Patents by Inventor Anna Trikalinou

Anna Trikalinou has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220100911
    Abstract: In one embodiment, a read request is received from a peripheral device across an interconnect, with the read request including a process identifier and an encrypted virtual address. One or more keys are obtained based on the process identifier of the read request, and the encrypted virtual address of the read request is decrypted based on the one or more keys to obtain an unencrypted virtual address. Encrypted data is retrieved from memory based on the unencrypted virtual address, and the encrypted data is decrypted based on the one or more keys to obtain plaintext data. The plaintext data is transmitted to the peripheral device across the interconnect.
    Type: Application
    Filed: December 10, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Anna Trikalinou, Abhishek Basak, Rupin H. Vakharwala, Utkarsh Y. Kakaiya
  • Publication number: 20220091998
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Application
    Filed: December 6, 2021
    Publication date: March 24, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Publication number: 20220092223
    Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
    Type: Application
    Filed: October 29, 2021
    Publication date: March 24, 2022
    Applicant: Intel Corporation
    Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20210406199
    Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory for storage of data, an Input/Output Memory Management Unit (IOMMU) coupled to the memory via a host-to-device link the IOMMU to perform operations, comprising receiving an address translation request from a remote device via a host-to-device link, wherein the address translation request comprises a virtual address (VA), determining a physical address (PA) associated with the virtual address (VA), generating an encrypted physical address (EPA) using at least the physical address (PA) and a cryptographic key, and sending the encrypted physical address (EPA) to the remote device via the host-to-device link.
    Type: Application
    Filed: June 25, 2020
    Publication date: December 30, 2021
    Applicant: Intel Corporation
    Inventors: Michael Kounavis, David Koufaty, Anna Trikalinou, Karanvir Grewal, Philip Lantz, Utkarsh Y. Kakaiya, Vedvyas Shanbhogue
  • Patent number: 11163913
    Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: November 2, 2021
    Assignee: INTEL CORPORATION
    Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20210173794
    Abstract: Embodiments are directed to providing a secure address translation service.
    Type: Application
    Filed: December 23, 2020
    Publication date: June 10, 2021
    Applicant: Intel Corporation
    Inventors: David Koufaty, Anna Trikalinou, Utkarsh Y. Kakaiya, Ravi Sahita, Ramya Jayaram Masti
  • Publication number: 20210117576
    Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
    Type: Application
    Filed: December 2, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20210117340
    Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.
    Type: Application
    Filed: December 26, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Anna Trikalinou, Abhishek Basak
  • Patent number: 10949358
    Abstract: Embodiments are directed to providing a secure address translation service.
    Type: Grant
    Filed: September 25, 2019
    Date of Patent: March 16, 2021
    Assignee: INTEL CORPORATON
    Inventors: Michael Kounavis, David Koufaty, Anna Trikalinou, Rupin Vakharwala
  • Publication number: 20210026543
    Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data a system agent to receive requests from one or more input/output (I/O) devices to access the memory data memory and trusted translation components having trusted host physical address (HPA) permission tables (HPTs) to validate memory address translation requests received from trusted I/O devices to access pages in memory associated with trusted domains.
    Type: Application
    Filed: September 25, 2020
    Publication date: January 28, 2021
    Applicant: Intel Corporation
    Inventors: Anna Trikalinou, Ramya Jayaram Masti, Utkarsh Kakaiya, David Koufaty, Vedvyas Shanbhogue
  • Patent number: 10878134
    Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: December 29, 2020
    Assignee: INTEL CORPORATION
    Inventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20200327072
    Abstract: Methods and apparatus relating to secure-ATS (or secure Address Translation Services) using a version tree for replay protection are described. In an embodiment, memory stores data for a secured device. The stored data comprising information for one or more intermediate nodes and one or more leaf nodes. Logic circuitry allows/disallows access to contents of a memory region associated with a first leaf node from the one or more leaf nodes by a memory access request based at least in part on whether the memory access request is associated with a permission authenticated by the MAC of the first leaf node. Other embodiments are also disclosed and claimed.
