Patents by Inventor Luis S. Kida
Luis S. Kida has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240126691Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.Type: ApplicationFiled: September 7, 2023Publication date: April 18, 2024Applicant: Intel CorporationInventors: Luis S. Kida, Reshma Lal, Soham Jayesh Desai
-
Publication number: 20240104226Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.Type: ApplicationFiled: July 25, 2023Publication date: March 28, 2024Applicant: Intel CorporationInventors: Pradeep M. Pappachan, Luis S. Kida, Reshma Lal
-
Patent number: 11782829Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.Type: GrantFiled: March 4, 2022Date of Patent: October 10, 2023Assignee: INTEL CORPORATIONInventors: Luis S. Kida, Reshma Lal, Soham Jayesh Desai
-
Patent number: 11775659Abstract: A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator deviceType: GrantFiled: April 28, 2022Date of Patent: October 3, 2023Assignee: INTEL CORPORATIONInventors: Luis S. Kida, Reshma Lal
-
Patent number: 11755748Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.Type: GrantFiled: December 19, 2022Date of Patent: September 12, 2023Assignee: INTEL CORPORATIONInventors: Pradeep M. Pappachan, Luis S. Kida, Reshma Lal
-
Publication number: 20230118641Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.Type: ApplicationFiled: December 19, 2022Publication date: April 20, 2023Applicant: Intel CorporationInventors: Pradeep M. Pappachan, Luis S. Kida, Reshma Lal
-
Patent number: 11625275Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.Type: GrantFiled: December 2, 2020Date of Patent: April 11, 2023Assignee: INTEL CORPORATIONInventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
-
Publication number: 20230071723Abstract: Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.Type: ApplicationFiled: November 2, 2022Publication date: March 9, 2023Applicant: Intel CorporationInventors: Reshma Lal, Luis S. Kida, Soham Jayesh Desai
-
Patent number: 11531770Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.Type: GrantFiled: December 23, 2019Date of Patent: December 20, 2022Assignee: Intel CorporationInventors: Pradeep M. Pappachan, Luis S. Kida, Reshma Lal
-
Patent number: 11503000Abstract: Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.Type: GrantFiled: March 29, 2019Date of Patent: November 15, 2022Assignee: INTEL CORPORATIONInventors: Reshma Lal, Luis S. Kida, Soham Jayesh Desai
-
Publication number: 20220261486Abstract: A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator deviceType: ApplicationFiled: April 28, 2022Publication date: August 18, 2022Applicant: Intel CorporationInventors: Luis S. Kida, Reshma Lal
-
Publication number: 20220188224Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.Type: ApplicationFiled: March 4, 2022Publication date: June 16, 2022Applicant: Intel CorporationInventors: Luis S. Kida, Reshma Lal, Soham Jayesh Desai
-
Patent number: 11347875Abstract: A method comprises initializing, by an accelerator device of the computing device, an authentication tag in response to an initialization command from a trusted execution environment of the computing device, initiating a transfer, by the accelerator device, of data between a host memory and an accelerator device memory in response to a descriptor from the trusted execution environment, wherein the descriptor comprises a target memory address and is indicative of a transfer direction, comparing, in a memory range selection engine comprising at least one comparator to compare the target memory address with a plurality of address ranges and select a cryptographic key from the plurality of plurality of address range registers based on the target memory address, performing, by the accelerator device, a cryptographic operation with the data in response to transferring the data, updating, by the accelerator device, the authentication tag in response to transferring the data, and finalizing, by the accelerator deviceType: GrantFiled: January 28, 2020Date of Patent: May 31, 2022Assignee: INTEL CORPORATIONInventors: Luis S. Kida, Reshma Lal
-
Publication number: 20220108224Abstract: Technologies for platform-targeted machine learning include a computing device to generate a machine learning algorithm model indicative of a plurality of classes between which a user input is to be classified and translate the machine learning algorithm model into hardware code for execution on the target platform. Example instructions cause a processor to obtain dataset features indicative of a plurality of characteristics of an input dataset, rank, using multiple ranking algorithms, the dataset features, identify feature subsets for respective ones of the ranked dataset features, predict performance metrics based on the feature subsets, and select a final subset based on the predicted performance metrics.Type: ApplicationFiled: December 17, 2021Publication date: April 7, 2022Inventors: Luis S. Kida, Nilesh K. Jain, Darshan Iyer, Ebrahim Al Safadi
-
Patent number: 11281579Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.Type: GrantFiled: January 28, 2020Date of Patent: March 22, 2022Assignee: INTEL CORPORATIONInventors: Luis S. Kida, Reshma Lal, Soham Jayesh Desai
-
Publication number: 20220027288Abstract: Technologies for secure data transfer include a computing device having a processor, an accelerator, and a security engine, such as a direct memory access (DMA) engine or a memory-mapped I/O (MMIO) engine. The computing device initializes the security engine with an initialization vector and a secret key. During initialization, the security engine pre-fills block cipher pipelines and pre-computes hash subkeys. After initialization, the processor initiates a data transfer, such as a DMA transaction or an MMIO request, between the processor and the accelerator. The security engine performs an authenticated cryptographic operation for the data transfer operation. The authenticated cryptographic operation may be AES-GCM authenticated encryption or authenticated decryption. The security engine may perform encryption or decryption using multiple block cipher pipelines. The security engine may calculate an authentication tag using multiple Galois field multipliers. Other embodiments are described and claimed.Type: ApplicationFiled: October 7, 2021Publication date: January 27, 2022Applicant: Intel CorporationInventors: SANTOSH GHOSH, LUIS S. KIDA, RESHMA LAL
-
Patent number: 11216749Abstract: Technologies for platform-targeted machine learning include a computing device to generate a machine learning algorithm model indicative of a plurality of classes between which a user input is to be classified and translate the machine learning algorithm model into hardware code for execution on the target platform. The user input is to be classified as being associated with a particular class based on an application of one or more features to the user input, and each of the one or more features has an associated implementation cost indicative of a cost to perform on a target platform on which the corresponding feature is to be applied to the user input.Type: GrantFiled: July 17, 2019Date of Patent: January 4, 2022Assignee: Intel CorporationInventors: Luis S. Kida, Nilesh K. Jain, Darshan Iyer, Ebrahim Al Safadi
-
Patent number: 11169935Abstract: Technologies for secure data transfer include a computing device having a processor, an accelerator, and a security engine, such as a direct memory access (DMA) engine or a memory-mapped I/O (MMIO) engine. The computing device initializes the security engine with an initialization vector and a secret key. During initialization, the security engine pre-fills block cipher pipelines and pre-computes hash subkeys. After initialization, the processor initiates a data transfer, such as a DMA transaction or an MMIO request, between the processor and the accelerator. The security engine performs an authenticated cryptographic operation for the data transfer operation. The authenticated cryptographic operation may be AES-GCM authenticated encryption or authenticated decryption. The security engine may perform encryption or decryption using multiple block cipher pipelines. The security engine may calculate an authentication tag using multiple Galois field multipliers. Other embodiments are described and claimed.Type: GrantFiled: December 26, 2018Date of Patent: November 9, 2021Assignee: INTEL CORPORATIONInventors: Santosh Ghosh, Luis S. Kida Kida, Reshma Lal
-
Publication number: 20210117576Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.Type: ApplicationFiled: December 2, 2020Publication date: April 22, 2021Applicant: Intel CorporationInventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
-
Patent number: 10878134Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.Type: GrantFiled: March 29, 2019Date of Patent: December 29, 2020Assignee: INTEL CORPORATIONInventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou