Patents by Inventor Patrick Koeberl

Patrick Koeberl has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10565132
    Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: February 18, 2020
    Assignee: Intel Corporation
    Inventors: Steffen Schulz, Patrick Koeberl
  • Patent number: 10496573
    Abstract: Methods, apparatus, and system to create interrupts which are resolved at runtime relative to an active compartment. Active compartments may be, for example, a compartment of an operating system (“OS”) or a trusted execution environment (“TEE”). The context-specific interrupts comprise an interrupt dispatch table (“IDT”) for each compartment.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: December 3, 2019
    Assignee: Intel Corporation
    Inventors: Steffen Schulz, Patrick Koeberl, Vedvyas Shanbhogue, Jason W. Brandt, Venkateswara R. Madduri, Sang W. Kim, Julien Carreno
  • Patent number: 10395035
    Abstract: Some embodiments include apparatuses having diffusion regions located adjacent each other in a substrate, and connections coupled to the diffusion regions. The diffusion regions include first diffusion regions, second diffusion regions, and third diffusion regions. One of the second diffusion regions and one of the third diffusion regions are between two of the first diffusion regions. One of the first diffusion regions and one of the third diffusion regions are between two of the second diffusion regions. The connections include a first connection coupled to each of the first diffusion regions, a second connection coupled to each of the second diffusion regions, and a third connection coupled to each of the third diffusion regions.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: August 27, 2019
    Assignee: Intel Corporation
    Inventors: Sanu K. Mathew, Sudhir K Satpathy, Vikram B Suresh, Patrick Koeberl
  • Patent number: 10129036
    Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value.
    Type: Grant
    Filed: September 18, 2014
    Date of Patent: November 13, 2018
    Assignee: Intel Corporation
    Inventors: Jiangtao Li, Wei Wu, Patrick Koeberl
  • Publication number: 20180285291
    Abstract: Methods, apparatus, and system to create interrupts which are resolved at runtime relative to an active compartment. Active compartments may be, for example, a compartment of an operating system (“OS”) or a trusted execution environment (“TEE”). The context-specific interrupts comprise an interrupt dispatch table (“IDT”) for each compartment.
    Type: Application
    Filed: March 31, 2017
    Publication date: October 4, 2018
    Inventors: Steffen Schulz, Patrick Koeberl, Vedvyas Shanbhogue, Jason W. Brandt, Venkateswara R. Madduri, Sang W. Kim, Julien Carreno
  • Publication number: 20180173644
    Abstract: Methods and apparatus relating to lightweight trusted tasks are disclosed. In one embodiment, a processor includes a memory interface to a memory to store code, data, and stack segments for a lightweight-trusted task (LTT) mode task and for another task, a LTT control and status register including a lock bit, a processor core to enable LTT-mode, configure the LTT-mode task, and lock down the configuration by writing the lock bit, and a memory protection circuit to: receive a memory access request from the memory interface, the memory access request being associated with the other task, determine whether the memory access request is attempting to access a protected memory region of the LTT-mode task, and protect against the memory access request accessing the protected memory region of the LTT-mode task, regardless of a privilege level of the other task, and regardless of whether the other task is also a LTT-mode task.
    Type: Application
    Filed: December 19, 2016
    Publication date: June 21, 2018
    Inventors: Patrick Koeberl, Steffen Schulz, Vedvyas Shanbhogue, Jason W. Brandt, Venkateswara R. Madduri, Sang W. Kim, Julien Carreno
  • Publication number: 20180157603
    Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.
    Type: Application
    Filed: July 17, 2017
    Publication date: June 7, 2018
    Inventors: Steffen Schulz, Patrick Koeberl
  • Patent number: 9992031
    Abstract: Embodiments of an invention for using dark bits to reduce physically unclonable function (PUF) error rates are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and dark bit logic. The PUF cell array is to provide a raw PUF value. The dark bit logic is to select PUF cells to mark as dark bits and to generate a dark bit mask based on repeated testing of the PUF cell array.
    Type: Grant
    Filed: September 27, 2013
    Date of Patent: June 5, 2018
    Assignee: Intel Corporation
    Inventors: Kevin Gotze, Gregory Iovino, David Johnston, Patrick Koeberl, Jiangtao Li, Wei Wu
  • Publication number: 20180089433
    Abstract: Some embodiments include apparatuses having diffusion regions located adjacent each other in a substrate, and connections coupled to the diffusion regions. The diffusion regions include first diffusion regions, second diffusion regions, and third diffusion regions. One of the second diffusion regions and one of the third diffusion regions are between two of the first diffusion regions. One of the first diffusion regions and one of the third diffusion regions are between two of the second diffusion regions. The connections include a first connection coupled to each of the first diffusion regions, a second connection coupled to each of the second diffusion regions, and a third connection coupled to each of the third diffusion regions.
    Type: Application
    Filed: September 27, 2016
    Publication date: March 29, 2018
    Inventors: Sanu K. Mathew, Sudhir K. Satpathy, Vikram B. Suresh, Patrick Koeberl
  • Patent number: 9710404
    Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: July 18, 2017
    Assignee: Intel Corporation
    Inventors: Steffen Schulz, Patrick Koeberl
  • Patent number: 9697142
    Abstract: Execution-Aware Memory protection technologies are described. A processor includes a processor core and a memory protection unit (MPU). The MPU includes a memory protection table and memory protection logic. The memory protection table defines a first protection region in main memory, the first protection region including a first instruction region and a first data region. The memory protection logic determines a protection violation by a first instruction when 1) an instruction address, resulting from an instruction fetch operation corresponding to the first instruction, is not within the first instruction region or 2) a data address, resulting from an execute operation corresponding to the first instruction, is not within the first data region.
