Patents by Inventor Siddhartha Chhabra
Siddhartha Chhabra has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11570010Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.Type: GrantFiled: December 26, 2020Date of Patent: January 31, 2023Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel
-
Publication number: 20220417042Abstract: Methods and apparatus relating to provision of platform sealing secrets using a Physically Unclonable Function (PUF) with Trusted Computing Based (TCB) Recoverability are described. In an embodiment, decode circuitry decodes an instruction to determine data to be cryptographically protected and a challenge for a Physically Unclonable Function (PUF) circuitry. Execution circuitry executes the decoded instruction to cryptographically protect the data in accordance with a key, wherein the PUF circuitry is to generate the key in response to the challenge. Other embodiments are also disclosed and claimed.Type: ApplicationFiled: June 25, 2021Publication date: December 29, 2022Applicant: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan
-
Publication number: 20220413886Abstract: Systems, methods, and apparatuses to support encrypted remote direct memory access for live migration of a virtual machine are described.Type: ApplicationFiled: June 25, 2021Publication date: December 29, 2022Inventors: SCOTT GRIFFY, DAVID BRONLEEWE, HORMUZD KHOSRAVI, SIDDHARTHA CHHABRA
-
Publication number: 20220416997Abstract: Methods and apparatus relating to handling unaligned transactions for inline encryption are described. In an embodiment, cryptographic logic circuitry receives a plurality of incoming packets and store two or more incoming packets from the plurality of incoming packets in memory. The cryptographic logic circuitry is informs software in response to detection of the two or more incoming packets. Other embodiments are also disclosed and claimed.Type: ApplicationFiled: June 24, 2021Publication date: December 29, 2022Applicant: Intel CorporationInventors: Prashant Dewan, Siddhartha Chhabra, Robert J. Royer, JR., Michael Glik, Baiju Patel
-
Publication number: 20220417005Abstract: Systems, methods, and apparatuses for providing chiplet binding to a disaggregated architecture for a system on a chip are described. In one embodiment, system includes a plurality of physically separate dies, an interconnect to electrically couple the plurality of physically separate dies together, a first die-to-die communication circuit, of a first die of the plurality of physically separate dies, comprising a transmitter circuit and an encryption circuit having a link key to encrypt data to be sent from the transmitter circuit into encrypted data, and a second die-to-die communication circuit, of a second die of the plurality of physically separate dies, comprising a receiver circuit and a decryption circuit having the link key to decrypt the encrypted data sent from the transmitter circuit to the receiver circuit.Type: ApplicationFiled: June 25, 2021Publication date: December 29, 2022Inventors: BAIJU PATEL, SIDDHARTHA CHHABRA, PRASHANT DEWAN, OFIR SHWARTZ
-
Publication number: 20220405403Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.Type: ApplicationFiled: August 18, 2022Publication date: December 22, 2022Applicant: Intel CorporationInventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
-
Patent number: 11531772Abstract: A server includes a processor core including system memory, and a cryptographic engine storing a key data structure. The data structure is to store multiple keys for multiple secure domains. The core receives a request to program a first secure domain into the cryptographic engine. The request includes first domain information within a first wrapped binary large object (blob). In response a determination that there is no available entry in the data structure, the core selects a second secure domain within the data structure to de-schedule and issues a read key command to read second domain information from a target entry of the data structure. The core encrypts the second domain information to generate a second wrapped blob and stores the second wrapped blob in a determined region of the system memory, which frees up the target entry for use to program the first secure domain.Type: GrantFiled: June 26, 2020Date of Patent: December 20, 2022Assignee: Intel CorporationInventors: Siddhartha Chhabra, David M. Durham
-
Patent number: 11520859Abstract: The present disclosure is directed to secure processing and display of protected content. The use of a trusted execution environment (TEE) to handle authentication and session key negotiation in accordance with a selected content protection protocol may reduce any trusted computing base (TCB) needed for such operations, and thereby present a smaller target for potential attackers. Techniques are presented in which a session key negotiated via such a TEE is securely provided to output circuitry such as a display controller, which may encrypt protected content that has been requested for viewing on a protocol-compliant display device communicatively coupled to a device comprising the TEE and/or the output circuitry. The output circuitry may then provide the encrypted protected content to the protocol-compliant display device, such as for compliant display of the protected content.Type: GrantFiled: March 30, 2018Date of Patent: December 6, 2022Assignee: Intel CorporationInventors: Prashant Dewan, Siddhartha Chhabra
-
