Patents by Inventor Kapil Sood
Kapil Sood has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240111879Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.Type: ApplicationFiled: September 19, 2023Publication date: April 4, 2024Inventors: Ned SMITH, Kshitij A. DOSHI, Francesc GUIM BERNAT, Kapil SOOD, Tarun VISWANATHAN
-
Patent number: 11936637Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.Type: GrantFiled: October 19, 2022Date of Patent: March 19, 2024Assignee: Intel CorporationInventors: Kapil Sood, Seosamh O'Riordain, Ned M. Smith, Tarun Viswanathan
-
Patent number: 11907389Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.Type: GrantFiled: May 16, 2022Date of Patent: February 20, 2024Assignee: Intel CorporationInventors: David J. Harriman, Ioannis T. Schoinas, Kapil Sood, Raghunandan Makaram, Yu-Yuan Chen
-
Patent number: 11907704Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.Type: GrantFiled: May 2, 2022Date of Patent: February 20, 2024Assignee: Intel CorporationInventors: Ned M. Smith, Kshitij Arun Doshi, John J. Browne, Vincent J. Zimmer, Francesc Guim Bernat, Kapil Sood
-
Publication number: 20240045968Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.Type: ApplicationFiled: October 23, 2023Publication date: February 8, 2024Applicant: Intel CorporationInventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
-
Publication number: 20240022405Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed to provide hardware enforced security for a service mesh. An example first server of a service mesh disclosed herein to provide hardware enforced security for a service mesh includes programmable circuitry to at least one of instantiate or execute the machine-readable instructions to detect a second server of the service mesh, cause a public key of the second server to be stored in the first enclave, and after an attestation for a second enclave is obtained, cause addition of the second server to the service mesh.Type: ApplicationFiled: September 28, 2023Publication date: January 18, 2024Inventors: Kapil Sood, Shaojun Ding, Dong Guo, Huailong Zhang, Ruijing Guo, Hejie Xu, Qiming Liu
-
Patent number: 11832142Abstract: Technologies for performing an automated application exchange negotiation in an operator network include an endpoint device, a mobile edge computing device, a core computing device, an application provider computing device, and a network operator computing device. The mobile edge computing device is configured to receive a request to access an application and/or service stored at the mobile edge computing device and/or the application provider computing device. The mobile edge computing device is further configured to initiate the automated application exchange negotiation between the application provider computing device and the network operator computing device to determine one or more terms of the negotiation, including one or more terms of a service level agreement (SLA). Other embodiments are described herein.Type: GrantFiled: March 22, 2021Date of Patent: November 28, 2023Assignee: Intel CorporationInventors: Valerie J. Young, Kapil Sood
-
Publication number: 20230359743Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: ApplicationFiled: July 18, 2023Publication date: November 9, 2023Applicant: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Publication number: 20230353508Abstract: Examples described herein relate to a system within a package. In some examples, the system includes a communication fabric and circuitry to adjust a packet throughput rate associated with the communication fabric based at least in part on incoming receive rate across multiple input ports and fabric usage. In some examples, the communication fabric is to communicatively couple devices in the package including one or more of: an accelerator, a processor, a memory, or a network interface device.Type: ApplicationFiled: July 10, 2023Publication date: November 2, 2023Inventors: Kapil SOOD, Patrick CONNOR, Scott P. DUBAL, James R. HEARN, Brendan RYAN, Chris MACNAMARA, Conor WALSH, David HUNT, John J. BROWNE, Kevin LAATZ
-
Patent number: 11797690Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.Type: GrantFiled: April 10, 2020Date of Patent: October 24, 2023Assignee: Intel CorporationInventors: Ned Smith, Kshitij A. Doshi, Francesc Guim Bernat, Kapil Sood, Tarun Viswanathan
-
