Patents by Inventor Kirk S. Yap
Kirk S. Yap has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12164371Abstract: In one embodiment, an apparatus includes: an integrity circuit to receive data and generate a protection code based at least in part on the data; a cryptographic circuit coupled to the integrity circuit to encrypt the data into encrypted data and encrypt the protection code into an encrypted protection code; a message authentication code (MAC) circuit coupled to the cryptographic circuit to compute a MAC comprising a tag using header information, the encrypted data, and the encrypted protection code; and an output circuit to send the header information, the encrypted data, and the tag to a receiver via a link. Other embodiments are described and claimed.Type: GrantFiled: December 4, 2020Date of Patent: December 10, 2024Assignee: Intel CorporationInventors: Raghunandan Makaram, Kirk S. Yap
-
Publication number: 20240333472Abstract: An apparatus of an aspect includes a substitution box (S-box) circuitry. The S-box circuitry includes multiplicative inverse circuitry. The multiplicative inverse circuitry is to receive an 8-bit input in Galois field and is to generate a corresponding 8-bit output in Galois field. The 8-bit output is to be a multiplicative inverse of the 8-bit input as long as there has been no error in the generation of the 8-bit output. The apparatus also includes error detection circuitry to receive the 8-bit input and that is coupled with the S-box circuitry to receive the 8-bit output. The error detection circuitry to detect whether an error has occurred in the generation of the 8-bit output based at least in part on whether the 8-bit output is the multiplicative inverse of the 8-bit input. Other apparatus, methods, and systems are also disclosed.Type: ApplicationFiled: March 31, 2023Publication date: October 3, 2024Inventors: Raghavan Kumar, Sanu Mathew, Avinash V. Varna, Kirk S. YAP
-
Publication number: 20240146521Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.Type: ApplicationFiled: December 18, 2023Publication date: May 2, 2024Inventors: Sean M. Gulley, Gilbert M. Wolrich, Vinodh Gopal, Kirk S. Yap, Wajdi K. Feghali
-
Publication number: 20240028341Abstract: Examples described herein relate to a non-transitory computer-readable medium comprising instructions, that if executed by circuitry, cause the circuitry to: configure circuitry to perform cryptographic operations on packets based on Advanced Encryption Standard with Galois/Counter Mode (AES-GCM) hash (GHASH), wherein the cryptographic operations comprise a reduction operation and wherein the reduction operation comprises a single Galois territory multiplication 64 bit operation. The circuitry can include one or more of: a central processing unit (CPU), CPU-executed microcode, an accelerator, or a network interface device.Type: ApplicationFiled: September 30, 2023Publication date: January 25, 2024Inventors: Erdinc OZTURK, Kirk S. YAP, Tomasz KANTECKI
-
Patent number: 11849035Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.Type: GrantFiled: April 11, 2022Date of Patent: December 19, 2023Assignee: Intel CorporationInventors: Sean M. Gulley, Gilbert M. Wolrich, Vinodh Gopal, Kirk S. Yap, Wajdi K. Feghali
-
Publication number: 20230401037Abstract: Methods and apparatus for optimization techniques for modular multiplication algorithms. The optimization techniques may be applied to variants of modular multiplication algorithms, including variants of Montgomery multiplication algorithms and Barrett multiplication algorithms. The optimization techniques reduce the number of serial steps in Montgomery reduction and Barrett reduction. Modular multiplication operations involving products of integer inputs A and B may be performed in parallel to obtain a value C that is reduced to a residual RES. Modular multiplication and modular reduction operations may be performed in parallel. The number of serial steps in the modular reductions are reduced to L, where L serial steps, where w is a digit size in bits, and L is a number of digits of operands=[k/w].Type: ApplicationFiled: August 24, 2023Publication date: December 14, 2023Inventors: Erdinc OZTURK, Kirk S. YAP, Tomasz KANTECKI
-
Publication number: 20230101226Abstract: Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.Type: ApplicationFiled: August 26, 2022Publication date: March 30, 2023Applicant: Tahoe Research, Ltd.Inventors: Wajdi FEGHALI, Vinodh GOPAL, Kirk S. YAP, Sean GULLEY, Raghunandan MAKARAM
-
Publication number: 20230020359Abstract: In one embodiment, an apparatus includes: a control circuit to receive a message authentication code (MAC) for an epoch comprising a plurality of flits; a calculation circuit to calculate a computed MAC for the epoch; a cryptographic circuit to receive the epoch via a link and decrypt the plurality of flits, prior to authentication of the epoch; and at least one memory to store messages of the decrypted plurality of flits, prior to the authentication of the epoch. Other embodiments are described and claimed.Type: ApplicationFiled: September 28, 2022Publication date: January 19, 2023Inventors: Nitish Paliwal, Binal Nasit, Peeyush Purohit, Kirk S. Yap, Raghunandan Makaram, Robert G. Blankenship
-
Patent number: 11550582Abstract: A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.Type: GrantFiled: June 17, 2020Date of Patent: January 10, 2023Assignee: Intel CorporationInventors: Kirk S. Yap, Gilbert M. Wolrich, James D. Guilford, Vinodh Gopal, Erdinc Ozturk, Sean M. Gulley, Wajdi K. Feghali, Martin G. Dixon
-
Patent number: 11494222Abstract: Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.Type: GrantFiled: December 18, 2020Date of Patent: November 8, 2022Assignee: Tahoe Research, Ltd.Inventors: Wajdi Feghali, Vinodh Gopal, Kirk S. Yap, Sean Gulley, Raghunandan Makaram
-
