Patents by Inventor Nitin Sarangdhar
Nitin Sarangdhar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10146962Abstract: A technique allows for protecting a PCI device controller from a PCI BDF masquerade attack from Ring-0 and Ring-3 malware. The technique may use Virtualization technologies to create guest virtual machines that can use a hypervisor to allocate ACPI information from ACPI tables to a secure VM and using extended page tables (EPT) and VT-d policies to protect the MMIO memory range during illegal runtime events.Type: GrantFiled: December 17, 2015Date of Patent: December 4, 2018Assignee: McAfee, LLCInventors: Nitin Sarangdhar, Jonathan Edwards, Scott Robinson, Karanvir Grewal
-
Publication number: 20170177909Abstract: A technique allows for protecting a PCI device controller from a PCI BDF masquerade attack from Ring-0 and Ring-3 malware. The technique may use Virtualization technologies to create guest virtual machines that can use a hypervisor to allocate ACPI information from ACPI tables to a secure VM and using extended page tables (EPT) and VT-d policies to protect the MMIO memory range during illegal runtime events.Type: ApplicationFiled: December 17, 2015Publication date: June 22, 2017Inventors: Nitin Sarangdhar, Jonathan Edwards, Scott Robinson, Karanvir Grewal
-
Patent number: 9619628Abstract: Systems and methods may provide for securely transferring data from a flash component. In one example, the method may include receiving a download request from an embedded controller chip, obtaining information from the flash component in response to the download request, and transferring the information to the embedded controller chip.Type: GrantFiled: September 28, 2012Date of Patent: April 11, 2017Assignee: Intel CorporationInventors: Hung Huynh, Nitin Sarangdhar, Mikal Hunsaker
-
Publication number: 20160119144Abstract: In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.Type: ApplicationFiled: May 22, 2014Publication date: April 28, 2016Inventors: Nitin Sarangdhar, Ned Smith, Vincent Von Bokern
-
Patent number: 9031238Abstract: In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.Type: GrantFiled: October 26, 2012Date of Patent: May 12, 2015Assignee: Intel CorporationInventors: Nitin Sarangdhar, Ned Smith, Vincent Von Bokern
-
Publication number: 20140095855Abstract: Systems and methods may provide for securely transferring data from a flash component. In one example, the method may include receiving a download request from an embedded controller chip, obtaining information from the flash component in response to the download request, and transferring the information to the embedded controller chip.Type: ApplicationFiled: September 28, 2012Publication date: April 3, 2014Inventors: Hung Huynh, Nitin Sarangdhar, Mikal Hunsaker
-
Patent number: 8646052Abstract: In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed.Type: GrantFiled: March 31, 2008Date of Patent: February 4, 2014Assignee: Intel CorporationInventors: Balaji Vembu, Nitin Sarangdhar, Vedvyas Shanbhogue
-
Publication number: 20130124876Abstract: In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.Type: ApplicationFiled: October 26, 2012Publication date: May 16, 2013Inventors: Nitin Sarangdhar, Ned Smith, Vincent Von Bokern
-
Patent number: 8300825Abstract: In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.Type: GrantFiled: June 30, 2008Date of Patent: October 30, 2012Assignee: Intel CorporationInventors: Nitin Sarangdhar, Ned Smith, Vincent Von Bokern
-
Publication number: 20090323961Abstract: In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment.Type: ApplicationFiled: June 30, 2008Publication date: December 31, 2009Inventors: Nitin Sarangdhar, Ned Smith, Vincent Von Bokern
-
Publication number: 20090245521Abstract: In some embodiments, the invention involves securing sensitive data from mal-ware on a computing platform and, more specifically, to utilizing virtualization technology and protected audio video path technologies to prohibit a user environment from directly accessing unencrypted sensitive data. In an embodiment a service operating system (SOS) accesses sensitive data requested by an application running in a user environment virtual machine, or a capability operating system (COS). The SOS application encrypts the sensitive data before passing the data to the COS. The COS makes requests directly to a graphics engine which decrypts the data before displaying the sensitive data on a display monitor. Other embodiments are described and claimed.Type: ApplicationFiled: March 31, 2008Publication date: October 1, 2009Inventors: Balaji Vembu, Nitin Sarangdhar, Vedvyas Shanbhogue
