Patents by Inventor Pradeep Pappachan

Pradeep Pappachan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11941457
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.
    Type: Grant
    Filed: November 12, 2021
    Date of Patent: March 26, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20240086258
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.
    Type: Application
    Filed: November 16, 2023
    Publication date: March 14, 2024
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20240070091
    Abstract: An apparatus comprises a hardware processor to program a memory table for a trusted domain with a first device identifier associated with a device, a guest physical address (GPA) range associated with the device, and a guest physical address offset, receive a memory access request from the device, the memory access request comprising a second device identifier and a guest physical address, and validate the memory access request using the memory table.
    Type: Application
    Filed: August 29, 2022
    Publication date: February 29, 2024
    Applicant: Intel Corporation
    Inventors: Pradeep Pappachan, Krystof Zmudzinski, Reshma Lal
  • Publication number: 20240061697
    Abstract: An apparatus comprises a hardware processor to create an input/output control data structure (IOCS) for a trusted execution environment (TEE), allocate an input/output (I/O) address range comprising a host physical address (HPA) and a plurality of input/output (IO) pages to the input/output control structure, create an entry in the input/output control structure (IOCS) for a set of input/output (IO) pages and a device identifier for a remote device, set a pending bit to a first value which indicates that the remote device is authorized to access the input/output (I/O) address range, and grant the remote device access to the set of input/output pages in the input/output control structure upon verification of an input/output (IO) address range for the remote device.
    Type: Application
    Filed: August 19, 2022
    Publication date: February 22, 2024
    Applicant: Intel Corporation
    Inventors: RESHMA LAL, KRYSTOF ZMUDZINSKI, PRADEEP PAPPACHAN
  • Patent number: 11893425
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a processor executing a trusted execution environment (TEE) comprising a field-programmable gate array (FPGA) driver to interface with an FPGA device that is remote to the apparatus; and a remote memory-mapped input/output (MMIO) driver to expose the FPGA device as a legacy device to the FPGA driver, wherein the processor to utilize the remote MMIO driver to: enumerate the FPGA device using FPGA enumeration data provided by a remote management controller of the FPGA device, the FPGA enumeration data comprising a configuration space and device details; load function drivers for the FPGA device in the TEE; create corresponding device files in the TEE based on the FPGA enumeration data; and handle remote MMIO reads and writes to the FPGA device via a network transport protocol.
    Type: Grant
    Filed: November 19, 2021
    Date of Patent: February 6, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20230297725
    Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
    Type: Application
    Filed: May 22, 2023
    Publication date: September 21, 2023
    Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
  • Patent number: 11644980
    Abstract: A computing platform comprising a first computer system including a first host and a first accelerator communicatively coupled to the first host, including a first memory, a first page table to perform a translation of virtual addresses to physical addresses in the first memory and a first trusted agent to validate the address translations.
    Type: Grant
    Filed: June 22, 2021
    Date of Patent: May 9, 2023
    Assignee: Intel Corporation
    Inventors: Pradeep Pappachan, Reshma Lal
  • Patent number: 11599621
    Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.
    Type: Grant
    Filed: March 30, 2019
    Date of Patent: March 7, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Rajesh Sankaran, Abhishek Basak, Pradeep Pappachan, Utkarsh Y. Kakaiya, Ravi Sahita, Rupin Vakharwala
  • Patent number: 11593529
    Abstract: Systems, apparatuses, methods, and computer-readable media are provided for device interface management. A device includes a device interface, a virtual machine (VM) includes a device driver, both to facilitate assignment of the device to the VM, access of the device by the VM, or removal of the device from being assigned to the VM. The VM is managed by a hypervisor of a computing platform coupled to the device by a computer bus. The device interface includes logic in support of a device management protocol to place the device interface in an unlocked state, a locked state to prevent changes to be made to the device interface, or an operational state to enable access to device registers of the device by the VM or direct memory access to memory address spaces of the VM, or an error state. Other embodiments may be described and/or claimed.
    Type: Grant
    Filed: November 18, 2019
    Date of Patent: February 28, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Utkarsh Y. Kakaiya, Ravi Sahita, Abhishek Basak, Pradeep Pappachan, Erdem Aktas
  • Publication number: 20230048915
    Abstract: A method of offloading performance of a workload includes receiving, on a first computing system acting as an initiator, a first function call from a caller, the first function call to be executed by an accelerator on a second computing system acting as a target, the first computing system coupled to the second computing system by a network; determining a type of the first function call; and generating a list of parameter values of the first function call.
