Patents by Inventor Prashant Dewan
Prashant Dewan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240129315Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.Type: ApplicationFiled: September 29, 2023Publication date: April 18, 2024Inventors: Hong C. Li, John B. Vicente, Prashant Dewan
-
Patent number: 11928215Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.Type: GrantFiled: June 29, 2022Date of Patent: March 12, 2024Assignee: Intel CorporationInventors: Prashant Dewan, Chao Zhang, Nivedita Aggarwal, Aditya Katragada, Mohamed Haniffa, Kenji Chen
-
Patent number: 11921645Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).Type: GrantFiled: September 16, 2022Date of Patent: March 5, 2024Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan, Abhishek Basak, David M. Durham
-
Publication number: 20240036902Abstract: According to examples, an apparatus may include a processor that may send, to a measurements manager (MM), a first measurement for the processor, cause a hardware and/or a software to send a second measurement to the MM, and cause a virtual machine (VM) to send a third measurement to the MM. The processor may also cause the MM to accumulate the first measurement, the second measurement, and the third measurement and cause the MM to output the accumulated measurements from the MM for attestation of the processor, the hardware and/or the software, the VM, or a combination thereof.Type: ApplicationFiled: July 26, 2022Publication date: February 1, 2024Applicant: Microsoft Technology Licensing, LLCInventors: Prashant DEWAN, Abhilasha BHARGAV-SPANTZEL
-
Patent number: 11886316Abstract: An apparatus to collect firmware measurement data at a computing system is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent, verification logic to generate measurement data by verifying the integrity of the firmware and a register to store the measurement data, and a processor to execute an instruction to collect firmware measurement data from each of the plurality of agents.Type: GrantFiled: April 29, 2022Date of Patent: January 30, 2024Assignee: Intel CorporationInventors: Prashant Dewan, Uttam Sengupta, Aditya Katragada
-
Patent number: 11876835Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack.Type: GrantFiled: October 15, 2021Date of Patent: January 16, 2024Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan
-
Patent number: 11874776Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.Type: GrantFiled: June 25, 2021Date of Patent: January 16, 2024Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan
-
Patent number: 11861009Abstract: An apparatus to facilitate permissions at a computing system platform is disclosed. The apparatus includes a plurality of agents, each including a non-volatile memory storing firmware executed to perform a function associated with the agent and attestation hardware to detect an update at the computing system platform, generate a cryptographic key associated with each of the plurality of agents, perform an attestation with a relying party using the generated cryptographic keys and receive a tuple associated with each of the plurality of agents, wherein a tuple includes one or more permissions indicating platform resources an agent is permitted to access.Type: GrantFiled: December 23, 2020Date of Patent: January 2, 2024Assignee: Intel CorporationInventors: Prashant Dewan, Nivedita Aggarwal
-
Publication number: 20230421361Abstract: Validating proof of possession (POP) of a private key by a device. A computer system generates a provisioning package for a device catalog. The provisioning package including a POP challenge. After generating the provisioning package, the computer system receives a device activation request for a device. The device activation request includes a public key, a device identifier, and a signature. The computer system validates POP of a private key corresponding to the public key, including using the public key, the device identifier, and the POP challenge to cryptographically verify the signature. The computer system establishes a trust relationship with the device, including registering the public key and the device identifier into the device catalog.Type: ApplicationFiled: June 22, 2022Publication date: December 28, 2023Inventors: Andres Felipe BORJA JARAMILLO, Jeremy Joseph CORLEY, Tolga ACAR, Prashant DEWAN
-
Patent number: 11847228Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: December 13, 2021Date of Patent: December 19, 2023Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11847067Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.Type: GrantFiled: October 19, 2021Date of Patent: December 19, 2023Assignee: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan
