Patents by Inventor Luis Kida

Luis Kida has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240184639
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.
    Type: Application
    Filed: December 13, 2023
    Publication date: June 6, 2024
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Patent number: 11989595
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform separate from the apparatus; communicate, by the remote GPU middleware layer, with a kernel mode driver of the one or more processors to cause the host memory to be allocated for command buffers and data structures received from the client platform for consumption by a command streamer of a remote GPU of the apparatus; and invoke, by the remote GPU middleware layer, the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the command buffers and the data structures allocated in the host memory as directed by the command streamer.
    Type: Grant
    Filed: November 15, 2021
    Date of Patent: May 21, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Patent number: 11941457
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.
    Type: Grant
    Filed: November 12, 2021
    Date of Patent: March 26, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20240086258
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.
    Type: Application
    Filed: November 16, 2023
    Publication date: March 14, 2024
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Patent number: 11893425
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a processor executing a trusted execution environment (TEE) comprising a field-programmable gate array (FPGA) driver to interface with an FPGA device that is remote to the apparatus; and a remote memory-mapped input/output (MMIO) driver to expose the FPGA device as a legacy device to the FPGA driver, wherein the processor to utilize the remote MMIO driver to: enumerate the FPGA device using FPGA enumeration data provided by a remote management controller of the FPGA device, the FPGA enumeration data comprising a configuration space and device details; load function drivers for the FPGA device in the TEE; create corresponding device files in the TEE based on the FPGA enumeration data; and handle remote MMIO reads and writes to the FPGA device via a network transport protocol.
    Type: Grant
    Filed: November 19, 2021
    Date of Patent: February 6, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20230396599
    Abstract: An apparatus to facilitate protecting data transfer between a secure application and networked devices is disclosed. The apparatus includes a processor to provide a trusted execution environment (TEE) to run an application, wherein the processor is to utilize the application in the TEE to: generate encrypted data of the application; copy the encrypted data to a local shared buffer; interface with a source network interface controller (NIC) to initiate a copy over a network of the encrypted data from the local shared buffer to a remote buffer of a remote platform, wherein the source NIC operates outside of a trust boundary of the TEE; and communicate at least one message with the remote platform to indicate that the encrypted data is available and to enable the remote platform to verify integrity of the encrypted data, wherein the one least one message comprises an authentication tag.
    Type: Application
    Filed: August 22, 2023
    Publication date: December 7, 2023
    Applicant: Intel Corporation
    Inventors: Luis Kida, Reshma Lal
  • Patent number: 11838411
    Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first permutation cipher pipeline to defuse a count and a key into a permutation state; a first exclusive-OR (XOR) to generate ciphertext data from 64-bits of the new permutation state; and plaintext data; a concatenator to concatenate the plaintext data and additional authenticated data (AAD) to produce a concatenation result; a second XOR to generate an XOR result from the concatenation result and the latest permutation state; and a second permutation pipeline to generate an authentication tag of the XOR result and the key.
    Type: Grant
    Filed: December 20, 2022
    Date of Patent: December 5, 2023
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Luis Kida, Reshma Lal
  • Patent number: 11784990
    Abstract: An apparatus to facilitate protecting data transfer between a secure application and networked devices is disclosed. The apparatus includes a source network interface controller (NIC); and a processor to provide a trusted execution environment (TEE) to run an application, wherein the source NIC operates outside of a trust boundary of the TEE, and wherein the processor is to utilize the application in the TEE to: generate encrypted data of the application; copy the encrypted data to a local shared buffer; interface with the source NIC to initiate a copy, over a network, of the encrypted data from the local shared buffer to a remote buffer of a remote platform; and communicate at least one message with the remote platform to indicate that the encrypted data is available and to enable the remote platform to verify integrity of the encrypted data, wherein the one least one message comprises an authentication tag.
    Type: Grant
    Filed: December 13, 2021
    Date of Patent: October 10, 2023
    Assignee: INTEL CORPORATION
    Inventors: Luis Kida, Reshma Lal
  • Publication number: 20230297725
    Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
    Type: Application
    Filed: May 22, 2023
    Publication date: September 21, 2023
    Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20230117518
    Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first permutation cipher pipeline to defuse a count and a key into a permutation state; a first exclusive-OR (XOR) to generate ciphertext data from 64-bits of the new permutation state; and plaintext data; a concatenator to concatenate the plaintext data and additional authenticated data (AAD) to produce a concatenation result; a second XOR to generate an XOR result from the concatenation result and the latest permutation state; and a second permutation pipeline to generate an authentication tag of the XOR result and the key.
