Patents by Inventor Baiju Patel

Baiju Patel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220100866
    Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.
    Type: Application
    Filed: December 13, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Baiju Patel, Prashant Dewan
  • Patent number: 11288206
    Abstract: Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.
    Type: Grant
    Filed: March 26, 2020
    Date of Patent: March 29, 2022
    Assignee: Intel Corporation
    Inventors: Hormuzd M. Khosravi, Baiju Patel, Ravi Sahita, Barry Huntley
  • Publication number: 20220019667
    Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
    Type: Application
    Filed: June 22, 2021
    Publication date: January 20, 2022
    Applicant: Intel Corporation
    Inventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
  • Patent number: 11205003
    Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: December 21, 2021
    Assignee: Intel Corporation
    Inventors: Baiju Patel, Prashant Dewan
  • Publication number: 20210319138
    Abstract: Methods and apparatus relating to utilization of logic and a serial number to provide persistent unique platform secret for generation of System on Chip (SOC or SoC) root keys are described. In an embodiment, stepping logic circuitry generates a stepping identifier in response to a first signal. Unique identifier logic circuitry generates a unique identifier in response to a second signal. Secret generation logic circuitry generates a key based at least in part on the stepping identifier and the unique identifier. The unique identifier is stored in persistent memory. Other embodiments are also disclosed and claimed.
    Type: Application
    Filed: June 25, 2021
    Publication date: October 14, 2021
    Applicant: Intel Corporation
    Inventors: Prashant Dewan, Baiju Patel, Siddhartha Chhabra, Ofir Shwartz, Kumar Dwarakanath
  • Publication number: 20210224202
    Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.
    Type: Application
    Filed: April 5, 2021
    Publication date: July 22, 2021
    Inventors: Siddhartha Chhabra, Hormuzd M. Khosravi, Gideon Gerzon, Barry E. Huntley, Gilbert Neiger, Ido Ouziel, Baiju Patel, Ravi L. Sahita, Amy L. Santoni, Ioannis T. Schoinas
  • Patent number: 11048800
    Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: June 29, 2021
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
  • Publication number: 20210117535
    Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
    Type: Application
    Filed: December 7, 2020
    Publication date: April 22, 2021
    Inventors: Michael LEMAY, David M. DURHAM, Michael E. KOUNAVIS, Barry E. HUNTLEY, Vedvyas SHANBHOGUE, Jason W. BRANDT, Josh TRIPLETT, Gilbert NEIGER, Karanvir GREWAL, Baiju PATEL, Ye ZHUANG, Jr-Shian TSAI, Vadim SUKHOMLINOV, Ravi SAHITA, Mingwei ZHANG, James C. FARWELL, Amitabh DAS, Krishna BHUYAN
  • Publication number: 20210064254
    Abstract: There is disclosed a microprocessor, including: a processing core; and a total memory encryption (TME) engine to provide TME for a first trust domain (TD), and further to: allocate a block of physical memory to the first TD and a first cryptographic key to the first TD; map within an extended page table (EPT) a host physical address (HPA) space to a guest physical address (GPA) space of the TD; create a memory ownership table (MOT) entry for a memory page within the block of physical memory, wherein the MOT table comprises a GPA reverse mapping; encrypt the MOT entry using the first cryptographic key; and append to the MOT entry verification data, wherein the MOT entry verification data enables detection of an attack on the MOT entry.
    Type: Application
    Filed: September 29, 2017
    Publication date: March 4, 2021
    Applicant: Intel Corporation
    Inventors: David M. Durham, Ravi L. Sahita, Vedvyas Shanbhogue, Barry E. Huntley, Baiju Patel, Gideon Gerzon, Ioannis T. Schoinas, Hormuzd M. Khosravi, Siddhartha Chhabra, Carlos V. Rozas
  • Patent number: 10853270
    Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.
