Patents by Inventor Yeluri Raghuram
Yeluri Raghuram has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240160717Abstract: Various systems and methods are described for implementing trust authority or trust attestation verification operations, including for Trust-as-a-Service or Attestation-as-a-Service implementations, in accordance with the techniques discussed herein. In various examples, operations and configurations are described to enable service-to-service attestation using a trust authority, to operate an attestation service, and to coordinate trust operations between relying and requesting parties.Type: ApplicationFiled: June 24, 2022Publication date: May 16, 2024Inventors: Yeluri Raghuram, Haidong Xia, Uttam Shetty, Anil Rao, Sudhir Subbarao Bangalore, Raghavender Nagarajan, Kekuut Hoomkwap, Wei Peng
-
Patent number: 11922220Abstract: Embodiments of systems, apparatuses and methods provide enhanced function as a service (FaaS) to users, e.g., computer developers and cloud service providers (CSPs). A computing system configured to provide such enhanced FaaS service include one or more controls architectural subsystems, software and orchestration subsystems, network and storage subsystems, and security subsystems. The computing system executes functions in response to events triggered by the users in an execution environment provided by the architectural subsystems, which represent an abstraction of execution management and shield the users from the burden of managing the execution. The software and orchestration subsystems allocate computing resources for the function execution by intelligently spinning up and down containers for function code with decreased instantiation latency and increased execution scalability while maintaining secured execution.Type: GrantFiled: April 16, 2019Date of Patent: March 5, 2024Assignee: Intel CorporationInventors: Mohammad R. Haghighat, Kshitij Doshi, Andrew J. Herdrich, Anup Mohan, Ravishankar R. Iyer, Mingqiu Sun, Krishna Bhuyan, Teck Joo Goh, Mohan J. Kumar, Michael Prinke, Michael Lemay, Leeor Peled, Jr-Shian Tsai, David M. Durham, Jeffrey D. Chamberlain, Vadim A. Sukhomlinov, Eric J. Dahlen, Sara Baghsorkhi, Harshad Sane, Areg Melik-Adamyan, Ravi Sahita, Dmitry Yurievich Babokin, Ian M. Steiner, Alexander Bachmutsky, Anil Rao, Mingwei Zhang, Nilesh K. Jain, Amin Firoozshahian, Baiju V. Patel, Wenyong Huang, Yeluri Raghuram
-
Publication number: 20240022550Abstract: Various systems and methods for providing a trusted key access broker are described herein. A system may be configured to receive, at a trusted key access broker, from a requestor via a broker application programming interface, a request for a cryptographic key operation, the request associated with attestation evidence data; use the attestation evidence data to validate the requestor; in response to validating the requestor, translate and transmit the request for the cryptographic key operation to one of the plurality of key management systems; receive a response from the one of the plurality of key management systems; and transmit the response to the requestor.Type: ApplicationFiled: September 27, 2023Publication date: January 18, 2024Inventors: Yeluri Raghuram, Anil Rao, Haidong Xia, Uttam Shetty, Nikhil M. Deshpande
-
Publication number: 20230359743Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: ApplicationFiled: July 18, 2023Publication date: November 9, 2023Applicant: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Patent number: 11748486Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: GrantFiled: October 7, 2021Date of Patent: September 5, 2023Assignee: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Patent number: 11604882Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: GrantFiled: June 6, 2019Date of Patent: March 14, 2023Assignee: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Publication number: 20220027476Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: ApplicationFiled: October 7, 2021Publication date: January 27, 2022Applicant: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Publication number: 20210263779Abstract: Embodiments of systems, apparatuses and methods provide enhanced function as a service (FaaS) to users, e.g., computer developers and cloud service providers (CSPs). A computing system configured to provide such enhanced FaaS service include one or more controls architectural subsystems, software and orchestration subsystems, network and storage subsystems, and security subsystems. The computing system executes functions in response to events triggered by the users in an execution environment provided by the architectural subsystems, which represent an abstraction of execution management and shield the users from the burden of managing the execution. The software and orchestration subsystems allocate computing resources for the function execution by intelligently spinning up and down containers for function code with decreased instantiation latency and increased execution scalability while maintaining secured execution.Type: ApplicationFiled: April 16, 2019Publication date: August 26, 2021Applicant: Intel CorporationInventors: Mohammad R. Haghighat, Kshitij Doshi, Andrew J. Herdrich, Anup Mohan, Ravishankar R. Iyer, Mingqiu Sun, Krishna Bhuyan, Teck Joo Goh, Mohan J. Kumar, Michael Prinke, Michael Lemay, Leeor Peled, Jr-Shian Tsai, David M. Durham, Jeffrey D. Chamberlain, Vadim A. Sukhomlinov, Eric J. Dahlen, Sara Baghsorkhi, Harshad Sane, Areg Melik-Adamyan, Ravi Sahita, Dmitry Yurievich Babokin, Ian M. Steiner, Alexander Bachmutsky, Anil Rao, Mingwei Zhang, Nilesh K. Jain, Amin Firoozshahian, Baiju V. Patel, Wenyong Huang, Yeluri Raghuram
