Patents by Inventor ALPA NARENDRA TRIVEDI
ALPA NARENDRA TRIVEDI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11895201Abstract: A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.Type: GrantFiled: March 27, 2020Date of Patent: February 6, 2024Assignee: Intel CorporationInventors: Steffen Schulz, Patrick Koeberl, Alpa Narendra Trivedi, Scott Weber
-
Publication number: 20230376637Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.Type: ApplicationFiled: August 1, 2023Publication date: November 23, 2023Applicant: Intel CorporationInventors: Manoj R. Sastry, Alpa Narendra Trivedi, Men Long
-
Patent number: 11768964Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.Type: GrantFiled: February 23, 2022Date of Patent: September 26, 2023Assignee: INTEL CORPORATIONInventors: Manoj R. Sastry, Alpa Narendra Trivedi, Men Long
-
Patent number: 11720503Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.Type: GrantFiled: April 20, 2022Date of Patent: August 8, 2023Assignee: INTEL CORPORATIONInventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
-
Patent number: 11625275Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.Type: GrantFiled: December 2, 2020Date of Patent: April 11, 2023Assignee: INTEL CORPORATIONInventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
-
Publication number: 20220405427Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.Type: ApplicationFiled: February 23, 2022Publication date: December 22, 2022Inventors: Manoj R. Sastry, Alpa Narendra Trivedi, Men Long
-
Patent number: 11494523Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.Type: GrantFiled: August 14, 2020Date of Patent: November 8, 2022Assignee: Intel CorporationInventors: Abhishek Basak, Pradeep Pappachan, Siddhartha Chhabra, Alpa Narendra Trivedi, Erdem Aktas, Ravi Sahita
-
Patent number: 11416415Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.Type: GrantFiled: June 18, 2019Date of Patent: August 16, 2022Assignee: INTEL CORPORATIONInventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
-
Publication number: 20220245070Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.Type: ApplicationFiled: April 20, 2022Publication date: August 4, 2022Applicant: Intel CorporationInventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
-
Patent number: 11386017Abstract: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.Type: GrantFiled: December 26, 2018Date of Patent: July 12, 2022Assignee: INTEL CORPORATIONInventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
-
Publication number: 20220091998Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.Type: ApplicationFiled: December 6, 2021Publication date: March 24, 2022Applicant: Intel CorporationInventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
-
Patent number: 11263352Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.Type: GrantFiled: July 23, 2020Date of Patent: March 1, 2022Assignee: Intel CorporationInventors: Manoj R. Sastry, Alpa Narendra Trivedi, Men Long
-
Publication number: 20210390063Abstract: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data.Type: ApplicationFiled: August 27, 2021Publication date: December 16, 2021Applicant: Intel CorporationInventors: Reshma Lal, Alpa Narendra Trivedi, Luis Kida, Pradeep M. Pappachan, Soham Jayesh Desai, Nanda Kumar Unnikrishnan
-
Patent number: 11138132Abstract: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data.Type: GrantFiled: December 26, 2018Date of Patent: October 5, 2021Assignee: INTEL CORPORATIONInventors: Reshma Lal, Alpa Narendra Trivedi, Luis Kida, Pradeep M. Pappachan, Soham Jayesh Desai, Nanda Kumar Unnikrishnan
-
Publication number: 20210117576Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.Type: ApplicationFiled: December 2, 2020Publication date: April 22, 2021Applicant: Intel CorporationInventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
-
Patent number: 10878134Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.Type: GrantFiled: March 29, 2019Date of Patent: December 29, 2020Assignee: INTEL CORPORATIONInventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
-
Publication number: 20200372188Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.Type: ApplicationFiled: August 14, 2020Publication date: November 26, 2020Applicant: Intel CorporationInventors: Abhishek Basak, Pradeep Pappachan, Siddhartha Chhabra, Alpa Narendra Trivedi, Erdem Aktas, Ravi Sahita
-
Publication number: 20200356699Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.Type: ApplicationFiled: July 23, 2020Publication date: November 12, 2020Inventors: Manoj R. Sastry, Alpa Narendra Trivedi, Men Long
-
Patent number: 10726162Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.Type: GrantFiled: December 19, 2014Date of Patent: July 28, 2020Assignee: Intel CorporationInventors: Manoj R Sastry, Alpa Narendra Trivedi, Men Long
-
Publication number: 20200228388Abstract: A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.Type: ApplicationFiled: March 27, 2020Publication date: July 16, 2020Applicant: Intel CorporationInventors: Steffen Schulz, Patrick Koeberl, Alpa Narendra Trivedi, Scott Weber