Patents by Inventor Julien Carreno
Julien Carreno has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230291567Abstract: Described herein is a paging technique that can be implemented in any accelerator with attached memory and support for operating on encrypted data when the CPU is not within the trusted compute base (TCB). Memory storing data that is encrypted using hardware physical address (HPA)-based encrypted can be paged out of accelerator device memory by decoupling encryption from the hardware physical address and re-encrypting the data for page-out. Upon page-in, the data is decrypted, the integrity and authenticity of the data is verified, then the data is re-encrypted using HPA-based encryption.Type: ApplicationFiled: March 11, 2022Publication date: September 14, 2023Applicant: Intel CorporationInventors: VIDHYA KRISHNAN, SIDDHARTHA CHHABRA, VEDVYAS SHANBHOGUE, XIAOYU RUAN, ADITYA NAVALE, JULIEN CARRENO
-
Publication number: 20220222340Abstract: Security and support for trust domain operation is described. An example of a method includes processing, at an accelerator, one or more compute workloads received from a host system; upon receiving a notification that a trust domain has transitioned to a secure state, transition an original set of privileges for the accelerator to a downgraded set of privileges; upon receiving a command from the host system for the trust domain, processing the command in accordance with the trust domain; and upon receiving a request from the host system to access a register, for a register included in an allowed list of registers for access, allow access to the register, and, for a register that is not within the allowed list of registers for access, disallowing access to the register.Type: ApplicationFiled: April 1, 2022Publication date: July 14, 2022Applicant: Intel CorporationInventors: Vidhya Krishnan, Ankur Shah, Bryan White, Daniel Nemiroff, David Puffer, Julien Carreno, Scott Janus, Ravi Sahita, Hema Nalluri, Utkarsh Y. Kakaiya
-
Publication number: 20220138286Abstract: Systems, apparatuses and methods may provide for encryption based technology. Data may be encrypted locally with a graphics processor with encryption engines. The graphics processor components may be verified with a root-of-trust and based on collection of claims. The graphics processor may further be able to modify encrypted data from a non-pageable format to a pageable format. The graphics processor may further process data associated with a virtual machine based on a key that is known by the virtual machine and the graphics processor.Type: ApplicationFiled: December 23, 2020Publication date: May 5, 2022Applicant: Intel CorporationInventors: David Zage, Scott Janus, Ned M. Smith, Vidhya Krishnan, Siddhartha Chhabra, Rajesh Poornachandran, Tomer Levy, Julien Carreno, Ankur Shah, Ronald Silvas, Aravindh Anantaraman, David Puffer, Vedvyas Shanbhogue, David Cowperthwaite, Aditya Navale, Omer Ben-Shalom, Alex Nayshtut, Xiaoyu Ruan
-
Patent number: 10671547Abstract: Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.Type: GrantFiled: December 19, 2016Date of Patent: June 2, 2020Assignee: Intel CorporationInventors: Patrick Koeberl, Steffen Schulz, Vedvyas Shanbhogue, Jason W. Brandt, Venkateswara R. Madduri, Sang W. Kim, Julien Carreno
-
Patent number: 10496573Abstract: Methods, apparatus, and system to create interrupts which are resolved at runtime relative to an active compartment. Active compartments may be, for example, a compartment of an operating system (“OS”) or a trusted execution environment (“TEE”). The context-specific interrupts comprise an interrupt dispatch table (“IDT”) for each compartment.Type: GrantFiled: March 31, 2017Date of Patent: December 3, 2019Assignee: Intel CorporationInventors: Steffen Schulz, Patrick Koeberl, Vedvyas Shanbhogue, Jason W. Brandt, Venkateswara R. Madduri, Sang W. Kim, Julien Carreno
-
Patent number: 10366237Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.Type: GrantFiled: February 1, 2017Date of Patent: July 30, 2019Assignee: Intel CorporationInventors: Vincent J. Zimmer, Peter J. Barry, Rajesh Poornachandran, Arjan Van De Ven, Peter A. Dice, Gopinatth Selvaraje, Julien Carreno, Lee G. Rosenbaum
-
Publication number: 20180285291Abstract: Methods, apparatus, and system to create interrupts which are resolved at runtime relative to an active compartment. Active compartments may be, for example, a compartment of an operating system (“OS”) or a trusted execution environment (“TEE”). The context-specific interrupts comprise an interrupt dispatch table (“IDT”) for each compartment.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Steffen Schulz, Patrick Koeberl, Vedvyas Shanbhogue, Jason W. Brandt, Venkateswara R. Madduri, Sang W. Kim, Julien Carreno