-
Patent number: 11829483Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: December 13, 2021Date of Patent: November 28, 2023Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11825000Abstract: In one example, a system for asymmetric device attestation includes a physically unclonable function (PUF) configured to generate a response to a challenge. A pseudo-random number generator generates a set of random numbers based on the response. A key generator determines co-prime numbers in the set of random numbers and generates a key pair using the co-prime numbers, wherein the public key is released to a manufacturer of the component for attestation of authenticity of the component. Through extending the PUF circuitry with a pseudo-random number generator, the present techniques are able to withstand unskilled and skilled hardware attacks, as the secret derived from the PUF is immune to extraction.Type: GrantFiled: May 12, 2022Date of Patent: November 21, 2023Assignee: Intel CorporationInventors: Prashant Dewan, Baiju Patel
-
Patent number: 11811772Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.Type: GrantFiled: December 18, 2020Date of Patent: November 7, 2023Assignee: Intel CorporationInventors: Hong C. Li, John B. Vicente, Prashant Dewan
-
Patent number: 11775634Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a graphics processor; and a graphics driver to facilitate access to the graphics processor, the graphics driver including: an authenticator to establish a trusted channel between the graphics driver and an application driver via mutual authentication of the graphics driver and the application driver; an offloader to offload a computing task to the graphics processor via the trusted channel, the computing task associated with the application driver; and a hypervisor to monitor memory associated with the offloaded computing task for an unauthorized access attempt.Type: GrantFiled: January 28, 2020Date of Patent: October 3, 2023Assignee: MCAFEE, LLCInventors: Paritosh Saxena, Adrian M. M. T. Dunbar, Michael S. Hughes, John Teddy, David Michael Durham, Balaji Vembu, Prashant Dewan, Debra Cablao, Nicholas D. Triantafillou, Jason M. Surprise
-
Patent number: 11775652Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.Type: GrantFiled: December 10, 2021Date of Patent: October 3, 2023Assignee: Intel CorporationInventors: Baiju Patel, Prashant Dewan
-
Patent number: 11768941Abstract: An apparatus to implement an IP independent secure firmware load into an IP agent without a ROM to establish hardware root of trust is disclosed. The apparatus includes a plurality of agents, at least one agent including an isolated memory region accessible only to a trusted entity of the at least one agent and a main memory, and a processor to allocate a section of the isolated memory region of the at least one agent, verify a first stage firmware module, the first stage firmware module comprising instructions to enable the at least one agent to load and verify a second stage firmware module, place the first stage firmware module into memory of the at least one agent without a ROM to establish the hardware root of trust.Type: GrantFiled: March 27, 2020Date of Patent: September 26, 2023Assignee: INTEL CORPORATIONInventors: Vinupama Godavarthi, Andrzej Mialkowski, Kar Leong Wong, Aditya Katragada, Maciej Kusio, Prashant Dewan, Karunakara Kotary
-
Patent number: 11765239Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.Type: GrantFiled: February 2, 2022Date of Patent: September 19, 2023Assignee: Intel CorporationInventors: Prashant Dewan, Siddhartha Chhabra, Uttam K. Sengupta, Howard C. Herbert
-
Patent number: 11734436Abstract: Methods and apparatus relating to Organic Light Emitting Diode (OLED) compensation based on protected content are described. In an embodiment, secure memory stores data that is only accessible by trusted logic. Display controller logic circuitry updates pixel values to be stored in the secure memory based on a plurality of frames. The display controller logic circuitry allows access by untrusted software to the updated pixel values after a first number of updates to the pixel values stored in the secure memory. Other embodiments are also disclosed and claimed.Type: GrantFiled: June 25, 2021Date of Patent: August 22, 2023Assignee: Intel CorporationInventors: Prashant Dewan, Siddhartha Chhabra, Junhai Qiu, Ke Sun
-
Publication number: 20230259364Abstract: An apparatus and method for efficient microcode patching.Type: ApplicationFiled: September 25, 2021Publication date: August 17, 2023Inventors: PRASHANT DEWAN, ARUN HODIGERE, KARUNAKARA KARUNAKARA KOTARY