公开(公告)号：US20240106839A1

公开(公告)日：2024-03-28

申请号：US17954133

申请日：2022-09-27

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Sunil Cheruvu ,  Gerald Alan Rogers ,  Victor Medrano ,  Kshitij Arun Doshi

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/1441

Abstract: Various systems and methods are described to enable cyber-physical protections in edge computing platforms, including with countermeasures that mitigate and halt a variety of digital or real-world attacks. In an example, an attack detection and response engine is used to monitor processing circuitry, with operations that: identify operational data from processing circuitry that operates multiple layers (e.g., of an IP block) to perform compute operations, with trust of the processing circuitry established based on attestation of a hardware root of trust (RoT); evaluate the operational data to identify an attack condition at the processing circuitry, based on monitoring an operational layer of the multiple layers; and provide a digital attack response to the processing circuitry, in response to identifying the attack condition, to deploy the digital attack response and cause a countermeasure at the operational layer of the processing circuitry.

公开(公告)号：US11870562B2

公开(公告)日：2024-01-09

申请号：US17131615

申请日：2020-12-22

Applicant: Intel Corporation

Inventor： Sunil Cheruvu ,  Ned M. Smith ,  Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Eve M. Schooler ,  Dario Sabella

IPC: H04L9/40 ,  G06F8/60 ,  H04L45/00 ,  H04L67/568

CPC classification number: H04L63/123 ,  G06F8/60 ,  H04L45/72 ,  H04L63/08 ,  H04L67/568

Abstract: A named function network (NFN) system includes a routing node, a function generation node, and a server node. The routing node receives requests for new functions, the requests including data values for generating the new functions. The function generation node receives the data values from the routing node and generates a new function for the NFN using the data values. The server node receives a request from the routing node to execute the new function, executes the new function, and transmits results of the execution to the routing node.

公开(公告)号：US20230169397A1

公开(公告)日：2023-06-01

申请号：US17919510

申请日：2021-05-17

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Francesc Guim Bernat ,  Rita Chattopadhyay ,  Sunil Cheruvu

IPC: G06N20/00

CPC classification number: G06N20/00

Abstract: Methods, apparatus, systems and articles of manufacture to train a model using attestation data are disclosed. An example apparatus includes a model trainer to train a machine learning model using a golden training data set received from a server to generate golden training results; and an attestation result generator to: compare the shared model training results to the golden training results; and determine if attestation of the shared model training results passes based on the comparison of the shared model training results and the golden training results.

公开(公告)号：US20210089685A1

公开(公告)日：2021-03-25

申请号：US17100580

申请日：2020-11-20

Applicant: Intel Corporation

Inventor： Sunil Cheruvu ,  Ned M. Smith ,  Kshitij Arun Doshi

IPC: G06F21/79 ,  G06F21/57 ,  G06F21/54 ,  G06F12/14 ,  G06F11/30

Abstract: Methods, systems, and use cases for verifying operations of trusted hardware, such as with a memory monitor, are disclosed, with implementation in a computing system. In an example, a computing system includes memory circuitry including a DRAM device, processing circuitry operably coupled to the DRAM device, and a field programmable gate array (FPGA) configured to install and provision a memory monitor. The memory monitor is provided from an external verifier entity, and the memory monitor is operated by the FPGA to monitor operations of the DRAM device. The FPGA includes a Root of Trust (RoT) hardware component that is compliant with a Device Identifier Composition Engine (DICE) trusted computing specification, and DICE attestation using the RoT hardware component is used to verify a secure state of the memory monitor with the verifier entity, during operation of the memory monitor.

公开(公告)号：US20210021609A1

公开(公告)日：2021-01-21

申请号：US17064218

申请日：2020-10-06

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Sunil Cheruvu ,  Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Eve M. Schooler ,  Dario Sabella

IPC: H04L29/06

Abstract: Various aspects of methods, systems, and use cases for verification and attestation of operations in an edge computing environment are described, based on use of a trust calculus and established definitions of trustworthiness properties. In an example, an edge computing verification node is configured to: obtain a trust representation, corresponding to an edge computing feature, that is defined with a trust calculus and provided in a data definition language; receive, from an edge computing node, compute results and attestation evidence from the edge computing feature; attempt validation of the attestation evidence based on attestation properties defined by the trust representation; and communicate an indication of trustworthiness for the compute results, based on the validation of the attestation evidence. In further examples, the trust representation and validation is used in a named function network (NFN), for dynamic composition and execution of a function.

