Patents by Inventor Ioannis T. Schoinas

Ioannis T. Schoinas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200328879
    Abstract: An apparatus includes a port with circuitry to implement one or more layers of a Compute Express Link (CXL)-based protocol. The port includes an agent to obtain information to be transmitted to another device over a link based on the CXL-based protocol via a flit, encrypt at least a portion of the information to yield a ciphertext, generate a cyclic redundancy check (CRC) code based on the ciphertext, and cause a flit to be generated comprising the ciphertext. The port is to use the circuitry to transmit the flit and the CRC code to the other device over the link.
    Type: Application
    Filed: June 23, 2020
    Publication date: October 15, 2020
    Applicant: Intel Corporation
    Inventors: Raghunandan Makaram, Ishwar Agarwal, Kirk S. Yap, Nitish Paliwal, David J. Harriman, Ioannis T. Schoinas
  • Publication number: 20200226074
    Abstract: In one embodiment, an apparatus comprises a processor to read a data line from memory in response to a read request from a VM. The data line comprises encrypted memory data. The apparatus also comprises a memory encryption circuit in the processor. The memory encryption circuit is to use an address of the read request to select an entry from a P2K table; obtain a key identifier from the selected entry of the P2K table; use the key identifier to select a key for the read request; and use the selected key to decrypt the encrypted memory data into decrypted memory data. The processor is further to make the decrypted memory data available to the VM. The P2K table comprises multiple entries, each comprising (a) a key identifier for a page of memory and (b) an encrypted address for that page of memory. Other embodiments are described and claimed.
    Type: Application
    Filed: March 27, 2020
    Publication date: July 16, 2020
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Publication number: 20200177392
    Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.
    Type: Application
    Filed: November 20, 2019
    Publication date: June 4, 2020
    Applicant: INTEL CORPORATION
    Inventors: David M. Durham, Rajat Agarwal, Siddhartha Chhabra, Sergej Deutsch, Karanvir S. Grewal, Ioannis T. Schoinas
  • Patent number: 10657071
    Abstract: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: May 19, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Publication number: 20200151362
    Abstract: A system may include a root port and an endpoint upstream port. The root port may include transaction layer hardware circuitry to determine, by logic circuitry at a transaction layer of a protocol stack of a device, that a packet is to traverse to a link partner on a secure stream, authenticate a receiving port of the link partner, configure a transaction layer packet (TLP) prefix to identify the TLP as a secure TLP, associating the secure TLP with the secure stream, apply integrity protection and data encryption to the Secure TLP, transmit the secure TLP across the secure stream to the link partner.
    Type: Application
    Filed: January 10, 2020
    Publication date: May 14, 2020
    Applicant: Intel Corporation
    Inventors: David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas, Vedvyas Shanbhogue, Siddhartha Chhabra, Kapil Sood
  • Patent number: 10594491
    Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: David M. Durham, Rajat Agarwal, Siddhartha Chhabra, Sergej Deutsch, Karanvir S. Grewal, Ioannis T. Schoinas
  • Publication number: 20190306134
    Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.
    Type: Application
    Filed: June 18, 2019
    Publication date: October 3, 2019
    Applicant: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Siddhartha Chhabra, David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas
  • Publication number: 20190281025
    Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.
    Type: Application
    Filed: April 1, 2019
    Publication date: September 12, 2019
    Applicant: Intel Corporation
    Inventors: David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas, Kapil Sood, Yu-Yuan Chen, Vedvyas Shanbhogue, Siddhartha Chhabra, Reshma Lal, Reouven Elbaz
  • Publication number: 20190220617
    Abstract: First data is stored. A request for the first data is received from a communication device over a link established with a communication device. An access control engine comprising circuitry is to control access to the first data to the communication device based on an authentication state of the communication device and a protection state of the link.
    Type: Application
    Filed: March 27, 2019
    Publication date: July 18, 2019
    Applicant: Intel Corporation
    Inventors: David J. Harriman, Ioannis T. Schoinas, Kapil Sood, Raghunandan Makaram, Yu-Yuan Chen
  • Publication number: 20190220601
    Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
    Type: Application
    Filed: March 22, 2019
    Publication date: July 18, 2019
    Applicant: Intel Corporation
    Inventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
  • Publication number: 20190095350
    Abstract: In one embodiment, a cryptographic circuit is adapted to receive a data line including at least an encrypted portion from a memory in response to a read request having a memory address from a first agent, obtain a key identifier for a key of the first agent from the data line, obtain the key using the key identifier, decrypt the at least encrypted portion of the data line using the key and send decrypted data of the at least encrypted portion of the data line to the first agent. Other embodiments are described and claimed.
    Type: Application
    Filed: September 25, 2017
    Publication date: March 28, 2019
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Publication number: 20190095372
    Abstract: In one example, a semiconductor die includes a plurality of agents and a fabric coupled to at least some of the plurality of agents. The fabric may include at least one router to provide communication between two or more of the plurality of agents, the at least one router coupled to a first agent of the plurality of agents, where the first agent is to send a first message to the at least one router, the first message comprising a first header including a first source identifier, and the at least one router is to validate that the first source identifier is associated with the first agent and if so to direct the first message towards a destination agent, and otherwise to prevent the first message from being directed towards the destination agent. Other embodiments are described and claimed.
