Patents by Inventor Atul Khare
Atul Khare has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11924336Abstract: A pair of virtualized security device initialization data sets are received at a first virtualization server from respective sources prior to a launch of a compute instance at the server. A first virtualized security device is initialized using the data sets, and used to generate cryptographic artifacts used by the compute instance. A data item which was included in one of the data sets is modified after the cryptographic artifacts are generated. Additional cryptographic artifacts are generated by a second virtualized security device at a second virtualization server to which the compute instance has been migrated. The second virtualized security device is initialized using at least the modified data item.Type: GrantFiled: June 25, 2021Date of Patent: March 5, 2024Assignee: Amazon Technologies, Inc.Inventors: Atul Khare, Deepak Gupta, Petre Eftime, Madalin Razvan Nastase
-
Patent number: 11805109Abstract: A computing device includes one or more processors, a memory and an encryption accelerator. The memory includes instructions that when executed on the processors cause a first networking session to be established between a pair of communication peers. Encryption of messages of the first session is enabled by a parameter of a security protocol of the session. The encryption accelerator obtains a key determined in the first session, and uses the key to encrypt messages of a second networking session established between the peers.Type: GrantFiled: February 25, 2019Date of Patent: October 31, 2023Assignee: Amazon Technologies, Inc.Inventors: Atul Khare, Ravi Akundi Murty, Hassan Sultan
-
Patent number: 11630687Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.Type: GrantFiled: February 20, 2018Date of Patent: April 18, 2023Assignee: Tahoe Research, Ltd.Inventors: Atul Khare, Leena Puthiyedath, Asit Mallick, Jim Coke, Michael Mishaeli, Gilbert Neiger, Vivekananthan Sanjeepan, Jason Brandt
-
Patent number: 11374745Abstract: Disclosed systems and methods implement a tracking system that tracks accesses to a TPM-secured key. In embodiments, the key may be encrypted using an encryption key, which is sealed using the TPM. A first value indicating an initial access state of the key is stored in a PCR of the TPM, and the encryption key is sealed against the PCR, so that it can be unsealed when contents of PCR match a next value derived from the first value. When the key is accessed, contents of the PCR is verified against an expected access state. If successfully verified, the PCR is extended hold the next value, the encryption key is unsealed, and the key decrypted. With each access, the encryption key is repeatedly resealed against the successive states stored in PCR. In this manner, the PCR may be used to track accesses and detect unauthorized accesses to the key.Type: GrantFiled: November 29, 2017Date of Patent: June 28, 2022Assignee: Amazon Technologies, Inc.Inventor: Atul Khare
-
Patent number: 10735190Abstract: Systems and methods are disclosed to generate a persistent identifier for a device using a trusted platform module (TPM) of the device, so that the identifier is persistent during the lifetime of the TPM. In embodiments, during an initialization of the TPM, the system obtains an entropy value from the TPM used to generate the device's persistent identifier. The identifier is written to a non-volatile storage of the TPM so that it cannot be erased during the lifetime of the TPM. In embodiments, a persistent keys pair is generated based on the identifier, and also permanently written to the non-volatile storage. In embodiments, the persistent identifier may be measured and verified via TPM quotes. In embodiments, the persistent private key may be used to sign a nonce to prove the identity of the device.Type: GrantFiled: November 16, 2017Date of Patent: August 4, 2020Assignee: Amazon Technologies, Inc.Inventor: Atul Khare
-
Patent number: 10572395Abstract: A processing system includes an execution unit comprising a logic circuit to implement an architecturally-protected execution environment associated with a protected region in a memory, in which the execution unit is to execute application code stored in the protected region as a thread running in the architecturally-protected execution environment, determine that an access mode flag is set to a first value, detect an attempt by the thread to access data stored outside the protected region, and responsive to detecting the attempt and determining that the access mode flag is set to the first value, generate an exception.Type: GrantFiled: September 7, 2016Date of Patent: February 25, 2020Assignee: Intel CorporationInventors: Volodymyr Pikhur, Atul A. Khare
-
Patent number: 10114952Abstract: In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed.Type: GrantFiled: March 30, 2016Date of Patent: October 30, 2018Assignee: MCAFEE, LLCInventors: Atul A. Khare, Karunakara Kotary, Rajesh Poornachandran, Vincent J. Zimmer, Sudeep Das
-
Publication number: 20180276027Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.Type: ApplicationFiled: February 20, 2018Publication date: September 27, 2018Inventors: Atul KHARE, Leena PUTHIYEDATH, Asit MALLICK, Jim COKE, Michael MISHAELI, Gilbert NEIGER, Vivekananthan SANJEEPAN, Jason BRANDT
-
Publication number: 20180181762Abstract: Techniques and computing devices for persistent firmware transfer monitoring and, more specifically, but not exclusively, to a resource filter within a firmware resource monitor configured to persistently store resource information after a boot operation. In one embodiment, for example, an apparatus for persistent firmware transfer monitoring in a computer system comprises at least one memory, at least one processor, and a resource filter comprising logic, at least a portion of the logic comprised in hardware and executed by the processor. The logic to may be configured to receive a list of required resources during a boot operation and receive a list of excluded resources. The resource filter may be further configured to persistently store the list of required resources and the list of excluded resources after the boot operation has completed.Type: ApplicationFiled: December 28, 2016Publication date: June 28, 2018Applicant: INTEL CORPORATIONInventors: RAJESH POORNACHANDRAN, NED M. SMITH, VINCENT J. ZIMMER, ATUL A. KHARE, KARUNAKARA KOTARY
-
