Patents by Inventor Baiju Patel
Baiju Patel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240045968Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.Type: ApplicationFiled: October 23, 2023Publication date: February 8, 2024Applicant: Intel CorporationInventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
-
Patent number: 11847228Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: December 13, 2021Date of Patent: December 19, 2023Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11829483Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: December 13, 2021Date of Patent: November 28, 2023Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11825000Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.Type: GrantFiled: May 12, 2022Date of Patent: November 21, 2023Assignee: Intel CorporationInventors: Prashant Dewan, Baiju Patel
-
Patent number: 11809545Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.Type: GrantFiled: July 1, 2022Date of Patent: November 7, 2023Assignee: Intel Corporation, Inc.Inventors: Vincent R. Scarlata, Carlos V. Rozas, Baiju Patel, Barry E. Huntley, Ravi L. Sahita, Hormuzd M. Khosravi
-
Patent number: 11775652Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: December 10, 2021Date of Patent: October 3, 2023Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11706039Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.Type: GrantFiled: December 26, 2020Date of Patent: July 18, 2023Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel
-
Patent number: 11698973Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: December 9, 2021Date of Patent: July 11, 2023Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11700135Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.Type: GrantFiled: December 26, 2020Date of Patent: July 11, 2023Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel, Vedvyas Shanbhogue
-
Publication number: 20230102178Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) or a virtual PUF key are described.Type: ApplicationFiled: September 25, 2021Publication date: March 30, 2023Inventors: Siddhartha CHHABRA, Vedvyas SHANBHOGUE, Prashant DEWAN, Baiju PATEL
-
Publication number: 20230100106Abstract: In one embodiment, an apparatus includes: an access control circuit to receive a memory transaction directed to a storage, the memory transaction having a requester ID and a key ID; a first memory to store an access control table, the access control table having a plurality of entries each to store a requester ID and at least one key ID; and a cryptographic circuit coupled to the access control circuit, the cryptographic circuit to perform a cryptographic operation on data associated with the memory transaction based at least in part on the key ID. The apparatus may be implemented as an inline engine coupled between the storage and an accelerator, the inline engine to provide decrypted data to the accelerator, the storage to store encrypted data. Other embodiments are described and claimed.Type: ApplicationFiled: September 24, 2021Publication date: March 30, 2023Inventors: Prashant Dewan, Siddhartha Chhabra, Robert Royer, JR., Baiju Patel
-
Publication number: 20230094171Abstract: Techniques for memory assisted inline encryption/decryption are described. An example includes an encryption data structure engine to provide a key, data, and a tweak to the encryption/decryption engine, wherein the encryption data structure engine is to: read an index value from an encryption data structure lookup data structure entry using an address, the entry to include the index value and a guest page physical address (GPPA), retrieve, based on the index value, an entry from the encryption data structure, the entry to include a logical block address (LBA) base, a key identifier, and at least one GPPA in a sequence of GPPAs, generate a LBA using a position of the GPPA from the encryption data structure lookup data structure entry in the sequence of GPPAs, and retrieve a key based on the key identifier, wherein the encryption engine to encrypt data using the retrieved key, and the generated LBA.Type: ApplicationFiled: September 25, 2021Publication date: March 30, 2023Inventors: Avishay SNIR, Ziv CHAI, Siddhartha CHHABRA, Prashant DEWAN, Baiju PATEL
-
Patent number: 11570010Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.Type: GrantFiled: December 26, 2020Date of Patent: January 31, 2023Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel
-
Patent number: 11562063Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.Type: GrantFiled: December 7, 2020Date of Patent: January 24, 2023Assignee: Intel CorporationInventors: Michael Lemay, David M. Durham, Michael E. Kounavis, Barry E. Huntley, Vedvyas Shanbhogue, Jason W. Brandt, Josh Triplett, Gilbert Neiger, Karanvir Grewal, Baiju Patel, Ye Zhuang, Jr-Shian Tsai, Vadim Sukhomlinov, Ravi Sahita, Mingwei Zhang, James C. Farwell, Amitabh Das, Krishna Bhuyan
-
Publication number: 20220417005Abstract: Systems, methods, and apparatuses for providing chiplet binding to a disaggregated architecture for a system on a chip are described. In one embodiment, system includes a plurality of physically separate dies, an interconnect to electrically couple the plurality of physically separate dies together, a first die-to-die communication circuit, of a first die of the plurality of physically separate dies, comprising a transmitter circuit and an encryption circuit having a link key to encrypt data to be sent from the transmitter circuit into encrypted data, and a second die-to-die communication circuit, of a second die of the plurality of physically separate dies, comprising a receiver circuit and a decryption circuit having the link key to decrypt the encrypted data sent from the transmitter circuit to the receiver circuit.Type: ApplicationFiled: June 25, 2021Publication date: December 29, 2022Inventors: BAIJU PATEL, SIDDHARTHA CHHABRA, PRASHANT DEWAN, OFIR SHWARTZ
-
Publication number: 20220416997Abstract: Methods and apparatus relating to handling unaligned transactions for inline encryption are described. In an embodiment, cryptographic logic circuitry receives a plurality of incoming packets and store two or more incoming packets from the plurality of incoming packets in memory. The cryptographic logic circuitry is informs software in response to detection of the two or more incoming packets. Other embodiments are also disclosed and claimed.Type: ApplicationFiled: June 24, 2021Publication date: December 29, 2022Applicant: Intel CorporationInventors: Prashant Dewan, Siddhartha Chhabra, Robert J. Royer, JR., Michael Glik, Baiju Patel
-
Publication number: 20220365885Abstract: Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.Type: ApplicationFiled: July 25, 2022Publication date: November 17, 2022Applicant: Intel CorporationInventors: Siddhartha Chhabra, Rajat Agarwal, Baiju Patel, Kirk Yap
-
Publication number: 20220335117Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.Type: ApplicationFiled: July 1, 2022Publication date: October 20, 2022Applicant: Intel CorporationInventors: Vincent R. Scarlata, Carlos V. Rozas, Baiju Patel, Barry E. Huntley, Ravi L. Sahita, Hormuzd M. Khosravi
-
Publication number: 20220335127Abstract: The present disclosure is directed to systems and methods for detecting side-channel exploit attacks such as Spectre and Meltdown. Performance monitoring circuitry includes first counter circuitry to monitor CPU cache misses and second counter circuitry to monitor DTLB load misses. Upon detecting an excessive number of cache misses and/or load misses, the performance monitoring circuitry transfers the first and second counter circuitry data to control circuitry. The control circuitry determines a CPU cache miss to DTLB load miss ratio for each of a plurality of temporal intervals. The control circuitry the identifies, determines, and/or detects a pattern or trend in the CPU cache miss to DTLB load miss ratio. Upon detecting a deviation from the identified CPU cache miss to DTLB load miss ratio pattern or trend indicative of a potential side-channel exploit attack, the control circuitry generates an output to alert a system user or system administrator.Type: ApplicationFiled: May 9, 2022Publication date: October 20, 2022Applicant: Intel CorporationInventors: Paul Carlson, Rahuldeva Ghosh, Baiju Patel, Zhong Chen
-
Publication number: 20220271955Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.Type: ApplicationFiled: May 12, 2022Publication date: August 25, 2022Applicant: Intel CorporationInventors: Prashant Dewan, Baiju Patel