Patents by Inventor Aditya Katragada
Aditya Katragada has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20260205303Abstract: Systems, methods, and circuitry for pre-authentication of a signed data structure are provided. An integrated circuit device may include a device controller to verify a signature of a signed data structure based on, during an initial boot sequence, computing a full signature verification and computing and storing a message authentication code and, during a subsequent boot sequence, recomputing the message authentication code and comparing the recomputed message authentication code to the stored message authentication code. The integrated circuit device may include data utilization circuitry to use the signed data structure based on the signature of the signed data structure being verified.Type: ApplicationFiled: January 30, 2026Publication date: July 16, 2026Inventors: Michael Neve de Mevergnies, Andrew Draper, Anthony Cartolano, Aditya Katragada, Geoffrey Strongin
-
Patent number: 12670258Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.Type: GrantFiled: January 30, 2024Date of Patent: June 30, 2026Assignee: Intel CorporationInventors: Prashant Dewan, Chao Zhang, Nivedita Aggarwal, Aditya Katragada, Mohamed Haniffa, Kenji Chen
-
Publication number: 20250323802Abstract: A method includes receiving a bitstream including a signature associated with a private key, and detecting a first watermark of the bitstream, wherein the first watermark is associated with a first public key. The method also includes loading the bitstream based on determining that the first public key corresponds to a second public key and the private key and that the first public key is validated based on a validation value.Type: ApplicationFiled: June 26, 2025Publication date: October 16, 2025Inventors: Michael Neve de Mevergnies, Geoffrey Strongin, Aditya Katragada, Andrew Draper, Anthony Cartolano
-
Publication number: 20250315538Abstract: A computing system or an integrated circuit includes a key storage circuit for storing a key and an access control enforcer circuit that grants access to the key stored in the key storage circuit in response to receiving a request based on a hardware identifier that identifies a hardware system and a subcomponent of the hardware system that is an owner of the key. The access control enforcer circuit accesses a hardware property for a key from an access control attributes circuit in response to a request to access the key. The access control enforcer circuit prevents the key from being returned to an initiator of the request if the hardware property indicates that the key is protected. The access control enforcer circuit permits the key to be used to derive, wrap, or unwrap other keys if the hardware property indicates that the key is protected.Type: ApplicationFiled: June 20, 2025Publication date: October 9, 2025Applicant: Altera CorporationInventors: Aditya Katragada, Andrew Draper
-
Patent number: 12204463Abstract: Techniques are described for providing consistent memory operations and security across electronic circuitry components having disparate memory and/or security architectures when integrating such disparately architected components within a single system, such as a system on chip. A programmable logical hierarchy of isolated memory region (IMR) enforcement circuits is provided to protect such IMRs, allowing or preventing memory access requests from one of multiple distinct circuitry components based on configuration registers for the IMR enforcement circuits. Integration of multiple trust domain architectures associated with the multiple distinct circuitry components is facilitated via trust domain conversion bridge circuitry that includes translation logic for generating information in accordance with a first trust domain architecture based on information provided in accordance with a distinct second trust domain architecture.Type: GrantFiled: March 21, 2022Date of Patent: January 21, 2025Assignee: Intel CorporationInventors: Aditya Katragada, Peter Munguia, Gregg Lahti
-
Publication number: 20240378294Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.Type: ApplicationFiled: January 30, 2024Publication date: November 14, 2024Applicant: Intel CorporationInventors: Prashant Dewan, Chao Zhang, Nivedita Aggarwal, Aditya Katragada, Mohamed Haniffa, Kenji Chen
-