-
Publication number: 20180173644Abstract: Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.Type: ApplicationFiled: December 19, 2016Publication date: June 21, 2018Inventors: Patrick Koeberl, Steffen Schulz, Vedvyas Shanbhogue, Jason W. Brandt, Venkateswara R. Madduri, Sang W. Kim, Julien Carreno
-
Publication number: 20170180131Abstract: System and techniques for secure unlock to access debug hardware are described herein. A cryptographic key may be received at a hardware debug access port of a device. A digest may be computed from the cryptographic key at an unlock unit of the device. A fuse value may be received from a non-volatile read-only storage on the device. The digest and the fuse value may be compared to determine whether they are the same. A pass-fail pulse may be provided that indicates the result of the comparing.Type: ApplicationFiled: December 16, 2015Publication date: June 22, 2017Inventors: Santosh Ghosh, Manoj R. Sastry, Solmaz Ghaznavi, Julien Carreno, Padraig J. Kearney
-
Publication number: 20170140153Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.Type: ApplicationFiled: February 1, 2017Publication date: May 18, 2017Inventors: Vincent J. Zimmer, Peter J. Barry, Rajesh Poornachandran, Arjan Van De Ven, Peter A. Dice, Gopinatth Selvaraje, Julien Carreno, Lee G. Rosenbaum
-
Patent number: 9594927Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.Type: GrantFiled: September 10, 2014Date of Patent: March 14, 2017Assignee: Intel CorporationInventors: Vincent J. Zimmer, Peter J. Barry, Rajesh Poornachandran, Arjan Van De Ven, Peter A. Dice, Gopinatth Selvaraje, Julien Carreno, Lee G. Rosenbaum
-
Patent number: 9330027Abstract: A system employs a white list of authorized transactions to control access to system registers. In an embodiment, the white list is loaded into filter registers during system boot. Routing logic monitors a logical interconnect fabric of the system for register access requests. The routing logic parses source, destination information from a request to index the white list. If the white list includes an entry corresponding to the processing entity indicated in the source information and the register indicated in the destination information, the routing logic will permit the requested access.Type: GrantFiled: March 15, 2013Date of Patent: May 3, 2016Assignee: Intel CorporationInventors: Julien Carreno, Derek Harnett, Gordon J. Walsh
-
Publication number: 20160070932Abstract: In an embodiment, a system on a chip includes: a single core to execute a legacy instruction set, the single core configured to enter a system management mode (SMM) to provide a trusted execution environment to perform at least one secure operation; and a memory controller coupled to the single core, the memory controller to interface with a system memory, where a portion of the system memory comprises a secure memory for the SMM, and the single core is to authenticate and execute a boot firmware, and pass control to the SMM to obtain a key pair from a protected storage and store the key pair in the secure memory. Other embodiments are described and claimed.Type: ApplicationFiled: September 10, 2014Publication date: March 10, 2016Inventors: Vincent J. Zimmer, Peter J. Barry, Rajesh Poornachandran, Arjan Van De Ven, Peter A. Dice, Gopinatth Selvaraje, Julien Carreno, Lee G. Rosenbaum
-
Publication number: 20140281321Abstract: A system employs a white list of authorized transactions to control access to system registers. In an embodiment, the white list is loaded into filter registers during system boot. Routing logic monitors a logical interconnect fabric of the system for register access requests. The routing logic parses source, destination information from a request to index the white list. If the white list includes an entry corresponding to the processing entity indicated in the source information and the register indicated in the destination information, the routing logic will permit the requested access.Type: ApplicationFiled: March 15, 2013Publication date: September 18, 2014Applicant: Intel CorporationInventors: Julien Carreno, Derek Harnett, Gordon J. Walsh
-
Publication number: 20070050524Abstract: Techniques that may be utilized in various computing environments are described. In one embodiment, an output event is generated based on a portion of a coalescing flag.Type: ApplicationFiled: August 26, 2005Publication date: March 1, 2007Inventors: Julien Carreno, Pierre Laurent