-
Publication number: 20090006690Abstract: An apparatus, system, and method are disclosed. In one embodiment, the apparatus includes a virtualization engine on a computer platform. The virtualization engine can intercept multiple data transfer schedules from multiple virtual machines fetched from a memory by a physical Universal Serial Bus (USB) host controller on the computer platform. The virtualization engine also can merge the multiple fetched data transfer schedules into a merged data transfer schedule. The virtualization engine also can send the merged data transfer schedule to the physical USB host controller.Type: ApplicationFiled: June 27, 2007Publication date: January 1, 2009Inventors: Balaji Vembu, Nitin Sarangdhar, Rajeev Nalawadi
-
Publication number: 20090006702Abstract: A method and computer readable medium are disclosed. In one embodiment, the method includes enumerating multiple Universal Serial Bus (USB) devices on a computer platform running a multiple virtual machines (VMs). The method also includes assigning each of the USB devices to a VM, wherein each USB device may be assigned to a different VM. The method also includes making each USB device visible only to the VM it is assigned to. The method also includes limiting the bandwidth each of the VMs can schedule its assigned devices within a USB data transfer frame. This will allow all of the VMs to have access to the bandwidth of the frame by avoiding the problem of over-subscription when the schedule is merged.Type: ApplicationFiled: June 26, 2007Publication date: January 1, 2009Inventors: Nitin Sarangdhar, Balaji Vembu
-
Patent number: 6009477Abstract: Each of a plurality of device or agents connected to a computer system bus is provided with a mechanism for unilaterally and dynamically limiting the depth of a pipeline of the bus. Each agent includes a state machine which indicates whether the bus is in a throttled state, a stalled state or a free state. When in a free state, an agent having control of the bus may transmit any number of bus transactions and the depth of the pipeline may therefore increase. In the throttled state, the agent may transmit only a single bus transaction from the throttled state, the state machine always transitions either to the stalled state or to the free state. In the stalled state, no agents may transmit transactions onto the bus and the depth of the pipeline therefore cannot increase and instead may decrease with time as previously issued transactions are drained from the bus.Type: GrantFiled: December 17, 1998Date of Patent: December 28, 1999Assignee: Intel CorporationInventors: Nitin Sarangdhar, Michael Rhodehamel, Matthew Fisch
-
Patent number: 5948088Abstract: Each of a plurality of device or agents connected to a computer system bus is provided with a mechanism for unilaterally and dynamically limiting the depth of a pipeline of the bus. Each agent includes a state machine which indicates whether the bus is in a throttled state, a stalled state or a free state. When in a free state, an agent having control of the bus may transmit any number of bus transactions and the depth of the pipeline may therefore increase. In the throttled state, the agent may transmit only a single bus transaction from the throttled state, the state machine always transitions either to the stalled state or to the free state. In the stalled state, no agents may transmit transactions onto the bus and the depth of the pipeline therefore cannot increase and instead may decrease with time as previously issued transactions are drained from the bus.Type: GrantFiled: November 26, 1997Date of Patent: September 7, 1999Assignee: Intel CorporationInventors: Nitin Sarangdhar, Michael Rhodehamel, Matthew Fisch
-
Patent number: 5901297Abstract: An initialization mechanism for symmetric arbitration agents ensures that multiple agents on a bus are each initialized with a different arbitration counter value. The arbitration counter of each bus agent is used to keep track of which agent was the last or current owner of the bus and which agent will be the next owner of the bus. All bus agents agree on which agent will be the priority agent at system reset and thus be allowed first ownership of the bus. Each agent's arbitration counter is initialized according to each agent's own agent identification. The arbitration pins of the bus agents are interconnected such that each agent determines for itself a unique agent identification based on which pin of its arbitration pins is active at system reset and the maximum number of bus agents allowed on the bus. After determining its agent identification, each bus agent initializes its arbitration counter such that every agent agrees which agent is the priority agent.Type: GrantFiled: November 19, 1997Date of Patent: May 4, 1999Assignee: Intel CorporationInventors: Matthew A. Fisch, Michael W. Rhodehamel, Nitin Sarangdhar