Publication number: 20240345985Abstract: Systems or methods of the present disclosure may provide systems and techniques for controlling access to components and resources of an IC device by multiple tenants. For example, a method may include: receiving access control instructions defining a first mapping between one or more tenants and respective security attributes and a second mapping between one or more agent identifiers and respective access permissions; receiving a communication intended for a target component of the IC device; determining an origin tenant from which the communication originated; determining a security attribute associated with the origin tenant based on the first mapping; and sending the communication and an agent identifier comprising the security attribute and an initiator bridge identifier to a corresponding target bridge, wherein the corresponding target bridge is configured to grant or deny access of the communication to the target component based on the agent identifier and the second mapping.Type: ApplicationFiled: June 27, 2024Publication date: October 17, 2024Inventors: Aditya Katragada, Ashish Gupta, George Chong Hean Ooi
-
Publication number: 20240241973Abstract: Systems or methods of the present disclosure may provide techniques for securing data on a shared accelerator of an integrated circuit device where each user of the shared accelerator is in a different trust boundary. For example, a method may include receiving a downstream communication intended for an accelerator from one or more components sharing the accelerator, determining an origin component from which the downstream communication originated, and assigning the downstream communication to a corresponding work queue of one or more work queues of the accelerator based on the determined origin component to isolate the accelerator from different owners. The method may also include tagging an upstream communication sent from the accelerator with an identifier that identifies the owner of the data and routing the upstream communication to a destination component based on the identifier and using the assigned attributes to isolate data within or external to the accelerator.Type: ApplicationFiled: March 29, 2024Publication date: July 18, 2024Inventors: Aditya Katragada, Andrew Cunningham, Ramesh Babu Bodakunta, Gary Brian Wallichs
-
Publication number: 20240106644Abstract: A system and method of enhancing the mitigation of side channel attacks on platform interconnects using endpoint HW based detection, synchronization, and re-keying include generating a set of keys for link encryption based on a high entropy seed, storing the set of keys in a deterministic order in a register, detecting that a re-key programmable threshold is met during link encryption with a device, identifying a synchronization point associated with the device, where the synchronization point indicates the device is ready to switch a current key used for link encryption, and synchronizing a rekeying event with the device.Type: ApplicationFiled: September 27, 2022Publication date: March 28, 2024Applicant: Intel CorporationInventors: Aditya Katragada, Geoffrey Strongin, Prakash Iyer, Rajesh Banginwar, Poh Thiam Teoh, Gary Wallichs
-
Patent number: 11928215Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.Type: GrantFiled: June 29, 2022Date of Patent: March 12, 2024Assignee: Intel CorporationInventors: Prashant Dewan, Chao Zhang, Nivedita Aggarwal, Aditya Katragada, Mohamed Haniffa, Kenji Chen
-
Patent number: 11886316Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.Type: GrantFiled: April 29, 2022Date of Patent: January 30, 2024Assignee: Intel CorporationInventors: Prashant Dewan, Uttam Sengupta, Aditya Katragada
-
Patent number: 11768941Abstract: An apparatus to implement an IP independent secure firmware load into an IP agent without a ROM to establish hardware root of trust is disclosed. The apparatus includes a plurality of agents, at least one agent including an isolated memory region accessible only to a trusted entity of the at least one agent and a main memory, and a processor to allocate a section of the isolated memory region of the at least one agent, verify a first stage firmware module, the first stage firmware module comprising instructions to enable the at least one agent to load and verify a second stage firmware module, place the first stage firmware module into memory of the at least one agent without a ROM to establish the hardware root of trust.Type: GrantFiled: March 27, 2020Date of Patent: September 26, 2023Assignee: INTEL CORPORATIONInventors: Vinupama Godavarthi, Andrzej Mialkowski, Kar Leong Wong, Aditya Katragada, Maciej Kusio, Prashant Dewan, Karunakara Kotary
-