公开(公告)号：US20230344871A1

公开(公告)日：2023-10-26

申请号：US18216412

申请日：2023-06-29

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Francesc Guim Bernat ,  Sunil Cheruvu ,  Kshitij Arun Doshi ,  Marcos E. Carranza

IPC: H04L9/40 ,  H04L67/60

CPC classification number: H04L63/20 ,  H04L67/60

Abstract: Software and other electronic services are increasingly being executed in cloud computing environments. Edge computing environments may be used to bridge the gap between cloud computing environments and end-user software and electronic devices, and may implement Functions-as-a-Service (FaaS). FaaS may be used to create flavors of particular services, a chain of related functions that implements all or a portion of a FaaS edge workflow or workload. A FaaS Temporal Software-Defined Wide-Area Network (SD-WAN) may be used to receive a computing request and decompose the computing request into several FaaS flavors, enable dynamic creation of SD-WANs for each FaaS flavor, execute the FaaS flavors in their respective SD-WAN, return a result, and destroy the SD-WANs. The FaaS Temporal SD-WAN expands upon current edge systems by allowing low-latency creation of SD-WAN virtual networks bound to a set of function instances that are created to a execute a particular service request.

公开(公告)号：US20210117578A1

公开(公告)日：2021-04-22

申请号：US17132748

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Sunil Cheruvu ,  Ria Cheruvu ,  Kshitij Doshi ,  Francesc Guim Bernat ,  Ned Smith ,  Anahit Tarkhanyan

IPC: G06F21/85 ,  G06F21/53

Abstract: Methods, apparatus, systems, and articles of manufacture to protect proprietary functionality and/or other content in hardware and software are disclosed. An example computer apparatus includes; a first circuit including a first interface, the first circuit associated with a first domain; a second circuit including a second interface, the second circuit associated with a second domain; and a chip manager to generate a first authenticated interface for the first interface using a first token and to generate a second authenticated interface for the second interface using a second token to enable communication between the first authenticated interface and the second authenticated interface.

公开(公告)号：US20210110310A1

公开(公告)日：2021-04-15

申请号：US17131462

申请日：2020-12-22

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Ned M. Smith ,  Karthik Kumar ,  Sunil Cheruvu ,  Timothy Verrall

IPC: G06N20/00 ,  G06F16/27 ,  H04L29/06

Abstract: Methods and apparatus to verify trained models in edge environments are disclosed. An example apparatus to validate a trained model in an edge environment includes an attestation verifier to determine an attestation score of the model received at a first appliance, the attestation score calculated at a second appliance different from the first appliance, a comparator to compare the attestation score to a threshold, a validator to validate the model based on the comparison, and an executor to at least one of execute or deploy the model based on the validation.

公开(公告)号：US12153722B2

公开(公告)日：2024-11-26

申请号：US17132748

申请日：2020-12-23

Applicant: Intel Corporation

Inventor： Sunil Cheruvu ,  Ria Cheruvu ,  Kshitij Doshi ,  Francesc Guim Bernat ,  Ned Smith ,  Anahit Tarkhanyan

IPC: G06F21/85 ,  G06F21/53

Abstract: Methods, apparatus, systems, and articles of manufacture to protect proprietary functionality and/or other content in hardware and software are disclosed. An example computer apparatus includes; a first circuit including a first interface, the first circuit associated with a first domain; a second circuit including a second interface, the second circuit associated with a second domain; and a chip manager to generate a first authenticated interface for the first interface using a first token and to generate a second authenticated interface for the second interface using a second token to enable communication between the first authenticated interface and the second authenticated interface.

公开(公告)号：US11991054B2

公开(公告)日：2024-05-21

申请号：US17063991

申请日：2020-10-06

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Ned M. Smith ,  Sunil Cheruvu ,  Alexander Bachmutsky ,  James Coleman

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  H04L41/50 ,  H04L41/5003 ,  H04L41/5022 ,  H04L43/087 ,  H04L67/288

CPC classification number: H04L41/5022 ,  H04L41/5003 ,  H04L41/5096 ,  H04L43/087 ,  H04L67/288

Abstract: Methods and apparatus for jitter-less distributed Function as a Service (FaaS) using flavor clustering. A set of FaaS functions clustered by flavor chaining is implemented to deploy one or more FaaS flavor clusters on one or more edge nodes, wherein each flavor is defined by a set of resource requirements mapped into a jitter Quality of Service (QoS) and is executed on at least one hardware computing component on the one or more edge nodes. One or more jitter controllers are implemented to control and monitor execution of FaaS functions in the one or more FaaS flavor clusters such that the functions are executed to meet jitter-less QoS requirements. Jitter controllers include platform jitter-less function controllers in edge nodes and a data center FaaS jitter-less controller. A jitter-less Software Defined Wide Area Network (SD-WAN) network controller is also provided to provide network resources used by FaaS flavor clusters and satisfy connectivity requirements between the edge nodes.