    Type: Application
    Filed: October 18, 2022
    Publication date: February 16, 2023
    Inventors: Pradeep Pappachan, Sujoy Sen, Joseph Grecco, Mukesh Gangadhar Bhavani Venkatesan, Reshma Lal
  • Patent number: 11537457
    Abstract: A method of offloading performance of a workload includes receiving, on a first computing system acting as an initiator, a first function call from a caller, the first function call to be executed by an accelerator on a second computing system acting as a target, the first computing system coupled to the second computing system by a network; determining a type of the first function call; and generating a list of parameter values of the first function call.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: December 27, 2022
    Assignee: INTEL CORPORATION
    Inventors: Pradeep Pappachan, Sujoy Sen, Joseph Grecco, Mukesh Gangadhar Bhavani Venkatesan, Reshma Lal
  • Patent number: 11494523
    Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
    Type: Grant
    Filed: August 14, 2020
    Date of Patent: November 8, 2022
    Assignee: Intel Corporation
    Inventors: Abhishek Basak, Pradeep Pappachan, Siddhartha Chhabra, Alpa Narendra Trivedi, Erdem Aktas, Ravi Sahita
  • Patent number: 11373013
    Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: June 28, 2022
    Assignee: INTEL CORPORATION
    Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20220141026
    Abstract: Methods, apparatuses and system provide for technology that interleaves a plurality of verification commands with a plurality of copy commands in a command buffer, wherein each copy command includes a message authentication code (MAC) derived from a master session key, wherein one or more of the plurality of verification commands corresponds to a copy command in the plurality of copy commands, and wherein a verification command at an end of the command buffer corresponds to contents of the command buffer. The technology may also add a MAC generation command to the command buffer, wherein the MAC generation command references an address of a compute result.
    Type: Application
    Filed: December 23, 2020
    Publication date: May 5, 2022
    Inventors: Ned M. Smith, Gaurav Kumar, Alex Nayshtut, Reshma Lal, Prashant Dewan, Pradeep Pappachan, Rajesh Poornachandran, Omer Ben-Shalom
  • Publication number: 20220100580
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform separate from the apparatus; communicate, by the remote GPU middleware layer, with a kernel mode driver of the one or more processors to cause the host memory to be allocated for command buffers and data structures received from the client platform for consumption by a command streamer of a remote GPU of the apparatus; and invoke, by the remote GPU middleware layer, the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the command buffers and the data structures allocated in the host memory as directed by the command streamer.
    Type: Application
    Filed: November 15, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20220103516
    Abstract: An apparatus comprising a first computing platform including a processor to execute a first trusted executed environment (TEE) to host a first plurality of virtual machines and a first network interface controller to establish a trusted communication channel with a second computing platform via an orchestration controller.
    Type: Application
    Filed: December 10, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Pradeep Pappachan, Luis Kida, Donald E. Wood, Tony Hurson, Reouven Elbaz, Reshma Lal
  • Publication number: 20220100581
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a graphics processing unit (GPU) to: provide a virtual GPU monitor (VGM) to interface over a network with a middleware layer of a client platform, the VGM to interface with the middleware layer using a message passing interface; configure and expose, by the VGM, virtual functions (VFs) of the GPU to the middleware layer of the client platform; intercept, by the VGM, request messages directed to the GPU from the middleware layer, the request messages corresponding to VFs of the GPU to be utilized by the client platform; and generate, by the VGM, a response to the request messages for the middleware client.
    Type: Application
    Filed: November 17, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20220100582
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a processor executing a trusted execution environment (TEE) comprising a field-programmable gate array (FPGA) driver to interface with an FPGA device that is remote to the apparatus; and a remote memory-mapped input/output (MMIO) driver to expose the FPGA device as a legacy device to the FPGA driver, wherein the processor to utilize the remote MMIO driver to: enumerate the FPGA device using FPGA enumeration data provided by a remote management controller of the FPGA device, the FPGA enumeration data comprising a configuration space and device details; load function drivers for the FPGA device in the TEE; create corresponding device files in the TEE based on the FPGA enumeration data; and handle remote MMIO reads and writes to the FPGA device via a network transport protocol.
    Type: Application
    Filed: November 19, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20220100584
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a programmable integrated circuit (IC) comprising system manager hardware circuitry to: interface, over a network, with a remote application of a client platform, the system manager hardware circuitry to interface with the remote application using a message-based interface; perform resource management of resources of the programmable IC; validate incoming messages to the programmable IC; verify whether a requester is allowed to perform requested actions of the incoming messages that are successfully validated; and manage transfer of data between the programmable IC and the remote application based on successfully verifying the requester.
    Type: Application
    Filed: November 22, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20220100579
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.
    Type: Application
    Filed: November 12, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp