公开(公告)号：US12033005B2

公开(公告)日：2024-07-09

申请号：US17532562

申请日：2021-11-22

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep Pappachan ,  Luis Kida ,  Soham Jayesh Desai ,  Sujoy Sen ,  Selvakumar Panneer ,  Robert Sharp

IPC: G06F9/50 ,  G06F9/38 ,  G06T1/20 ,  G06T1/60

CPC classification number: G06F9/5083 ,  G06F9/3814 ,  G06F9/5027 ,  G06T1/20 ,  G06T1/60

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising secure device manager (SDM) hardware circuitry to: receive a tenant bitstream of a tenant and a tenant use policy for utilization of the programmable IC via the tenant bitstream, wherein the tenant use policy is cryptographically bound to the tenant bitstream by a cloud service provider (CSP) authorizing entity and signed with a signature of the CSP authorizing entity; in response to successfully verifying the signature, extract the tenant use policy to provide to a policy manager of the programmable IC for verification; in response to the policy manager verifying the tenant bitstream based on the tenant use policy, configure a partial reconfiguration (PR) region of the programmable IC using the tenant bitstream; and associate a slot ID of the PR region with the tenant use policy.

公开(公告)号：US20220405403A1

公开(公告)日：2022-12-22

申请号：US17820628

申请日：2022-08-18

Applicant: Intel Corporation

Inventor： Soham Jayesh Desai ,  Siddhartha Chhabra ,  Bin Xing ,  Pradeep M. Pappachan ,  Reshma Lal

IPC: G06F21/60 ,  H04L9/40 ,  G06F21/57 ,  G06F13/28 ,  H04L9/32 ,  G06F21/62 ,  G06F21/85 ,  G09C1/00 ,  G06F13/20

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

公开(公告)号：US20220100584A1

公开(公告)日：2022-03-31

申请号：US17532569

申请日：2021-11-22

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep Pappachan ,  Luis Kida ,  Soham Jayesh Desai ,  Sujoy Sen ,  Selvakumar Panneer ,  Robert Sharp

IPC: G06F9/50 ,  G06T1/60 ,  G06T1/20 ,  G06F9/38

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising system manager hardware circuitry to: interface, over a network, with a remote application of a client platform, the system manager hardware circuitry to interface with the remote application using a message-based interface; perform resource management of resources of the programmable IC; validate incoming messages to the programmable IC; verify whether a requester is allowed to perform requested actions of the incoming messages that are successfully validated; and manage transfer of data between the programmable IC and the remote application based on successfully verifying the requester.

公开(公告)号：US10552620B2

公开(公告)日：2020-02-04

申请号：US15628006

申请日：2017-06-20

Applicant: Intel Corporation

Inventor： Soham Jayesh Desai ,  Siddhartha Chhabra ,  Bin Xing ,  Pradeep M. Pappachan ,  Reshma Lal

IPC: G06F21/00 ,  G06F21/60 ,  H04L29/06 ,  G06F21/57 ,  G06F13/28 ,  H04L9/32 ,  G06F21/62 ,  G06F21/85 ,  G09C1/00 ,  G06F13/20 ,  H04L9/06 ,  G06F21/51

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

公开(公告)号：US20190130120A1

公开(公告)日：2019-05-02

申请号：US16232146

申请日：2018-12-26

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Alpa Narendra Trivedi ,  Luis Kida ,  Pradeep M. Pappachan ,  Soham Jayesh Desai ,  Nanda Kumar Unnikrishnan

IPC: G06F21/60 ,  H04L9/32 ,  G06F21/76

Abstract: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data. Other embodiments are described and claimed.

公开(公告)号：US20190042732A1

公开(公告)日：2019-02-07

申请号：US15856573

申请日：2017-12-28

Applicant: Intel Corporation

Inventor： Soham Jayesh Desai ,  Pradeep Pappachan ,  Reshma Lal ,  Siddhartha Chhabra

IPC: G06F21/53 ,  G06F21/57 ,  G06F13/38

CPC classification number: G06F21/53 ,  G06F13/382 ,  G06F21/51 ,  G06F21/572

Abstract: Technologies for USB controller state integrity protection are disclosed. A computing device reserves an isolated memory region in system memory and programs a base address register of a USB controller with the address of the isolated memory region. The computing device locks the base address register from further chances. The USB controller may store controller state data in a scratchpad buffer located within the isolated memory region. Software executed by a processor may read controller state data from the scratchpad buffer. Secure routing hardware of the computing device controls access to the isolated memory region. The secure routing hardware may allow read and write access by the USB controller and read-only access by software executed by the processor. After storing the controller state data, the computing device may power down the I/O controller. Other embodiments are described and claimed.

公开(公告)号：US12135801B2

公开(公告)日：2024-11-05

申请号：US17820628

申请日：2022-08-18

Applicant: Intel Corporation

Inventor： Soham Jayesh Desai ,  Siddhartha Chhabra ,  Bin Xing ,  Pradeep M. Pappachan ,  Reshma Lal

IPC: G06F21/00 ,  G06F13/20 ,  G06F13/28 ,  G06F21/57 ,  G06F21/60 ,  G06F21/62 ,  G06F21/85 ,  G09C1/00 ,  H04L9/32 ,  H04L9/40 ,  G06F21/51 ,  H04L9/06

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.

公开(公告)号：US11989595B2

公开(公告)日：2024-05-21

申请号：US17526097

申请日：2021-11-15

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep Pappachan ,  Luis Kida ,  Soham Jayesh Desai ,  Sujoy Sen ,  Selvakumar Panneer ,  Robert Sharp

IPC: G06F9/50 ,  G06F9/38 ,  G06T1/20 ,  G06T1/60

CPC classification number: G06F9/5083 ,  G06F9/3814 ,  G06F9/5027 ,  G06T1/20 ,  G06T1/60

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform separate from the apparatus; communicate, by the remote GPU middleware layer, with a kernel mode driver of the one or more processors to cause the host memory to be allocated for command buffers and data structures received from the client platform for consumption by a command streamer of a remote GPU of the apparatus; and invoke, by the remote GPU middleware layer, the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the command buffers and the data structures allocated in the host memory as directed by the command streamer.

公开(公告)号：US11503000B2

公开(公告)日：2022-11-15

申请号：US16369303

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Luis S. Kida ,  Soham Jayesh Desai

IPC: G06F13/20 ,  G06F21/60 ,  H04L9/40 ,  H04L67/00 ,  G06F21/57 ,  H04L9/08

Abstract: Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.

公开(公告)号：US20220100580A1

公开(公告)日：2022-03-31

申请号：US17526097

申请日：2021-11-15

Applicant: Intel Corporation

Inventor： Reshma Lal ,  Pradeep Pappachan ,  Luis Kida ,  Soham Jayesh Desai ,  Sujoy Sen ,  Selvakumar Panneer ,  Robert Sharp

IPC: G06F9/50 ,  G06T1/60 ,  G06T1/20 ,  G06F9/38

Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform separate from the apparatus; communicate, by the remote GPU middleware layer, with a kernel mode driver of the one or more processors to cause the host memory to be allocated for command buffers and data structures received from the client platform for consumption by a command streamer of a remote GPU of the apparatus; and invoke, by the remote GPU middleware layer, the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the command buffers and the data structures allocated in the host memory as directed by the command streamer.