Patent number: 11734457Abstract: A processor that was manufactured by a manufacturer comprises privileged debug operational circuitry, a debug restriction fuse, a credential store, a credential of the manufacturer in the credential store, and debug control circuitry. The debug restriction fuse is a one-time programmable fuse. The debug control circuitry is to automatically restrict access to the privileged debug operational circuitry, based on the debug restriction fuse. The processor may also include public debug operational circuitry, a prevent-unauthorized-debug (PUD) fuse, and an undo-PUD fuse. When the PUD fuse is set and the undo-PUD fuse is clear, the debug control circuitry may respond to an attempt by a debugger to use the public debug operational circuitry by determining whether the debugger is authorized, disallowing access if the debugger is not authorized, and allowing access if the debugger is authorized. Other embodiments are described and claimed.Type: GrantFiled: December 23, 2019Date of Patent: August 22, 2023Assignee: Intel CorporationInventors: Neel Piyush Shah, Enrico David Carrieri, Aditya Katragada, Jonathan Mark Lutz, Michael Carl Neve de Mevergnies, Bhavana Prabhakar
-
Publication number: 20230169173Abstract: An integrated circuit provides a firmware dashboard to communicatively couple to a basic input/output system (BIOS), and provide to the BIOS a firmware load interface, and an intellectual property (IP) block interface to communicatively couple to an IP block, wherein the IP block provides a push model to load a firmware or a pull model to load the firmware, and wherein the firmware dashboard provides a common load flow to the BIOS for both the push model and pull model.Type: ApplicationFiled: December 26, 2022Publication date: June 1, 2023Applicant: Intel CorporationInventors: Aditya Katragada, Prashant Dewan, Karunakara Kotary, Vinupama Godavarthi, Kumar Dwarakanath, Alex Izbinsky, Purushottam Goel
-
Patent number: 11550917Abstract: There is disclosed in one example, a system-on-a-chip (SoC), including: a processor core; a fabric; an intellectual property (IP) block communicatively coupled to the processor core via the fabric, the IP block having a microcontroller configured to provide a microcontroller architecture; a firmware load interface configured to provide a standardized hardware interface to the microcontroller architecture, wherein the standardized hardware interface provides an architecture-agnostic mechanism to securely load a firmware to the intellectual property block; and logic to provide a loader to load a firmware to the IP block via the firmware load interface.Type: GrantFiled: June 28, 2019Date of Patent: January 10, 2023Assignee: Intel CorporationInventors: Aditya Katragada, Prashant Dewan, Karunakara Kotary, Vinupama Godavarthi, Kumar Dwarakanath, Alex Izbinsky, Purushottam Goel
-
Publication number: 20220327214Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.Type: ApplicationFiled: June 29, 2022Publication date: October 13, 2022Applicant: Intel CorporationInventors: Prashant Dewan, Chao Zhang, Nivedita Aggarwal, Aditya Katragada, Mohamed Haniffa, Kenji Chen
-
Publication number: 20220283959Abstract: Techniques are described for providing consistent memory operations and security across electronic circuitry components having disparate memory and/or security architectures when integrating such disparately architected components within a single system, such as a system on chip. A programmable logical hierarchy of isolated memory region (IMR) enforcement circuits is provided to protect such IMRs, allowing or preventing memory access requests from one of multiple distinct circuitry components based on configuration registers for the IMR enforcement circuits. Integration of multiple trust domain architectures associated with the multiple distinct circuitry components is facilitated via trust domain conversion bridge circuitry that includes translation logic for generating information in accordance with a first trust domain architecture based on information provided in accordance with a distinct second trust domain architecture.Type: ApplicationFiled: March 21, 2022Publication date: September 8, 2022Applicant: Intel CorporationInventors: Aditya Katragada, Peter Munguia, Gregg Lahti
-
Patent number: 11416370Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.Type: GrantFiled: March 27, 2020Date of Patent: August 16, 2022Assignee: Intel CorporationInventors: Prashant Dewan, Uttam Sengupta, Aditya Katragada
-
Publication number: 20220253366Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.Type: ApplicationFiled: April 29, 2022Publication date: August 11, 2022Applicant: Intel CorporationInventors: Prashant Dewan, Uttam Sengupta, Aditya Katragada
-
Patent number: 11409877Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.Type: GrantFiled: March 27, 2020Date of Patent: August 9, 2022Assignee: Intel CorporationInventors: Prashant Dewan, Chao Zhang, Nivedita Aggarwal, Aditya Katragada, Mohamed Haniffa, Kenji Chen