Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.

Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.

Abstract: In one embodiment, a node includes at least one core to independently execute instructions; a first host device to receive information from the at least one core and to include the information in a first packet of a first communication protocol; a selection logic coupled to the first host device to receive the first packet and to provide the first packet to a conversion logic or a first interface to communicate with a first device via a first interconnect of the first communication protocol; the conversion logic to receive the first packet under selection of the selection logic and to encapsulate the first packet into a second packet of a second communication protocol; and a second interface coupled to the conversion logic to receive the second packet and to communicate the second packet to a second device via a second interconnect of the second communication protocol. Other embodiments are described and claimed.

Abstract: In one embodiment, a node includes at least one core to independently execute instructions; a first host device to receive information from the at least one core and to include the information in a first packet of a first communication protocol; a selection logic coupled to the first host device to receive the first packet and to provide the first packet to a conversion logic or a first interface to communicate with a first device via a first interconnect of the first communication protocol; the conversion logic to receive the first packet under selection of the selection logic and to encapsulate the first packet into a second packet of a second communication protocol; and a second interface coupled to the conversion logic to receive the second packet and to communicate the second packet to a second device via a second interconnect of the second communication protocol. Other embodiments are described and claimed.

Abstract: In general, in one aspect, the disclosure describes a high-speed multi-phase voltage regulator (VR) capable of sensing load current. For each phase leg, the VR includes a current mirror to mirror current in switching elements, a current sense to sense high side current in the current mirror, and a I-V converter to convert the sensed high side current to a voltage. The high side sensed current for each phase leg is averaged and the duty cycle for the VR is extracted. The average high side sensed current and the duty cycle are converted to digital by an A-D converter. Digital circuitry corrects the sensed current by adjusting for the gain and offset voltage of the VR. The adjusted sensed value is divided by the duty cycle to convert to load current and the average load current is multiplied by the number of phases operating to determine overall load current.

Abstract: Methods and systems to amplify and convert a single-ended analog signal to a differential signal and to convert the differential signal to a digital value, including to time-multiplex a plurality of windowed single-ended analog error signals, amplify a difference between the time-multiplexed analog signals, sample a corresponding amplified difference signal and an inverted amplified difference signal, amplify and center the samples about a common mode, and convert a corresponding amplified differential signal to digital values in a pipeline fashion. Bias adjustable features may be implemented to control a bandwidth, and clock rates may be adjustable to correspond to the bandwidth.

Abstract: In general, in one aspect, the disclosure describes a high-speed multi-phase voltage regulator (VR) capable of sensing load current. For each phase leg, the VR includes a current mirror to mirror current in switching elements, a current sense to sense high side current in the current mirror, and a I-V converter to convert the sensed high side current to a voltage. The high side sensed current for each phase leg is averaged and the duty cycle for the VR is extracted. The average high side sensed current and the duty cycle are converted to digital by an A-D converter. Digital circuitry corrects the sensed current by adjusting for the gain and offset voltage of the VR. The adjusted sensed value is divided by the duty cycle to convert to load current and the average load current is multiplied by the number of phases operating to determine overall load current.

Abstract: Methods and systems to amplify and convert a single-ended analog signal to a differential signal and to convert the differential signal to a digital value, including to time-multiplex a plurality of windowed single-ended analog error signals, amplify a difference between the time-multiplexed analog signals, sample a corresponding amplified difference signal and an inverted amplified difference signal, amplify and center the samples about a common mode, and convert a corresponding amplified differential signal to digital values in a pipeline fashion. Bias adjustable features may be implemented to control a bandwidth, and clock rates may be adjustable to correspond to the bandwidth.

Abstract: A tactile kinesthetic assistant is a device that allows a person to use the senses of sight, touch and hearing to gather information. Tactile kinesthetic assistants can be used, for example, to help a person retrieve information related to a specific word or phrase (e.g., a student learning to read), to allow a person to determine the status of a person or thing (e.g., a nurse retrieving medical records), to allow a person to obtain current information (e.g., a stock broker retrieving stock prices). In one embodiment, a tactile kinesthetic assistant includes a thimble and an ear piece. The thimble includes a scanner that allows the user to scan one or more words. The representations of the one or more words are used to retrieve information via a network and the retrieved information is provided to the user through an ear piece.

Abstract: An imaging device includes a compensation circuit for reducing an effect of dark current generated during operation. The compensation circuit calculates an initial dark current offset value using optically dark regions of a photo sensitive array. The compensation circuit also automatically adjusts the initial dark current offset value as output signals from successive rows of the photo sensitive array are transferred. The compensation circuit can calculate the initial dark current offset value each time an image is captured, thereby compensating for variables such as temperature.

Abstract: A photosensing circuit, system and method. The photosensing circuit includes a photodetector and a network coupled to the photodetector. The network includes a plurality of elements and at least a first and second output terminals, the elements of the network being selected such that a difference of signals flowing out of the first and second output terminals is directly proportional to an amount of light impinging on the photodetector and is substantially free of electrical noise.