Publication number: 20180067873Abstract: A processing system includes an execution unit comprising a logic circuit to implement an architecturally-protected execution environment associated with a protected region in a memory, in which the execution unit is to execute application code stored in the protected region as a thread running in the architecturally-protected execution environment, determine that an access mode flag is set to a first value, detect an attempt by the thread to access data stored outside the protected region, and responsive to detecting the attempt and determining that the access mode flag is set to the first value, generate an exception.Type: ApplicationFiled: September 7, 2016Publication date: March 8, 2018Inventors: Volodymyr Pikhur, Atul A. Khare
-
Patent number: 9898330Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.Type: GrantFiled: November 11, 2013Date of Patent: February 20, 2018Assignee: Intel CorporationInventors: Atul Khare, Leena Puthiyedath, Asit Mallick, Jim Coke, Michael Mishaeli, Gilbert Neiger, Vivekananthan Sanjeepan, Jason Brandt
-
Publication number: 20170286679Abstract: In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed.Type: ApplicationFiled: March 30, 2016Publication date: October 5, 2017Inventors: Atul A. Khare, Karunakara Kotary, Rajesh Poornachandran, Vincent J. Zimmer, Sudeep Das
-
Publication number: 20160092227Abstract: Robust system call and system return instructions are executed by a processor to transfer control between a requester and an operating system kernel. The processor includes execution circuitry and registers that store pointers to data structures in memory. The execution circuitry receives a system call instruction from a requester to transfer control from a first privilege level of the requester to a second privilege level of an operating system kernel. In response, the execution circuitry swaps the data structures that are pointed to by the registers between the requester and the operating system kernel in one atomic transition.Type: ApplicationFiled: December 8, 2015Publication date: March 31, 2016Inventors: Baiju V. Patel, James B. Crossland, Atul A. Khare, Toby Opferman
-
Patent number: 9239801Abstract: An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.Type: GrantFiled: June 5, 2013Date of Patent: January 19, 2016Assignee: Intel CorporationInventors: Baiju V. Patel, Xiaoning Li, H P. Anvin, Asit K. Mallick, Gilbert Neiger, James B. Crossland, Toby Opferman, Atul A. Khare, Jason W. Brandt, James S. Coke, Brian L. Vajda
-
Patent number: 9207940Abstract: Robust system call and system return instructions are executed by a processor to transfer control between a requester and an operating system kernel. The processor includes execution circuitry and registers that store pointers to data structures in memory. The execution circuitry receives a system call instruction from a requester to transfer control from a first privilege level of the requester to a second privilege level of an operating system kernel. In response, the execution circuitry swaps the data structures that are pointed to by the registers between the requester and the operating system kernel in one atomic transition.Type: GrantFiled: March 15, 2013Date of Patent: December 8, 2015Assignee: Intel CorporationInventors: Baiju V. Patel, James B. Crossland, Atul A. Khare, Toby Opferman
-
Publication number: 20150135195Abstract: Embodiments of an invention related to compacted context state management are disclosed. In one embodiment, a processor includes instruction hardware and state management logic. The instruction hardware is to receive a first save instruction and a second save instruction. The state management logic is to, in response to the first save instruction, save context state in an un-compacted format in a first save area. The state management logic is also to, in response to the second save instruction, save a compaction mask and context state in a compacted format in a second save area and set a compacted-save indicator in the second save area. The state management logic is also to, in response to a single restore instruction, determine, based on the compacted-save indicator, whether to restore context from the un-compacted format in the first save area or from the compacted format in the second save area.Type: ApplicationFiled: November 11, 2013Publication date: May 14, 2015Inventors: Atul KHARE, Leena PUTHIYEDATH, Asit MALLICK, Jim COKE, Michael MISHAELI, Gilbert NEIGER, Vivekananthan SANJEEPAN, Jason BRANDT
-
Publication number: 20140365742Abstract: An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.Type: ApplicationFiled: June 5, 2013Publication date: December 11, 2014Inventors: BAIJU V. PATEL, XIAONING LI, H P. ANVIN, ASIT K. MALLICK, GILBERT NEIGER, JAMES B. CROSSLAND, TOBY OPFERMAN, ATUL A. KHARE, JASON W. BRANDT, JAMES S. COKE, BRIAN L. VAJDA
-
Publication number: 20140281437Abstract: Robust system call and system return instructions are executed by a processor to transfer control between a requester and an operating system kernel. The processor includes execution circuitry and registers that store pointers to data structures in memory. The execution circuitry receives a system call instruction from a requester to transfer control from a first privilege level of the requester to a second privilege level of an operating system kernel. In response, the execution circuitry swaps the data structures that are pointed to by the registers between the requester and the operating system kernel in one atomic transition.Type: ApplicationFiled: March 15, 2013Publication date: September 18, 2014Inventors: Baiju V. Patel, James B. Crossland, Atul A. Khare, Toby Opferman
-
Publication number: 20050158499Abstract: The present invention provides a flowable material container closure assembly having a port tube and a membrane tube.Type: ApplicationFiled: March 14, 2005Publication date: July 21, 2005Inventors: Michael Ling, William Hurst, Lecon Woo, Algirdas Bindokas, Patrick Ryan, Scott Edwards, Henk Blom, Atul Khare
-
Publication number: 20050123703Abstract: The present invention provides a flowable material container assembly having a membrane tube disposed coaxially within a port tube. The membrane tube has an outer layer, a core layer, and an inner layer. The outer layer is a blend of a polyolefin and a thermoplastic elastomer. The core layer is a blend of a polyolefin and a thermoplastic elastomer. The inner layer is a blend of a polyolefin, a radio frequency susceptible polymer, and a thermoplastic elastomer.Type: ApplicationFiled: January 24, 2005Publication date: June 9, 2005Inventors: Michael Ling, William Hurst, Lecon Woo, Algirdas Bindokas, Patrick Ryan, Scott Edwards, Henk Blom, Atul Khare