Patents by Inventor Patrick Koeberl

Patrick Koeberl has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240314213
    Abstract: A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.
    Type: Application
    Filed: January 11, 2024
    Publication date: September 19, 2024
    Inventors: Steffen Schulz, Patrick Koeberl, Alpa Narendra Trivedi, Scott Weber
  • Patent number: 12050722
    Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.
    Type: Grant
    Filed: September 6, 2023
    Date of Patent: July 30, 2024
    Assignee: INTEL CORPORATION
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl
  • Patent number: 12003238
    Abstract: An integrated circuit device may include a programmable fabric die having programmable logic fabric and configuration memory that may configure the programmable logic fabric. The integrated circuit device may also include a base die that may provide fabric support circuitry, including memory and/or communication interfaces as well as compute elements that may also be application-specific. The memory in the base die may be directly accessed by the programmable fabric die using a low-latency, high capacity, and high bandwidth interface.
    Type: Grant
    Filed: August 20, 2021
    Date of Patent: June 4, 2024
    Assignee: Intel Corporation
    Inventors: Scott Jeremy Weber, Aravind Raghavendra Dasu, Mahesh A. Iyer, Patrick Koeberl
  • Patent number: 11895201
    Abstract: A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: February 6, 2024
    Assignee: Intel Corporation
    Inventors: Steffen Schulz, Patrick Koeberl, Alpa Narendra Trivedi, Scott Weber
  • Publication number: 20240012951
    Abstract: An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); generate a partial reconfiguration (PR) bitstream based on the base bitstream, the PR bitstream to fit within at least one PR region of PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.
    Type: Application
    Filed: September 26, 2023
    Publication date: January 11, 2024
    Applicant: Intel Corporation
    Inventors: Alpa Trivedi, Steffen Schulz, Patrick Koeberl
  • Patent number: 11853468
    Abstract: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.
    Type: Grant
    Filed: October 26, 2022
    Date of Patent: December 26, 2023
    Assignee: INTEL CORPORATION
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl
  • Publication number: 20230409762
    Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes a cloud service provider (CSP) execution platform comprising hardware circuitry for executing virtualized environments and comprising hardware accelerator devices, wherein the CSP execution platform to: authorize a tenant to deploy workloads of the tenant to CSP execution resources; provide a group status report to the tenant to inform the tenant of an existence and a status of a group of trusted execution platforms, wherein the group comprises at least one of the CSP execution resources; receive an encrypted workload of the tenant, wherein the encrypted workload is encrypted using a group public key of the group; store the encrypted workload at storage of the CSP execution platform; and dispatch the encrypted workload to the at least one of the CSP execution resources of the group.
    Type: Application
    Filed: September 6, 2023
    Publication date: December 21, 2023
    Applicant: Intel Corporation
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl
  • Patent number: 11828776
    Abstract: A voltage detection circuit includes a tunable delay circuit that receives a supply voltage and that generates a delayed signal in response to an input signal. A control circuit causes a first adjustment in a delay provided by the tunable delay circuit to the delayed signal. An error detection circuit generates an error indication in an error signal in response to a change in a timing of the delayed signal relative to a clock signal caused by the first adjustment in the delay provided to the delayed signal. The control circuit causes a second adjustment in the delay provided by the tunable delay circuit to the delayed signal in response to the error indication. The error detection circuit causes the error signal to be indicative of the supply voltage reaching a threshold voltage after the second adjustment in the delay.
    Type: Grant
    Filed: March 25, 2020
    Date of Patent: November 28, 2023
    Assignee: Intel Corporation
    Inventors: Pratik Patel, Sriram Vangal, Patrick Koeberl, Miguel Bautista Gabriel, James Tschanz, Carlos Tokunaga
  • Publication number: 20230367916
    Abstract: An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed.
    Type: Application
    Filed: July 26, 2023
    Publication date: November 16, 2023
    Applicant: Intel Corporation
    Inventors: Alpa Trivedi, Steffen Schulz, Patrick Koeberl
  • Patent number: 11816253
    Abstract: An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); verify partial reconfiguration (PR) boundary setups and PR isolation of an accelerator device, the PR boundary setups and PR isolation published by the CSP; generate PR bitstream to fit within at least one PR region of the PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.
    Type: Grant
    Filed: December 22, 2020
    Date of Patent: November 14, 2023
    Assignee: INTEL CORPORATION
    Inventors: Alpa Trivedi, Steffen Schulz, Patrick Koeberl
  • Patent number: 11783096
    Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes an execution platform for secure execution of a workload of the tenant to: perform an attestation of the execution platform with a cloud service provider (CSP); receive a command from the CSP to create a group of trusted execution platforms; create the group comprising the execution platform; confirm an existence and a status of the group based on the attestation of the execution platform and based on a current group status of the group; report a trusted computing base (TCB) of the first execution platform to other member execution platforms of the group, wherein the other member execution platforms satisfy minimum TCB requirements of the group; and execute an encrypted workload of the tenant using a group private key, wherein the workload of the tenant is encrypted using a group public key.
    Type: Grant
    Filed: March 30, 2022
    Date of Patent: October 10, 2023
    Assignee: INTEL CORPORATION
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl
  • Publication number: 20230297727
    Abstract: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to perform, as part of a PR configuration sequence for a new partial reconfiguration (PR) persona corresponding to a PR bitstream, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation.