-
Patent number: 5761449Abstract: A bus system for a computer having multiple agents provides a mechanism for unilaterally and dynamically limiting the pipelining depth. Each agent includes a state machine which indicates whether the bus is in a throttled state, a stalled state or a free state. When in a free state, an agent having control of the bus may transmit any number of bus transactions and the depth of the pipeline may therefore increase. In the throttled state, the agent may transmit only a single bus transaction from the throttled state. The state machine always transitions either to the stalled state or to the free state. In the stalled state, no agents may transmit transactions onto the bus and the depth of the pipeline therefore cannot increase and instead may decrease with time as previously issued transactions are drained from the bus.Type: GrantFiled: June 6, 1997Date of Patent: June 2, 1998Assignee: Intel CorporationInventors: Nitin Sarangdhar, Michael Rhodehamel, Matthew Fisch
-
Patent number: 5724527Abstract: A multiprocessor computing system includes a serial bus and implements a boot protocol in which each processor compares a vector field of a boot message issued on the serial bus by a first processor with an ID of the processor; a match indicating that the first processor is a bootstrap processor (BSP). The non-BSPs are halted and, after issuing a final message on the bus, the BSP fetches code to start a reset sequence. The BSP then sends a message to wake the non-BSPs, after which time the operating system software is given control. Faulty processors that fail to participate in the boot protocol do not stop the selection of a BSP as long as one processor in the system is functional.Type: GrantFiled: December 28, 1995Date of Patent: March 3, 1998Assignee: Intel CorporationInventors: Milind Karnik, Joseph Batz, Keshavan Tiruvallur, Andrew Glew, Frank Binns, Shreekant Thakkar, Nitin Sarangdhar
-
Patent number: 5659689Abstract: A method and apparatus for use in transmitting information on a wired-OR signal line is described which employs a data transfer protocol exploiting the generally shorter signal settling time occurring following high to low signal voltage transitions than occurs following low to high signal voltage transitions. In accordance with the protocol, the transmission of meaningful information on multiple-driver signal lines is restricted to the assertion of high to low signal voltage transitions. By asserting meaningful information only on high to low transitions, the clock period for the bus may be set based on the voltage settling time resulting from only high to low transitions rather than from arbitrary transitions. As a result, the transmission of meaningful signals are all within the limits of incident wave switching and a high overall information transmission rate is achieved.Type: GrantFiled: March 1, 1994Date of Patent: August 19, 1997Assignee: Intel CorporationInventors: Nitin Sarangdhar, Samuel E. Calvin
-
Patent number: 5561780Abstract: The write-combining buffer combines data from separate data write operations into cache-line-sized buffer units for uncacheable types of data, such as frame buffer data. The write-combining buffer is implemented within a microprocessor having a data cache unit storing cacheable data within cache-lines. The data cache unit includes components and circuitry provided for efficiently inputting and outputting cache-line-sized units of data. By combining many uncacheable data write operations within a single cache-line-sized buffer, the circuitry and techniques employed for processing cache-lines are exploited in the processing of uncacheable data as well. A particular implementation is described wherein uncacheable data units corresponding to graphics write operations within an out-of-order microprocessor are combined into cache-line-sized buffers, then transmitted to a frame buffer using a burst mode eviction.Type: GrantFiled: December 30, 1993Date of Patent: October 1, 1996Assignee: Intel CorporationInventors: Andy Glew, Nitin Sarangdhar, Mandar Joshi