Patent number: 11494320Abstract: Apparatus, systems and methods for implementing delayed decompression schemes. As a burst of packets comprising compressed packets and uncompressed packets are received over an interconnect link, they are buffered in a receive buffer without decompression. Subsequently, the packets are forwarded from the receive buffer to a consumer such as processor core, with the compressed packets being decompressed prior to reaching the processor core. Under a first delayed decompression approach, packets are decompressed when they are read from the receive buffer in conjunction with forwarding the uncompressed packet (or uncompressed data contained therein) to the consumer. Under a second delayed decompression scheme, the packets are read from the receive buffer and forwarded to a decompressor using a first datapath width matching the width of the packets, decompressed, and then forwarded to the consumer using a second datapath width matching the width of the uncompressed data.Type: GrantFiled: September 24, 2018Date of Patent: November 8, 2022Assignee: Intel CorporationInventors: Simon N Peffers, Kirk S Yap, Sean Gulley, Vinodh Gopal, Wajdi Feghali
-
Publication number: 20220353070Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.Type: ApplicationFiled: April 11, 2022Publication date: November 3, 2022Inventors: Sean M. Gulley, Gilbert M. Wolrich, Vinodh Gopal, Kirk S. Yap, Wajdi K. Feghali
-
Publication number: 20220224510Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.Type: ApplicationFiled: March 28, 2022Publication date: July 14, 2022Inventors: Eugene M. Kishinevsky, Uday Savagaonkar, Alpa T. Narendra Trivedi, Siddhartha Chhabra, Baiju V. Patel, Men Long, Kirk S. Yap, David M. Durham
-
Patent number: 11316661Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.Type: GrantFiled: January 3, 2020Date of Patent: April 26, 2022Assignee: Intel CorporationInventors: Eugene M. Kishinevsky, Uday R. Savagaonkar, Alpa T. Narendra Trivedi, Siddhartha Chhabra, Baiju V. Patel, Men Long, Kirk S. Yap, David M. Durham
-
Patent number: 11303438Abstract: Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.Type: GrantFiled: July 14, 2020Date of Patent: April 12, 2022Assignee: Intel CorporationInventors: Sean M. Gulley, Gilbert M. Wolrich, Vinodh Gopal, Kirk S. Yap, Wajdi K. Feghali
-
Publication number: 20210336767Abstract: A memory subsystem includes link encryption for the system memory data bus. The memory controller can provide encryption for data at rest and link protection. The memory controller can optionally provide link encryption. Thus, the system can provide link protection for the data in transit. The memory module can include a link decryption engine that can decrypt link encryption if it is used, and performs a link integrity check with a link integrity tag associated with the link protection. The memory devices can then store the encrypted protected data and ECC data from the link decryption engine after link protection verification.Type: ApplicationFiled: June 25, 2021Publication date: October 28, 2021Inventors: Raghunandan MAKARAM, Kirk S. YAP, Rajat AGARWAL, George VERGIS, Bill NALE, Jacob DOWECK
-
Publication number: 20210218548Abstract: Techniques for real-time updating of encryption keys are disclosed. In the illustrative embodiment, an encrypted link is established between a local and remote processor over a point-to-point interconnect. The encrypted link is operated for some time until the encryption key should be updated. The local processor sends a key update message to the remote processor notifying the remote processor of the change. The remote processor prepares for the change and sends a key update confirmation message to the local processor. The local processor then sends a key switch message to the remote processor. The local processor pauses transmission of encrypted message while the remote processor completes use of the encrypted message. After a pause, the local processor continues sending encrypted messages with the updated encryption key.Type: ApplicationFiled: March 26, 2021Publication date: July 15, 2021Applicant: Intel CorporationInventors: Vinit Mathew Abraham, Raghunandan Makaram, Kirk S. Yap, Siva Prasad Gadey, Tanmoy Kar
-
Publication number: 20210149704Abstract: Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.Type: ApplicationFiled: December 18, 2020Publication date: May 20, 2021Inventors: Wajdi FEGHALI, Vinodh GOPAL, Kirk S. YAP, Sean GULLEY, Raghunandan MAKARAM
-
Publication number: 20210089388Abstract: In one embodiment, an apparatus includes: an integrity circuit to receive data and generate a protection code based at least in part on the data; a cryptographic circuit coupled to the integrity circuit to encrypt the data into encrypted data and encrypt the protection code into an encrypted protection code; a message authentication code (MAC) circuit coupled to the cryptographic circuit to compute a MAC comprising a tag using header information, the encrypted data, and the encrypted protection code; and an output circuit to send the header information, the encrypted data, and the tag to a receiver via a link. Other embodiments are described and claimed.Type: ApplicationFiled: December 4, 2020Publication date: March 25, 2021Inventors: RAGHUNANDAN MAKARAM, KIRK S. YAP
-
Patent number: 10922079Abstract: Data element filter logic (“hardware accelerator”) in a processor that offloads computation for an in-memory database select/extract operation from a Central Processing Unit (CPU) core in the processor is provided. The Data element filter logic provides a balanced performance across an entire range of widths (number of bits) of data elements in a column-oriented Database Management System.Type: GrantFiled: December 28, 2017Date of Patent: February 16, 2021Assignee: Intel CorporationInventors: Vinodh Gopal, Kirk S. Yap, James Guilford, Simon N. Peffers