; a second block cipher pipeline to encrypt (count+1) using the key; a second XOR to generate a second XOR result of plaintext data and the encrypted (count+1); a plurality of Galois field multipliers (GFMs) to perform Galois field multiplication on additional authenticated data (AAD), powers of the authentication key, and ciphertext data; and a plurality of exclusive-ORs (XORs) to combine results of the GFMs and the first XOR result to generate an authentication tag. Other embodiments are described and claimed.

公开(公告)号：US20210390063A1

公开(公告)日：2021-12-16

申请号：US17446194

申请日：2021-08-27

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Alpa Narendra Trivedi ,  Luis Kida ,  Pradeep M. Pappachan ,  Soham Jayesh Desai ,  Nanda Kumar Unnikrishnan

IPC: G06F12/14 ,  H04L9/32 ,  G06F21/76 ,  G06F21/60 ,  H04L9/08 ,  G06F9/455 ,  G06F21/57 ,  G06F21/64 ,  H04L12/24 ,  G06F21/79 ,  H04L9/06 ,  G06F9/38 ,  G06F12/0802

Abstract: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data. Other embodiments are described and claimed.

公开(公告)号：US20210117246A1

公开(公告)日：2021-04-22

申请号：US17133066

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep Pappachan ,  Luis Kida ,  Soham Jayesh Desai ,  Sujoy Sen ,  Selvakumar Panneer ,  Robert Sharp

IPC: G06F9/50 ,  G06F9/38 ,  G06T1/20 ,  G06T1/60

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.