Patent number: 11520611Abstract: A host Virtual Machine Monitor (VMM) operates “blindly,” without the host VMM having the ability to access data within a guest virtual machine (VM) or the ability to access directly control structures that control execution flow of the guest VM. Guest VMs execute within a protected region of memory (called a key domain) that even the host VMM cannot access. Virtualization data structures that pertain to the execution state (e.g., a Virtual Machine Control Structure (VMCS)) and memory mappings (e.g., Extended Page Tables (EPTs)) of the guest VM are also located in the protected memory region and are also encrypted with the key domain key. The host VMM and other guest VMs, which do not possess the key domain key for other key domains, cannot directly modify these control structures nor access the protected memory region. The host VMM, however, using VMPageIn and VMPageOut instructions, can build virtual machines in key domains and page VM pages in and out of key domains.Type: GrantFiled: March 30, 2019Date of Patent: December 6, 2022Assignee: Intel CorporationInventors: David Durham, Siddhartha Chhabra, Geoffrey Strongin, Ronald Perez
-
Patent number: 11520906Abstract: A computer-readable medium comprises instructions that, when executed, cause a processor to execute an untrusted workload manager to manage execution of at least one guest workload.Type: GrantFiled: March 26, 2020Date of Patent: December 6, 2022Assignee: Intel CorporationInventors: David M. Durham, Siddhartha Chhabra, Ravi L. Sahita, Barry E. Huntley, Gilbert Neiger, Gideon Gerzon, Baiju V. Patel
-
Publication number: 20220365885Abstract: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.Type: ApplicationFiled: July 25, 2022Publication date: November 17, 2022Applicant: Intel CorporationInventors: Siddhartha Chhabra, Rajat Agarwal, Baiju Patel, Kirk Yap
-
Patent number: 11494523Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.Type: GrantFiled: August 14, 2020Date of Patent: November 8, 2022Assignee: Intel CorporationInventors: Abhishek Basak, Pradeep Pappachan, Siddhartha Chhabra, Alpa Narendra Trivedi, Erdem Aktas, Ravi Sahita
-
Patent number: 11481337Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).Type: GrantFiled: September 15, 2020Date of Patent: October 25, 2022Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan, Abhishek Basak, David M. Durham
-
Publication number: 20220278836Abstract: There is disclosed in one example a computing system, including: a processor; a memory; and a memory encryption engine (MEE) including circuitry and logic to: allocate a protected isolated memory region (IMR); encrypt the protected IMR; set an access control policy to allow access to the IMR by a device identified by a device identifier; and upon receiving a memory access request directed to the IMR, enforce the access control policy.Type: ApplicationFiled: March 18, 2022Publication date: September 1, 2022Applicant: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan
-
Patent number: 11423159Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.Type: GrantFiled: December 5, 2019Date of Patent: August 23, 2022Assignee: INTEL CORPORATIONInventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
-
Patent number: 11416415Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.Type: GrantFiled: June 18, 2019Date of Patent: August 16, 2022Assignee: INTEL CORPORATIONInventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
-
Patent number: 11403005Abstract: There is disclosed a microprocessor, including: a processing core; and a total memory encryption (TME) engine to provide TME for a first trust domain (TD), and further to: allocate a block of physical memory to the first TD and a first cryptographic key to the first TD; map within an extended page table (EPT) a host physical address (HPA) space to a guest physical address (GPA) space of the TD; create a memory ownership table (MOT) entry for a memory page within the block of physical memory, wherein the MOT table comprises a GPA reverse mapping; encrypt the MOT entry using the first cryptographic key; and append to the MOT entry verification data, wherein the MOT entry verification data enables detection of an attack on the MOT entry.Type: GrantFiled: September 29, 2017Date of Patent: August 2, 2022Assignee: Intel CorporationInventors: David M. Durham, Ravi L. Sahita, Vedvyas Shanbhogue, Barry E. Huntley, Baiju Patel, Gideon Gerzon, Ioannis T. Schoinas, Hormuzd M. Khosravi, Siddhartha Chhabra, Carlos V. Rozas
-
Patent number: 11397692Abstract: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.Type: GrantFiled: June 29, 2018Date of Patent: July 26, 2022Assignee: Intel CorporationInventors: Siddhartha Chhabra, Rajat Agarwal, Baiju Patel, Kirk Yap
-
Patent number: 11392507Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.Type: GrantFiled: January 22, 2021Date of Patent: July 19, 2022Assignee: Intel CorporationInventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
-
Patent number: 11394531Abstract: Systems, apparatuses, methods, and computer-readable media are provided for reducing or eliminating cryptographic waste for link protection in computer buses. In various embodiments, data packets are encrypted/decrypted in accordance with advanced encryption standard (AES) Galois counter mode (GCM) encryption/decryption. Monotonically increased counter values are used as initialization vectors; and/or accumulated MAC is practiced to reduce or eliminate cryptographic waste. Other related aspects are also described and/or claimed.Type: GrantFiled: October 18, 2019Date of Patent: July 19, 2022Assignee: Intel CorporationInventors: Siddhartha Chhabra, Vedvyas Shanbhogue