    Type: Grant
    Filed: June 24, 2016
    Date of Patent: July 4, 2017
    Assignee: Intel Corporation
    Inventors: Patrick Koeberl, Steffen Schulz
  • Publication number: 20170187752
    Abstract: Systems, apparatuses and methods may provide for changing the execution mode of a device based on policy enforcement request that is received when the device is located proximately to a specific area. The policy enforcement request is verified with respect to a System on Chip (SoC) platform. An enforcement manager of the SoC platform may enforce the received policy enforcement request if verification is successful, and an attestation controller may report the enforced policy request and a status of the platform to an external device from which the policy request originates.
    Type: Application
    Filed: December 24, 2015
    Publication date: June 29, 2017
    Inventors: Steffen Schulz, Manoj R. Sastry, Li Zhao, Patrick Koeberl
  • Publication number: 20160379207
    Abstract: An apparatus for aggregating secured credentials is described herein. The apparatus includes a processor and a memory. The memory includes code causing the processor to provision a plurality of secured credentials on the apparatus. The code causes the processor to isolate the secured credentials from each other in the memory. The code also causes the processor to emulate a selected secured credential from the secured credentials for a transaction.
    Type: Application
    Filed: June 25, 2015
    Publication date: December 29, 2016
    Applicant: INTEL CORPORATION
    Inventors: Patrick Koeberl, Nikhil M. Deshpande, Anand Rajan
  • Publication number: 20160306752
    Abstract: Execution-Aware Memory protection technologies are described. A processor includes a processor core and a memory protection unit (MPU). The MPU includes a memory protection table and memory protection logic. The memory protection table defines a first protection region in main memory, the first protection region including a first instruction region and a first data region. The memory protection logic determines a protection violation by a first instruction when 1) an instruction address, resulting from an instruction fetch operation corresponding to the first instruction, is not within the first instruction region or 2) a data address, resulting from an execute operation corresponding to the first instruction, is not within the first data region.
    Type: Application
    Filed: June 24, 2016
    Publication date: October 20, 2016
    Inventors: Patrick Koeberl, Steffen Schulz
  • Publication number: 20160283402
    Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.
    Type: Application
    Filed: March 23, 2015
    Publication date: September 29, 2016
    Inventors: Steffen Schulz, Patrick Koeberl
  • Patent number: 9395993
    Abstract: Execution-Aware Memory protection technologies are described. A processor includes an instruction fetch unit to fetch instructions of applications executing in a multitasking environment and an execution unit to execute the instructions. A memory protection unit (MPU) enforces memory access control of the applications by defining an instruction region (I-space) and a data region (D-space and linking the I-space to the D-space. When the MPU determining whether an instruction address is within the I-space and whether a data address of a data access operation is within the D-space. The MPU issues a memory protection fault for the data access operation when either the instruction address is not within the I-space or the data address is not within the D-space.
    Type: Grant
    Filed: July 29, 2013
    Date of Patent: July 19, 2016
    Assignee: Intel Corporation
    Inventors: Patrick Koeberl, Steffen Schulz
  • Patent number: 9307409
    Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of protecting domains of a multimode wireless radio transceiver. For example, an apparatus may include a protection domain controller (PDC) to restrict access of a configuration software to a protection domain of a plurality of protection domains of a multimode wireless radio transceiver based on a security level of the configuration software, wherein the protection domain includes one or more radio configuration parameters of the multimode wireless radio transceiver.
    Type: Grant
    Filed: December 27, 2013
    Date of Patent: April 5, 2016
    Assignee: INTEL CORPORATION
    Inventors: Farhana Asrar Sheikh, Patrick Koeberl, Jesse Walker, Hossein Alavi, Men Long, Ram Kumar Krishnamurthy, Alpa T. Narendra Trivedi
  • Publication number: 20160087805
    Abstract: In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value.
    Type: Application
    Filed: September 18, 2014
    Publication date: March 24, 2016
    Inventors: JIANGTAO LI, WEI WU, PATRICK KOEBERL
  • Patent number: 9262256
    Abstract: Dark-bit masking technologies for physically unclonable function (PUF) components are described. A computing system includes a processor core and a secure key manager component coupled to the processor core. The secure key manager includes the PUF component, and a dark-bit masking circuit coupled to the PUF component. The dark-bit masking circuit is to measure a PUF value of the PUF component multiple times during a dark-bit window to detect whether the PUF value of the PUF component is a dark bit. The dark bit indicates that the PUF value of the PUF component is unstable during the dark-bit window. The dark-bit masking circuit is to output the PUF value as an output PUF bit of the PUF component when the PUF value is not the dark bit and set the output PUF bit to be a specified value when the PUF value of the PUF component is the dark bit.
    Type: Grant
    Filed: December 24, 2013
    Date of Patent: February 16, 2016
    Assignee: Intel Corporation
    Inventors: Sanu K. Mathew, Sudhir K. Satpathy, Patrick Koeberl, Jiangtao Li, Ram K. Krishnamurthy, Anand Rajan
  • Publication number: 20150188717
    Abstract: Embodiments of an invention for using physically unclonable function redundant bits are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and redundancy logic. The PUF cell array includes a plurality of redundant cells and is to provide a raw PUF value. The redundancy logic is to generate a redirection list to be used to replace each of one or more bits of the raw PUF value with a redundant bit value from one of the redundant cells.
    Type: Application
    Filed: December 26, 2013
    Publication date: July 2, 2015
    Inventors: Wei WU, Jiangtao Li, Patrick Koeberl