    Type: Application
    Filed: June 25, 2020
    Publication date: October 15, 2020
    Applicant: Intel Corporation
    Inventors: Michael Kounavis, Anna Trikalinou
  • Patent number: 10783281
    Abstract: A data processing system includes technology to detect a memory attack. The data processing system comprises a processing core, a memory controller, a memory bus, and memory. The memory controller comprises a memory attack detection module (MADM). The MADM comprises first and second input units and control logic in communication with the first and second input units. The control logic is configured to determine, based on first and second signals from the first and second input units, respectively, whether the memory bus is carrying a clock enable (CKE) signal of high (H), even though the memory controller is generating the CKE signal of low (L). The control logic is also configured to generate a physical memory attack detection indicator that indicates whether the memory bus is carrying the CKE signal of H, even though the memory controller is generating the CKE signal of L. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: September 22, 2020
    Assignee: Intel Corporation
    Inventors: Anna Trikalinou, Daniel S. Lake, Shigeki Tomishima
  • Publication number: 20200026661
    Abstract: Embodiments are directed to providing a secure address translation service.
    Type: Application
    Filed: September 25, 2019
    Publication date: January 23, 2020
    Applicant: Intel Corporation
    Inventors: Michael Kounavis, David Koufaty, Anna Trikalinou, Rupin Vakharwala
  • Publication number: 20200019515
    Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes DRAM for storage of data, an IOMMU coupled to the DRAM, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the DRAM, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the DRAM pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the DRAM within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.
    Type: Application
    Filed: September 25, 2019
    Publication date: January 16, 2020
    Applicant: Intel Corporation
    Inventors: David Koufaty, Rajesh Sankaran, Anna Trikalinou, Rupin Vakharwala
  • Patent number: 10474814
    Abstract: In an embodiment, an apparatus includes: an interface circuit to receive thermal information from a system memory; a calculation circuit to determine a rate of thermal change of the system memory based on a current temperature of the system memory, a prior temperature of the system memory and a time duration; and a policy enforcement circuit, in response to a result of a comparison of the rate of thermal change to a threshold, to perform at least one protection measure on the system memory. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: November 12, 2019
    Assignee: Intel Corporation
    Inventor: Anna Trikalinou
  • Publication number: 20190325142
    Abstract: Technologies disclosed herein provide mitigations against warm boot attacks on memory modules. For instance, in one embodiment, a non-volatile dual in-line memory module (NVDIMM) in a host computing system may detect a transition from a low-power state to a full-power state, receive a nonce value from a processor of the host computing system after the transition, verify the nonce value, and allow access to data stored on the NVDIMM based on successful verification of the nonce value. In another embodiment, an NVDIMM may be locked in response to detecting a transition from a high-power state to a low-power state in a host computing system. After a transition from the low-power state to the full-power state, the NVDIMM may obtain one or more passphrases, verify the one or more passphrases, and allow access to data stored on the NVDIMM based on successful verification of the one or more passphrases.
    Type: Application
    Filed: June 29, 2019
    Publication date: October 24, 2019
    Applicant: Intel Corporation
    Inventors: Anna Trikalinou, Daniel S. Lake, Sham M. Datta, Asher M. Altman, John K. Grooms
  • Publication number: 20190311123
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Application
    Filed: June 18, 2019
    Publication date: October 10, 2019
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Publication number: 20190227827
    Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
    Type: Application
    Filed: March 29, 2019
    Publication date: July 25, 2019
    Inventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20190228155
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.
    Type: Application
    Filed: March 29, 2019
    Publication date: July 25, 2019
    Inventors: Abhishek Basak, Li Chen, Salmin Sultana, Anna Trikalinou, Erdem Aktas, Saeedeh Komijani