Patents by Inventor Eric Innis
Eric Innis has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11720503Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.Type: GrantFiled: April 20, 2022Date of Patent: August 8, 2023Assignee: INTEL CORPORATIONInventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
-
Patent number: 11489822Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.Type: GrantFiled: October 5, 2020Date of Patent: November 1, 2022Assignee: Intel CorporationInventors: Brent D. Thomas, Eric Innis, Raghunandan Makaram
-
Publication number: 20220245070Abstract: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.Type: ApplicationFiled: April 20, 2022Publication date: August 4, 2022Applicant: Intel CorporationInventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
-
Patent number: 11386017Abstract: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.Type: GrantFiled: December 26, 2018Date of Patent: July 12, 2022Assignee: INTEL CORPORATIONInventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
-
Patent number: 10972277Abstract: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.Type: GrantFiled: March 15, 2017Date of Patent: April 6, 2021Assignee: INTEL CORPORATIONInventors: Eric Innis, Raghunandan Makaram, Ting Lu
-
Publication number: 20210036998Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.Type: ApplicationFiled: October 5, 2020Publication date: February 4, 2021Inventors: Brent D. Thomas, Eric Innis, Raghunandan Makaram
-
Patent number: 10841288Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.Type: GrantFiled: June 25, 2018Date of Patent: November 17, 2020Assignee: Intel CorporationInventors: Brent D. Thomas, Eric Innis, Raghunandan Makaram
-
Publication number: 20200167506Abstract: A PCIe card includes an FPGA and a memory that is discrete from the FPGA. The memory is accessible by the FPGA and not other devices on the card. The FPGA's core fabric is configured with a security processor that verifies a bitstream loaded through the FGPA into the memory as authentic or not authentic to limit unauthorized access to data from a user circuit that is associated with a not authentic bitstream. The security processor is loaded into the FPGA when a request is made for bitstream verification and is allowed to be overwritten after the security processor processes the bitstream to determine if the bitstream is authentication or not authentic. Allowing the security processor to be overwritten allows for high percentage usage of the core fabric for user circuits and limits the inclusion of a static circuit in the core fabric that is infrequently used.Type: ApplicationFiled: September 27, 2019Publication date: May 28, 2020Applicant: Intel CorporationInventors: Prakash Iyer, Eric Innis, Evan Custodio, Ting Lu
-
Publication number: 20190132136Abstract: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.Type: ApplicationFiled: December 26, 2018Publication date: May 2, 2019Inventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
-
Publication number: 20190044731Abstract: An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD.Type: ApplicationFiled: June 25, 2018Publication date: February 7, 2019Inventors: Brent D. Thomas, Eric Innis, Raghunandan Makaram
-
Publication number: 20180270068Abstract: The present disclosure provides confidential verification for FPGA code. Confidential verification for FPGA code can include receiving the policy from a cloud service provider (CSP) computing device, wherein the policy comprises a plurality of policy requirements used to determine whether to configure the FPGA using the code, receiving the code and the code encryption key from the user computing device, determining whether the code fulfills the plurality of policy requirements, and when the code fulfills the plurality of policy requirements encrypting and integrity protect the code using the code encryption key and providing the encrypted and integrity protected code to an accelerator loader to configure the FPGA using the code.Type: ApplicationFiled: March 15, 2017Publication date: September 20, 2018Applicant: INTEL CORPORATIONInventors: Eric Innis, Raghunandan Makaram, TING Lu
-
Patent number: 9766065Abstract: A technique for reducing altitude error involves determining a corrected altitude for an aircraft using forecast atmospheric pressure data available, for example, from a weather forecasting service. The forecast atmospheric pressure data includes, for a number of points in time and for a number of geographic locations, a set of pressure levels and corresponding altitude values. Altitude correction data is periodically calculated from the forecast atmospheric pressure data for each of a number of geographic grid points. Upon receiving aircraft position information and an aircraft altitude measurement for an aircraft, one or more of the geographic grid points corresponding to the aircraft position are identified, and a corrected altitude of the aircraft is determined based on the altitude correction data of the one or more geographic grid points.Type: GrantFiled: March 15, 2013Date of Patent: September 19, 2017Assignee: Exelis Inc.Inventors: Michael A. Garcia, Robert Mueller, Eric Innis, Boris Veytsman
-
Publication number: 20140278182Abstract: A technique for reducing altitude error involves determining a corrected altitude for an aircraft using forecast atmospheric pressure data available, for example, from a weather forecasting service. The forecast atmospheric pressure data includes, for a number of points in time and for a number of geographic locations, a set of pressure levels and corresponding altitude values. Altitude correction data is periodically calculated from the forecast atmospheric pressure data for each of a number of geographic grid points. Upon receiving aircraft position information and an aircraft altitude measurement for an aircraft, one or more of the geographic grid points corresponding to the aircraft position are identified, and a corrected altitude of the aircraft is determined based on the altitude correction data of the one or more geographic grid points.Type: ApplicationFiled: March 15, 2013Publication date: September 18, 2014Inventors: Michael A. Garcia, Robert Mueller, Eric Innis, Boris Veytsman