Patents by Inventor Baiju Patel
Baiju Patel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20220100866Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: ApplicationFiled: December 13, 2021Publication date: March 31, 2022Applicant: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11288206Abstract: Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.Type: GrantFiled: March 26, 2020Date of Patent: March 29, 2022Assignee: Intel CorporationInventors: Hormuzd M. Khosravi, Baiju Patel, Ravi Sahita, Barry Huntley
-
Publication number: 20220019667Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.Type: ApplicationFiled: June 22, 2021Publication date: January 20, 2022Applicant: Intel CorporationInventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
-
Patent number: 11205003Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: March 27, 2020Date of Patent: December 21, 2021Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Publication number: 20210319138Abstract: Methods and apparatus relating to utilization of logic and a serial number to provide persistent unique platform secret for generation of System on Chip (SOC or SoC) root keys are described. In an embodiment, stepping logic circuitry generates a stepping identifier in response to a first signal. Unique identifier logic circuitry generates a unique identifier in response to a second signal. Secret generation logic circuitry generates a key based at least in part on the stepping identifier and the unique identifier. The unique identifier is stored in persistent memory. Other embodiments are also disclosed and claimed.Type: ApplicationFiled: June 25, 2021Publication date: October 14, 2021Applicant: Intel CorporationInventors: Prashant Dewan, Baiju Patel, Siddhartha Chhabra, Ofir Shwartz, Kumar Dwarakanath
-
Publication number: 20210224202Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.Type: ApplicationFiled: April 5, 2021Publication date: July 22, 2021Inventors: Siddhartha Chhabra, Hormuzd M. Khosravi, Gideon Gerzon, Barry E. Huntley, Gilbert Neiger, Ido Ouziel, Baiju Patel, Ravi L. Sahita, Amy L. Santoni, Ioannis T. Schoinas
-
Patent number: 11048800Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.Type: GrantFiled: March 22, 2019Date of Patent: June 29, 2021Assignee: Intel CorporationInventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
-
Publication number: 20210117535Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.Type: ApplicationFiled: December 7, 2020Publication date: April 22, 2021Inventors: Michael LEMAY, David M. DURHAM, Michael E. KOUNAVIS, Barry E. HUNTLEY, Vedvyas SHANBHOGUE, Jason W. BRANDT, Josh TRIPLETT, Gilbert NEIGER, Karanvir GREWAL, Baiju PATEL, Ye ZHUANG, Jr-Shian TSAI, Vadim SUKHOMLINOV, Ravi SAHITA, Mingwei ZHANG, James C. FARWELL, Amitabh DAS, Krishna BHUYAN
-
Publication number: 20210064254Abstract: There is disclosed a microprocessor, including: a processing core; and a total memory encryption (TME) engine to provide TME for a first trust domain (TD), and further to: allocate a block of physical memory to the first TD and a first cryptographic key to the first TD; map within an extended page table (EPT) a host physical address (HPA) space to a guest physical address (GPA) space of the TD; create a memory ownership table (MOT) entry for a memory page within the block of physical memory, wherein the MOT table comprises a GPA reverse mapping; encrypt the MOT entry using the first cryptographic key; and append to the MOT entry verification data, wherein the MOT entry verification data enables detection of an attack on the MOT entry.Type: ApplicationFiled: September 29, 2017Publication date: March 4, 2021Applicant: Intel CorporationInventors: David M. Durham, Ravi L. Sahita, Vedvyas Shanbhogue, Barry E. Huntley, Baiju Patel, Gideon Gerzon, Ioannis T. Schoinas, Hormuzd M. Khosravi, Siddhartha Chhabra, Carlos V. Rozas
-
Patent number: 10853270Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.Type: GrantFiled: December 17, 2019Date of Patent: December 1, 2020Assignee: INTEL CORPORATIONInventors: David M. Durham, Baiju Patel
-
Patent number: 10831679Abstract: Systems, methods, and apparatuses for defending against cross-privilege linear access are described. For example, an implementation of an apparatus comprising privilege level storage to store a current privilege level and address check circuitry coupled to the privilege level storage, wherein the address check circuitry is to determine whether a linear address associated with an instruction is allowed to access a partition of a linear address space of the apparatus based upon a comparison of the current privilege level and a most significant bit of the linear address is described.Type: GrantFiled: March 23, 2018Date of Patent: November 10, 2020Assignee: Intel CorporationInventors: Vedvyas Shanbhogue, Joseph Nuzman, Baiju Patel