    Type: Grant
    Filed: December 17, 2019
    Date of Patent: December 1, 2020
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Baiju Patel
  • Patent number: 10831679
    Abstract: Systems, methods, and apparatuses for defending against cross-privilege linear access are described. For example, an implementation of an apparatus comprising privilege level storage to store a current privilege level and address check circuitry coupled to the privilege level storage, wherein the address check circuitry is to determine whether a linear address associated with an instruction is allowed to access a partition of a linear address space of the apparatus based upon a comparison of the current privilege level and a most significant bit of the linear address is described.
    Type: Grant
    Filed: March 23, 2018
    Date of Patent: November 10, 2020
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Joseph Nuzman, Baiju Patel
  • Publication number: 20200226263
    Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.
    Type: Application
    Filed: March 27, 2020
    Publication date: July 16, 2020
    Applicant: Intel Corporation
    Inventors: Baiju Patel, Prashant Dewan
  • Publication number: 20200226071
    Abstract: Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.
    Type: Application
    Filed: March 26, 2020
    Publication date: July 16, 2020
    Inventors: Hormuzd M. Khosravi, Baiju Patel, Ravi Sahita, Barry Huntley
  • Publication number: 20200159675
    Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.
    Type: Application
    Filed: December 17, 2019
    Publication date: May 21, 2020
    Inventors: David M. Durham, Baiju Patel
  • Patent number: 10649911
    Abstract: Embodiment of this disclosure provide techniques to support full memory paging between different trust domains (TDs) in compute system without losing any of the security properties, such as tamper resistant/detection and confidentiality, on a per TD basis. In one embodiment, a processing device including a memory controller and a memory paging circuit operatively coupled to the memory controller is provided. The memory paging circuit is to evict a memory page associated with a trust domain (TD) executed by the processing device. A binding of the memory page to a first memory location of the TD is removed. A transportable page that includes encrypted contents of the memory page is created. Thereupon, the memory page is provided to a second memory location.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: May 12, 2020
    Assignee: Intel Corporation
    Inventors: Hormuzd M. Khosravi, Baiju Patel, Ravi Sahita, Barry Huntley
  • Patent number: 10509734
    Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: December 17, 2019
    Assignee: Intel Corporation
    Inventors: David M. Durham, Baiju Patel
  • Publication number: 20190294559
    Abstract: Systems, methods, and apparatuses for defending against cross-privilege linear access are described. For example, an implementation of an apparatus comprising privilege level storage to store a current privilege level and address check circuitry coupled to the privilege level storage, wherein the address check circuitry is to determine whether a linear address associated with an instruction is allowed to access a partition of a linear address space of the apparatus based upon a comparison of the current privilege level and a most significant bit of the linear address is described.
    Type: Application
    Filed: March 23, 2018
    Publication date: September 26, 2019
    Inventors: VEDVYAS SHANBHOGUE, JOSEPH NUZMAN, BAIJU PATEL
  • Publication number: 20190220601
    Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
    Type: Application
    Filed: March 22, 2019
    Publication date: July 18, 2019
    Applicant: Intel Corporation
    Inventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
  • Publication number: 20190146932
    Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.
    Type: Application
    Filed: November 29, 2018
    Publication date: May 16, 2019
    Inventors: David M. Durham, Baiju Patel
  • Publication number: 20190130104
    Abstract: The present disclosure is directed to systems and methods for detecting side-channel exploit attacks such as Spectre and Meltdown. Performance monitoring circuitry includes first counter circuitry to monitor CPU cache misses and second counter circuitry to monitor DTLB load misses. Upon detecting an excessive number of cache misses and/or load misses, the performance monitoring circuitry transfers the first and second counter circuitry data to control circuitry. The control circuitry determines a CPU cache miss to DTLB load miss ratio for each of a plurality of temporal intervals. The control circuitry the identifies, determines, and/or detects a pattern or trend in the CPU cache miss to DTLB load miss ratio. Upon detecting a deviation from the identified CPU cache miss to DTLB load miss ratio pattern or trend indicative of a potential side-channel exploit attack, the control circuitry generates an output to alert a system user or system administrator.
    Type: Application
    Filed: December 27, 2018
    Publication date: May 2, 2019
    Inventors: Paul Carlson, Rahuldeva Ghosh, Baiju Patel, Zhong Chen