-
Patent number: 11042643Abstract: Systems, apparatuses and methods may provide for establishing a hardware-based chain of trust in a computing system and extending the hardware-based chain of trust to a container manager and a containerized application on the computing system. Additionally, the containerized application may be checked for its trust and security while it is launched, via the container manager, on the computing system. In one example, extending the hardware-based chain of trust includes conducting a pre-boot measurement of the container manager, a root of trust measurement agent, and one or more packages associated with the containerized application, and verifying the pre-boot measurement of the platform/host and the application itself prior to the containerized application being launched.Type: GrantFiled: December 24, 2015Date of Patent: June 22, 2021Assignee: Intel CorporationInventors: Abhishek Gupta, Yeluri Raghuram
-
Publication number: 20190311127Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: ApplicationFiled: June 6, 2019Publication date: October 10, 2019Applicant: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Patent number: 10339317Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: GrantFiled: March 4, 2016Date of Patent: July 2, 2019Assignee: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Publication number: 20180349610Abstract: Systems, apparatuses and methods may provide for establishing a hardware-based chain of trust in a computing system and extending the hardware-based chain of trust to a container manager and a containerized application on the computing system. Additionally, the containerized application may be checked for its trust and security while it is launched, via the container manager, on the computing system. In one example, extending the hardware-based chain of trust includes conducting a pre-boot measurement of the container manager, a root of trust measurement agent, and one or more packages associated with the containerized application, and verifying the pre-boot measurement of the platform/host and the application itself prior to the containerized application being launched.Type: ApplicationFiled: December 24, 2015Publication date: December 6, 2018Inventors: Abhishek Gupta, Yeluri Raghuram
-
Patent number: 9910972Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.Type: GrantFiled: January 30, 2012Date of Patent: March 6, 2018Assignee: Intel CorporationInventor: Yeluri Raghuram
-
Patent number: 9774602Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.Type: GrantFiled: December 24, 2015Date of Patent: September 26, 2017Assignee: Intel CorporationInventors: Yeluri Raghuram, Sudhir Bangalore
-
Publication number: 20170177873Abstract: Disclosed herein are embodiments related to security in cloudlet environments. In some embodiments, for example, a computing device (e.g., a cloudlet) may include: a trusted execution environment; a Basic Input/Output System (BIOS) to request a Key Encryption Key (KEK) from the trusted execution environment; and a Self-Encrypting Storage (SES) associated with the KEK; wherein the trusted execution environment is to verify the BIOS and provide the KEK to the BIOS subsequent to verification of the BIOS, and the BIOS is to provide the KEK to the SES to unlock the SES for access by the trusted execution environment.Type: ApplicationFiled: March 4, 2016Publication date: June 22, 2017Applicant: Intel CorporationInventors: Yeluri Raghuram, Susanne M. Balle, Nigel Thomas Cook, Kapil Sood
-
Publication number: 20160277498Abstract: This disclosure describes, in one embodiment, a system that includes a block storage and virtual machine (VM) manager to identify one or more storage node(s) that meet at least one policy constraint and to select a storage node with capacity from the one or more storage node(s) that meets all of the at least one policy constraints, the at least one policy constraint related to a respective geolocation of each of the identified storage node(s).Type: ApplicationFiled: May 11, 2015Publication date: September 22, 2016Applicant: INTEL CORPORATIONInventors: SAURABH KULKARNI, NARESH K. GADEPALLI, YELURI RAGHURAM
-
Publication number: 20160134636Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.Type: ApplicationFiled: December 24, 2015Publication date: May 12, 2016Inventors: Yeluri Raghuram, Sudhir Bangalore
-
Patent number: 9256742Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.Type: GrantFiled: March 15, 2012Date of Patent: February 9, 2016Assignee: Intel CorporationInventors: Yeluri Raghuram, Sudhir S. Bangalore
-
Patent number: 8924720Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.Type: GrantFiled: September 27, 2012Date of Patent: December 30, 2014Assignee: Intel CorporationInventors: Yeluri Raghuram, Steve Orrin, Alberto J. Munoz
-
Publication number: 20140109191Abstract: Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent.Type: ApplicationFiled: January 30, 2012Publication date: April 17, 2014Inventor: Yeluri Raghuram