    Type: Application
    Filed: September 28, 2017
    Publication date: March 28, 2019
    Inventors: Ruirui Huang, Nilanjan Palit, Robert P. Adler, Ioannis T. Schoinas, Avishay Snir, Boris Dolgunov
  • Publication number: 20190087575
    Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
    Type: Application
    Filed: September 15, 2017
    Publication date: March 21, 2019
    Inventors: Ravi L. Sahita, Baiju V. Patel, Barry E. Huntley, Gilbert Neiger, Hormuzd M. Khosravi, Ido Ouziel, David M. Durham, Ioannis T. Schoinas, Siddhartha Chhabra, Carlos V. Rozas, Gideon Gerzon
  • Publication number: 20190004973
    Abstract: In one embodiment, an apparatus comprises a processor to execute instruction(s), wherein the instructions comprise a memory access operation associated with a memory location of a memory. The apparatus further comprises a memory encryption controller to: identify the memory access operation; determine that the memory location is associated with a protected domain, wherein the protected domain is associated with a protected memory region of the memory, and wherein the protected domain is identified from a plurality of protected domains associated with a plurality of protected memory regions of the memory; identify an encryption key associated with the protected domain; perform a cryptography operation on data associated with the memory access operation, wherein the cryptography operation is performed based on the encryption key associated with the protected domain; and return a result of the cryptography operation, wherein the result is to be used for the memory access operation.
    Type: Application
    Filed: June 28, 2017
    Publication date: January 3, 2019
    Applicant: Intel Corporation
    Inventors: Siddhartha Chhabra, Hormuzd M. Khosravi, Gideon Gerzon, Barry E. Huntley, Gilbert Neiger, Ido Ouziel, Baiju Patel, Ravi L. Sahita, Amy L. Santoni, Ioannis T. Schoinas
  • Patent number: 9990327
    Abstract: In one embodiment, a system includes: a first root space associated with a first root space identifier and including at least one first host processor and a first agent, the at least one first host processor and the first agent associated with the first root space identifier; a second root space associated with a second root space identifier and including at least one second host processor and a second agent, the at least one second host processor and the second agent associated with the second root space identifier; and a shared fabric to couple the first root space and the second root space, the shared fabric to route a transaction to the first root space or the second root space based at least in part on a root space field of the transaction. Other embodiments are described and claimed.
    Type: Grant
    Filed: October 12, 2015
    Date of Patent: June 5, 2018
    Assignee: Intel Corporation
    Inventors: Michael T. Klinglesmith, Chang Yong Kang, Robert DeGruijl, Ioannis T. Schoinas, Darren Abramson, Khee Wooi Lee
  • Publication number: 20180091308
    Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.
    Type: Application
    Filed: November 17, 2017
    Publication date: March 29, 2018
    Inventors: David M. Durham, Rajat Agarwal, Siddhartha Chhabra, Sergej Deutsch, Karanvir S. Grewal, Ioannis T. Schoinas
  • Patent number: 9805221
    Abstract: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 21, 2011
    Date of Patent: October 31, 2017
    Assignee: Intel Corporation
    Inventors: Manoj R. Sastry, Ioannis T. Schoinas, Robert J. Toepfer, Alpa T. Narendra Trivedi, Men Long
  • Patent number: 9779249
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Grant
    Filed: October 13, 2016
    Date of Patent: October 3, 2017
    Assignee: Intel Corporation
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Publication number: 20170098085
    Abstract: In one embodiment of the present invention, a method includes verifying a master processor of a system; validating a trusted agent with the master processor if the master processor is verified; and launching the trusted agent on a plurality of processors of the system if the trusted agent is validated. After execution of such a trusted agent, a secure kernel may then be launched, in certain embodiments. The system may be a multiprocessor server system having a partially or fully connected topology with arbitrary point-to-point interconnects, for example.
    Type: Application
    Filed: October 13, 2016
    Publication date: April 6, 2017
    Inventors: John H. Wilson, Ioannis T. Schoinas, Mazin S. Yousif, Linda J. Rankin, David W. Grawrock, Robert J. Greiner, James A. Sutton, Kushagra Vaid, Willard M. Wiseman
  • Patent number: 9563579
    Abstract: In an embodiment, a shared memory fabric is configured to receive memory requests from multiple agents, where at least some of the requests have an associated order identifier and a deadline value to indicate a maximum latency prior to completion of the memory request. Responsive to the requests, the fabric is to arbitrate between the requests based at least in part on the deadline values. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 28, 2013
    Date of Patent: February 7, 2017
    Assignee: Intel Corporation
    Inventors: Daniel F. Cutter, Blaise Fanning, Ramadass Nagarajan, Ravishankar Iyer, Quang T. Le, Ravi Kolagotla, Ioannis T. Schoinas, Jose S. Niell