    Type: Application
    Filed: December 20, 2022
    Publication date: April 20, 2023
    Applicant: Intel Corporation
    Inventors: Santosh Ghosh, Luis Kida, Reshma Lal
  • Publication number: 20230110230
    Abstract: Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.
    Type: Application
    Filed: December 1, 2022
    Publication date: April 13, 2023
    Applicant: Intel Corporation
    Inventors: Luis Kida, Siddhartha Chhabra, Reshma Lal, Pradeep M. Pappachan
  • Patent number: 11522678
    Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first block cipher pipeline to encrypt a count using a key; a first exclusive-OR (XOR) to generate a first XOR result of the encrypted count and a length multiplied by an authentication key; a second block cipher pipeline to encrypt (count+1) using the key; a second XOR to generate a second XOR result of plaintext data and the encrypted (count+1); a plurality of Galois field multipliers (GFMs) to perform Galois field multiplication on additional authenticated data (AAD), powers of the authentication key, and ciphertext data; and a plurality of exclusive-ORs (XORs) to combine results of the GFMs and the first XOR result to generate an authentication tag. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 8, 2021
    Date of Patent: December 6, 2022
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Luis Kida, Reshma Lal
  • Patent number: 11416415
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: August 16, 2022
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Patent number: 11373013
    Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: June 28, 2022
    Assignee: INTEL CORPORATION
    Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20220116403
    Abstract: An apparatus comprising a network interface card (NIC), including packet processing circuitry to determine whether the NIC is to operate according to a first telemetry protection mode to prevent copying of packet data payloads for telemetry or a second telemetry protection mode to enable copying of packet payloads for telemetry.
    Type: Application
    Filed: December 22, 2021
    Publication date: April 14, 2022
    Applicant: Intel Corporation
    Inventors: Luis Kida, Neerav Parikh, Reshma Lal
  • Publication number: 20220100583
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising secure device manager (SDM) hardware circuitry to: receive a tenant bitstream of a tenant and a tenant use policy for utilization of the programmable IC via the tenant bitstream, wherein the tenant use policy is cryptographically bound to the tenant bitstream by a cloud service provider (CSP) authorizing entity and signed with a signature of the CSP authorizing entity; in response to successfully verifying the signature, extract the tenant use policy to provide to a policy manager of the programmable IC for verification; in response to the policy manager verifying the tenant bitstream based on the tenant use policy, configure a partial reconfiguration (PR) region of the programable IC using the tenant bitstream; and associate a slot ID of the PR region with the tenant use policy.
    Type: Application
    Filed: November 22, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20220100580
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform separate from the apparatus; communicate, by the remote GPU middleware layer, with a kernel mode driver of the one or more processors to cause the host memory to be allocated for command buffers and data structures received from the client platform for consumption by a command streamer of a remote GPU of the apparatus; and invoke, by the remote GPU middleware layer, the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the command buffers and the data structures allocated in the host memory as directed by the command streamer.
    Type: Application
    Filed: November 15, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20220103516
    Abstract: An apparatus comprising a first computing platform including a processor to execute a first trusted executed environment (TEE) to host a first plurality of virtual machines and a first network interface controller to establish a trusted communication channel with a second computing platform via an orchestration controller.
    Type: Application
    Filed: December 10, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Pradeep Pappachan, Luis Kida, Donald E. Wood, Tony Hurson, Reouven Elbaz, Reshma Lal
  • Publication number: 20220100584
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising system manager hardware circuitry to: interface, over a network, with a remote application of a client platform, the system manager hardware circuitry to interface with the remote application using a message-based interface; perform resource management of resources of the programmable IC; validate incoming messages to the programmable IC; verify whether a requester is allowed to perform requested actions of the incoming messages that are successfully validated; and manage transfer of data between the programmable IC and the remote application based on successfully verifying the requester.
    Type: Application
    Filed: November 22, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20220100579
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.
    Type: Application
    Filed: November 12, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp