-
公开(公告)号:US11461483B2
公开(公告)日:2022-10-04
申请号:US16774719
申请日:2020-01-28
Applicant: Intel Corporation
Inventor: Salessawi Ferede Yitbarek , Lawrence A. Booth, Jr. , Brent D. Thomas , Reshma Lal , Pradeep M. Pappachan , Akshay Kadam
Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.
-
公开(公告)号:US20240143802A1
公开(公告)日:2024-05-02
申请号:US18496108
申请日:2023-10-27
Applicant: Intel Corporation
Inventor: Salessawi Ferede Yitbarek , Lawrence A. Booth, Jr. , Brent D. Thomas , Reshma Lal , Pradeep M. Pappachan , Akshay Kadam
CPC classification number: G06F21/606 , G06F21/76 , H04L9/0827 , H04L9/14 , G06F2221/2149
Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.
-
公开(公告)号:US11836262B2
公开(公告)日:2023-12-05
申请号:US17958621
申请日:2022-10-03
Applicant: Intel Corporation
Inventor: Salessawi Ferede Yitbarek , Lawrence A. Booth, Jr. , Brent D. Thomas , Reshma Lal , Pradeep M. Pappachan , Akshay Kadam
CPC classification number: G06F21/606 , G06F21/76 , H04L9/0827 , H04L9/14 , G06F2221/2149
Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.
-
Patent Agency Ranking
公开(公告)号:US20230026602A1
公开(公告)日:2023-01-26
申请号:US17958621
申请日:2022-10-03
Applicant: Intel Corporation
Inventor: Salessawi Ferede Yitbarek , Lawrence A. Booth, JR. , Brent D. Thomas , Reshma Lal , Pradeep M. Pappachan , Akshay Kadam
Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.
-
公开(公告)号:US20220311594A1
公开(公告)日:2022-09-29
申请号:US17569488
申请日:2022-01-05
Applicant: Intel Corporation
Inventor: Akshay Kadam , Sivakumar B , Lawrence Booth, JR. , Niraj Gupta , Steven Tu , Ricardo Becker , Subba Mungara , Tuyet-Trang Piel , Mitul Shah , Raynald Lim , Mihai Bogdan Bucsa , Cliodhna Ni Scanaill , Roman Zubarev , Dmitry Budnikov , Lingyun Zhu , Yi Qian , Stewart Taylor
Abstract: An accelerator includes a memory, a compute zone to receive an encrypted workload downloaded from a tenant application running in a virtual machine on a host computing system attached to the accelerator, and a processor subsystem to execute a cryptographic key exchange protocol with the tenant application to derive a session key for the compute zone and to program the session key into the compute zone. The compute zone is to decrypt the encrypted workload using the session key, receive an encrypted data stream from the tenant application, decrypt the encrypted data stream using the session key, and process the decrypted data stream by executing the workload to produce metadata.
-
公开(公告)号:US12204662B2
公开(公告)日:2025-01-21
申请号:US18496108
申请日:2023-10-27
Applicant: Intel Corporation
Inventor: Salessawi Ferede Yitbarek , Lawrence A. Booth, Jr. , Brent D. Thomas , Reshma Lal , Pradeep M. Pappachan , Akshay Kadam
Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.
-
公开(公告)号:US20240396711A1
公开(公告)日:2024-11-28
申请号:US18785435
申请日:2024-07-26
Applicant: Intel Corporation
Inventor: Akshay Kadam , Sivakumar B , Lawrence Booth, JR. , Niraj Gupta , Steven Tu , Ricardo Becker , Subba Mungara , Tuyet-Trang Piel , Mitul Shah , Raynald Lim , Mihai Bogdan Bucsa , Cliodhna Ni Scanaill , Roman Zubarev , Dmitry Budnikov , Lingyun Zhu , Yi Qian , Stewart Taylor
Abstract: An accelerator includes a memory, a compute zone to receive an encrypted workload downloaded from a tenant application running in a virtual machine on a host computing system attached to the accelerator, and a processor subsystem to execute a cryptographic key exchange protocol with the tenant application to derive a session key for the compute zone and to program the session key into the compute zone. The compute zone is to decrypt the encrypted workload using the session key, receive an encrypted data stream from the tenant application, decrypt the encrypted data stream using the session key, and process the decrypted data stream by executing the workload to produce metadata.
-
公开(公告)号:US20200167488A1
公开(公告)日:2020-05-28
申请号:US16774719
申请日:2020-01-28
Applicant: Intel Corporation
Inventor: Salessawi Ferede Yitbarek , Lawrence A. Booth Jr. , Brent Thomas , Reshma Lal , Pradeep M. Pappachan , Akshay Kadam
Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.
-
-
-
-
-
-
-
Search Results
8
records
(took 0.014 seconds)