-
Publication number: 20200226263Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: ApplicationFiled: March 27, 2020Publication date: July 16, 2020Applicant: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Publication number: 20200226071Abstract: Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.Type: ApplicationFiled: March 26, 2020Publication date: July 16, 2020Inventors: Hormuzd M. Khosravi, Baiju Patel, Ravi Sahita, Barry Huntley
-
Publication number: 20200159675Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.Type: ApplicationFiled: December 17, 2019Publication date: May 21, 2020Inventors: David M. Durham, Baiju Patel
-
Patent number: 10649911Abstract: Embodiment of this disclosure provide techniques to support full memory paging between different trust domains (TDs) in compute system without losing any of the security properties, such as tamper resistant/detection and confidentiality, on a per TD basis. In one embodiment, a processing device including a memory controller and a memory paging circuit operatively coupled to the memory controller is provided. The memory paging circuit is to evict a memory page associated with a trust domain (TD) executed by the processing device. A binding of the memory page to a first memory location of the TD is removed. A transportable page that includes encrypted contents of the memory page is created. Thereupon, the memory page is provided to a second memory location.Type: GrantFiled: March 29, 2018Date of Patent: May 12, 2020Assignee: Intel CorporationInventors: Hormuzd M. Khosravi, Baiju Patel, Ravi Sahita, Barry Huntley
-
Patent number: 10509734Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.Type: GrantFiled: November 29, 2018Date of Patent: December 17, 2019Assignee: Intel CorporationInventors: David M. Durham, Baiju Patel
-
Publication number: 20190294559Abstract: Systems, methods, and apparatuses for defending against cross-privilege linear access are described. For example, an implementation of an apparatus comprising privilege level storage to store a current privilege level and address check circuitry coupled to the privilege level storage, wherein the address check circuitry is to determine whether a linear address associated with an instruction is allowed to access a partition of a linear address space of the apparatus based upon a comparison of the current privilege level and a most significant bit of the linear address is described.Type: ApplicationFiled: March 23, 2018Publication date: September 26, 2019Inventors: VEDVYAS SHANBHOGUE, JOSEPH NUZMAN, BAIJU PATEL
-
Publication number: 20190220601Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.Type: ApplicationFiled: March 22, 2019Publication date: July 18, 2019Applicant: Intel CorporationInventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
-
Publication number: 20190146932Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.Type: ApplicationFiled: November 29, 2018Publication date: May 16, 2019Inventors: David M. Durham, Baiju Patel
-
Publication number: 20190130104Abstract: The present disclosure is directed to systems and methods for detecting side-channel exploit attacks such as Spectre and Meltdown. Performance monitoring circuitry includes first counter circuitry to monitor CPU cache misses and second counter circuitry to monitor DTLB load misses. Upon detecting an excessive number of cache misses and/or load misses, the performance monitoring circuitry transfers the first and second counter circuitry data to control circuitry. The control circuitry determines a CPU cache miss to DTLB load miss ratio for each of a plurality of temporal intervals. The control circuitry the identifies, determines, and/or detects a pattern or trend in the CPU cache miss to DTLB load miss ratio. Upon detecting a deviation from the identified CPU cache miss to DTLB load miss ratio pattern or trend indicative of a potential side-channel exploit attack, the control circuitry generates an output to alert a system user or system administrator.Type: ApplicationFiled: December 27, 2018Publication date: May 2, 2019Inventors: Paul Carlson, Rahuldeva Ghosh, Baiju Patel, Zhong Chen