Patents by Inventor Uday Savagaonkar
Uday Savagaonkar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240126930Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.Type: ApplicationFiled: December 21, 2023Publication date: April 18, 2024Inventors: Uday Savagaonkar, Eric Northup
-
Patent number: 11962576Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: GrantFiled: October 26, 2022Date of Patent: April 16, 2024Assignee: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Patent number: 11947662Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.Type: GrantFiled: September 22, 2022Date of Patent: April 2, 2024Assignee: Google LLCInventors: Matthew Gingell, Peter Gonda, Alexander Thomas Cope, Sergey Karamov, Keith Moyer, Uday Savagaonkar, Chong Cai
-
Patent number: 11921905Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.Type: GrantFiled: July 18, 2018Date of Patent: March 5, 2024Assignee: Google LLCInventors: Uday Savagaonkar, Eric Northup
-
Publication number: 20230297697Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: ApplicationFiled: May 23, 2023Publication date: September 21, 2023Inventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Patent number: 11714912Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: GrantFiled: March 15, 2021Date of Patent: August 1, 2023Assignee: Google LLCInventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Publication number: 20230077623Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.Type: ApplicationFiled: September 22, 2022Publication date: March 16, 2023Inventors: Matthew Gingell, Peter Gonda, Alexander Thomas Cope, Sergey Karamov, Keith Moyer, Uday Savagaonkar, Chong Cai
-
Publication number: 20230039096Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: ApplicationFiled: October 26, 2022Publication date: February 9, 2023Inventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Patent number: 11509643Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: GrantFiled: July 18, 2018Date of Patent: November 22, 2022Assignee: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Patent number: 11494485Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.Type: GrantFiled: July 18, 2018Date of Patent: November 8, 2022Assignee: Google LLCInventors: Matthew Gingell, Peter Gonda, Alexander Thomas Cope, Sergey Karamov, Keith Moyer, Uday Savagaonkar, Chong Cai
-
Publication number: 20220224510Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.Type: ApplicationFiled: March 28, 2022Publication date: July 14, 2022Inventors: Eugene M. Kishinevsky, Uday Savagaonkar, Alpa T. Narendra Trivedi, Siddhartha Chhabra, Baiju V. Patel, Men Long, Kirk S. Yap, David M. Durham
-
Publication number: 20210232676Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.Type: ApplicationFiled: July 18, 2018Publication date: July 29, 2021Applicant: Google LLCInventors: Matthew Gingell, Peter Gonda, Alexander Thomas Cope, Sergey Karamov, Keith Moyer, Uday Savagaonkar, Chong Cai
-
Publication number: 20210200883Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: ApplicationFiled: March 15, 2021Publication date: July 1, 2021Inventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Patent number: 11023232Abstract: In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed.Type: GrantFiled: March 13, 2019Date of Patent: June 1, 2021Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Jason W. Brandt, Uday Savagaonkar, Ravi L. Sahita
-
Patent number: 10949547Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: GrantFiled: October 5, 2018Date of Patent: March 16, 2021Assignee: Google LLCInventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Publication number: 20210037001Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: ApplicationFiled: July 18, 2018Publication date: February 4, 2021Applicant: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Publication number: 20210034788Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.Type: ApplicationFiled: July 18, 2018Publication date: February 4, 2021Applicant: Google LLCInventors: Uday Savagaonkar, Eric Northup
-
Publication number: 20200110886Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: ApplicationFiled: October 5, 2018Publication date: April 9, 2020Inventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Publication number: 20200004991Abstract: In an embodiment, the present invention includes a processor having an execution logic to execute instructions and a control transfer termination (CTT) logic coupled to the execution logic. This logic is to cause a CTT fault to be raised if a target instruction of a control transfer instruction is not a CTT instruction. Other embodiments are described and claimed.Type: ApplicationFiled: March 13, 2019Publication date: January 2, 2020Inventors: Vedvyas Shanbhogue, Jason W. Brandt, Uday Savagaonkar, Ravi L. Sahita
-
Patent number: 10395028Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for virtualization-based intra-block workload isolation. The system may include a virtual machine manager (VMM) module to create a secure virtualization environment or sandbox. The system may also include a processor block to load data into a first region of the sandbox and to generate a workload package based on the data. The workload package is stored in a second region of the sandbox. The system may further include an operational block to fetch and execute instructions from the workload package.Type: GrantFiled: July 21, 2017Date of Patent: August 27, 2019Assignee: Intel CorporationInventors: Prashant Dewan, Uttam Sengupta, Siddhartha Chhabra, David Durham, Xiaozhu Kang, Uday Savagaonkar, Alpa Narendra Trivedi