    Type: Application
    Filed: April 14, 2023
    Publication date: September 21, 2023
    Applicant: Intel Corporation
    Inventors: Alpa Trivedi, Scott Weber, Steffen Schulz, Patrick Koeberl
  • Patent number: 11763043
    Abstract: An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to initialize as part of a secure boot and attestation chain of trust; receive configuration data for portions of the security controller, the portions comprising components of the security controller capable of re-programming; verify and validate the configuration data to as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program the portions of the security controller based on the configuration data.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: September 19, 2023
    Assignee: INTEL CORPORATION
    Inventors: Alpa Trivedi, Steffen Schulz, Patrick Koeberl
  • Patent number: 11651111
    Abstract: An apparatus to facilitate enabling secure state-clean during configuration of partial reconfiguration bitstreams on accelerator devices is disclosed. The apparatus includes a security engine to receive an incoming partial reconfiguration (PR) bitstream corresponding to a new PR persona to configure a region of the apparatus; perform, as part of a PR configuration sequence for the new PR persona, a first clear operation to clear previously-set persona configuration bits in the region; perform, as part of the PR configuration sequence subsequent to the first clear operation, a set operation to set new persona configuration bits in the region; and perform, as part of the PR configuration sequence, a second clear operation to clear memory blocks of the region that became unfrozen subsequent to the set operation, the second clear operation performed using a persona-dependent mask corresponding to the new PR persona.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: May 16, 2023
    Assignee: INTEL CORPORATION
    Inventors: Alpa Trivedi, Scott Weber, Steffen Schulz, Patrick Koeberl
  • Publication number: 20230089869
    Abstract: An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, multiplexers, and a validator. In one implementation, the validator is to: receive design rule information for the multiplexers, the design rule information referencing the contention set, wherein the contention set identifies a determined harmful bitstream configuration for each multiplexer instance of the multiplexers, and wherein the contention set comprises a mapping of contents of a user bitstream to configuration bits of the multiplexers; receive, at the validator of the apparatus, the user bitstream for programming the multiplexers of the apparatus; analyze, at the validator using the design rule information, the user bitstream against the contention set at a programming time of the apparatus; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.
    Type: Application
    Filed: November 29, 2022
    Publication date: March 23, 2023
    Applicant: Intel Corporation
    Inventors: Furkan Turan, Patrick Koeberl, Alpa Trivedi, Steffen Schulz, Scott Weber
  • Publication number: 20230068607
    Abstract: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.
    Type: Application
    Filed: October 26, 2022
    Publication date: March 2, 2023
    Applicant: Intel Corporation
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl
  • Patent number: 11556677
    Abstract: An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: January 17, 2023
    Assignee: INTEL CORPORATION
    Inventors: Furkan Turan, Patrick Koeberl, Alpa Trivedi, Steffen Schulz, Scott Weber
  • Patent number: 11537761
    Abstract: An apparatus to facilitate transparent network access controls for spatial accelerator device multi-tenancy is disclosed. The apparatus includes a secure device manager (SDM) to: establish a network-on-chip (NoC) communication path in the apparatus, the NoC communication path comprising a plurality of NoC nodes for ingress and egress of communications on the NoC communication path; for each NoC node of the NoC communication path, configure a programmable register of the NoC node to indicate a node group that the NoC node is assigned, the node group corresponding to a persona configured on the apparatus; determine whether a prefix of received data at the NoC node matches the node group indicated by the programmable register of the NoC; and responsive to determining that the prefix does not match the node group, discard the data from the NoC node.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: December 27, 2022
    Assignee: Intel Corporation
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl
  • Publication number: 20220222202
    Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes an execution platform for secure execution of a workload of the tenant to: perform an attestation of the execution platform with a cloud service provider (CSP); receive a command from the CSP to create a group of trusted execution platforms; create the group comprising the execution platform; confirm an existence and a status of the group based on the attestation of the execution platform and based on a current group status of the group; report a trusted computing base (TCB) of the first execution platform to other member execution platforms of the group, wherein the other member execution platforms satisfy minimum TCB requirements of the group; and execute an encrypted workload of the tenant using a group private key, wherein the workload of the tenant is encrypted using a group public key.
    Type: Application
    Filed: March 30, 2022
    Publication date: July 14, 2022
    Applicant: Intel Corporation
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl
  • Patent number: 11328111
    Abstract: An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes one or more processors to: request a group status report to confirm a status of a group of trusted execution platforms from a cloud service provider (CSP) providing scalable runtime validation for on-device design rule checks; validate, by a tenant, a minimum trusted computing base (TCB) declared with the group status report; determine, based on validation of the minimum TCB, whether a set of group members of the group of trusted execution platforms satisfies security requirements of the tenant; responsive to the set of group members satisfying the security requirement, utilize a group public key to encrypt a workload of the tenant; and send the encrypted workload to the CSP for storage by the CSP and subsequent execution by an execution platform of the group using a private group key.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: May 10, 2022
    Assignee: INTEL CORPORATION
    Inventors: Steffen Schulz, Alpa Trivedi, Patrick Koeberl