Patent number: 11775621Abstract: At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.Type: GrantFiled: November 21, 2022Date of Patent: October 3, 2023Assignee: Intel CorporationInventors: Malini K. Bhandaru, Kapil Sood, Christian Maciocco, Isaku Yamahata, Yunhong Jiang
-
Publication number: 20230297410Abstract: Examples described herein relate to a trusted and secure emulated device. The emulated device can be assigned to a service based on attestation of a hardware platform of the emulated device, assignment of the emulated device to a trust domain, and attestation of a device configuration associated with the emulated device.Type: ApplicationFiled: May 22, 2023Publication date: September 21, 2023Inventors: Kapil SOOD, Scott P. DUBAL, Patrick CONNOR, James R. HEARN
-
Publication number: 20230289229Abstract: Methods and apparatus relating to confidential computing extensions for highly scalable accelerators are described. One or more embodiments provide extensions for scalable accelerator(s) to be able to directly assign accelerator work-queue(s) to Trusted Execution Environment (TEE) Virtual Machines (TVMs). Other embodiments are also disclosed and claimed.Type: ApplicationFiled: June 30, 2022Publication date: September 14, 2023Applicant: Intel CorporationInventors: Utkarsh Y. Kakaiya, Saurabh Gayen, Kapil Sood, Naveen Lakkakula
-
Patent number: 11757650Abstract: Various systems and methods for distributing orchestration of network services using blockchain technology are disclosed. A bid is posted for orchestration of a network service to be delivered using NFV using a DSFC contract blockchain. The device, DSFC contract and initiator of a request for the network service are identified using a self-sovereign identity blockchain. The device determines it is to orchestrate the network service based on the DSFC contract blockchain and identifies at least one entity to provide the network service from a DWH contract blockchain that contains DWH contract bids of entities for the network service. The entities and DWH contract are identified using the self-sovereign identity blockchain. The device ensures that the DWH contract is being executed by the at least one entity according to the DWH contract and provides remuneration after fulfillment.Type: GrantFiled: December 28, 2018Date of Patent: September 12, 2023Assignee: Intel CorporationInventors: Kapil Sood, Ned M. Smith
-
Patent number: 11757647Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.Type: GrantFiled: May 14, 2021Date of Patent: September 12, 2023Assignee: Intel CorporationInventors: Kapil Sood, Naveen Lakkakula, Hari K. Tadepalli, Lokpraveen Mosur, Rajesh Gadiyar, Patrick Fleming
-
Patent number: 11748486Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: GrantFiled: October 7, 2021Date of Patent: September 5, 2023Assignee: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Patent number: 11736942Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.Type: GrantFiled: October 21, 2020Date of Patent: August 22, 2023Assignee: Intel CorporationInventors: Alexander Bachmutsky, Dario Sabella, Francesc Guim Bernat, John J. Browne, Kapil Sood, Kshitij Arun Doshi, Mats Gustav Agerstam, Ned M. Smith, Rajesh Poornachandran, Tarun Viswanathan
-
Patent number: 11711268Abstract: Methods and apparatus to execute a workload in an edge environment are disclosed. An example apparatus includes a node scheduler to accept a task from a workload scheduler, the task including a description of a workload and tokens, a workload executor to execute the workload, the node scheduler to access a result of execution of the workload and provide the result to the workload scheduler, and a controller to access the tokens and distribute at least one of the tokens to at least one provider, the provider to provide a resource to the apparatus to execute the workload.Type: GrantFiled: December 20, 2019Date of Patent: July 25, 2023Assignee: INTEL CORPORATIONInventors: Ned Smith, Francesc Guim Bernat, Sanjay Bakshi, Katalin Bartfai-Walcott, Kapil Sood, Kshitij Doshi, Robert Munoz
-
Patent number: 11704424Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.Type: GrantFiled: July 27, 2021Date of Patent: July 18, 2023Assignee: Intel CorporationInventors: Francesc Guim Bernat, Mark Schmisseur, Kshitij Doshi, Kapil Sood, Tarun Viswanathan
-
Publication number: 20230171234Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.Type: ApplicationFiled: October 19, 2022Publication date: June 1, 2023Inventors: Kapil Sood, Seosamh O'Riordain, Ned M. Smith, Tarun Viswanathan