Patents by Inventor Reshma Lal

Reshma Lal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210365591
    Abstract: Technologies to perform a secure debug of a FPGA are described. In some examples an apparatus comprises an accelerator device comprising processing circuitry to facilitate acceleration of a processing workload executable on a remote processing device, a computer-readable memory to store logic operations executable on the accelerator device, and a debug module. The debug module comprises one or more debug registers to store debug data for the logic operations executable on the accelerator device and processing circuitry to receive, from a debug application on the remote processing device, a memory access request directed to a target debug register of the one or more debug registers, encrypt the debug data in the target debug register to generate encrypted debug data, and return the encrypted debug data to the debug application. Other embodiments are described and claimed.
    Type: Application
    Filed: May 22, 2020
    Publication date: November 25, 2021
    Applicant: Intel Corporation
    Inventors: Soham Jayesh Desai, Reshma Lal
  • Patent number: 11169935
    Abstract: Technologies for secure data transfer include a computing device having a processor, an accelerator, and a security engine, such as a direct memory access (DMA) engine or a memory-mapped I/O (MMIO) engine. The computing device initializes the security engine with an initialization vector and a secret key. During initialization, the security engine pre-fills block cipher pipelines and pre-computes hash subkeys. After initialization, the processor initiates a data transfer, such as a DMA transaction or an MMIO request, between the processor and the accelerator. The security engine performs an authenticated cryptographic operation for the data transfer operation. The authenticated cryptographic operation may be AES-GCM authenticated encryption or authenticated decryption. The security engine may perform encryption or decryption using multiple block cipher pipelines. The security engine may calculate an authentication tag using multiple Galois field multipliers. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 26, 2018
    Date of Patent: November 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Luis S. Kida Kida, Reshma Lal
  • Publication number: 20210344653
    Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.
    Type: Application
    Filed: July 7, 2021
    Publication date: November 4, 2021
    Applicant: Intel Corporation
    Inventors: David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas, Kapil Sood, Yu-Yuan Chen, Vedvyas Shanbhogue, Siddhartha Chhabra, Reshma Lal, Reouven Elbaz
  • Patent number: 11163913
    Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: November 2, 2021
    Assignee: INTEL CORPORATION
    Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20210336994
    Abstract: Attestation support in cloud computing environments is described. An example of an apparatus includes one or more processors to process data, including data related to hosting of workloads for one or more tenants; an orchestration element to receive a request for support of a workload of a tenant according to a selected membership policy, the orchestration element to select a set of one or more compute nodes to provide computation for the workload; and a security manager to receive the membership policy and to receive attestations from the selected compute nodes and, upon determining that the attestations meet the requirements of the membership policy, to add the one or more compute nodes to a group of compute nodes to provide computation for the workload.
    Type: Application
    Filed: December 24, 2020
    Publication date: October 28, 2021
    Applicant: Intel Corporation
    Inventors: Vincent Scarlata, Alpa Trivedi, Reshma Lal
  • Patent number: 11157623
    Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.
    Type: Grant
    Filed: February 20, 2019
    Date of Patent: October 26, 2021
    Assignee: INTEL CORPORATION
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
  • Publication number: 20210319118
    Abstract: In one embodiment, an apparatus includes a channel filter and a security processor. The security processor is to: receive a plurality of device access control policies from a protected non-volatile storage of a platform; determine whether the plurality of device access control policies are verified; program the channel filter with a plurality of filter entries each associated with one of the plurality of device access control policies based on the determination; and remove a security attribute of the security processor from a policy register of the channel filter, to lock the channel filter for a boot cycle of the platform. Other embodiments are described and claimed.
    Type: Application
    Filed: June 21, 2021
    Publication date: October 14, 2021
    Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
  • Publication number: 20210318920
    Abstract: A method of offloading performance of a workload includes receiving, on a first computing system acting as an initiator, a first function call from a caller, the first function call to be executed by an accelerator on a second computing system acting as a target, the first computing system coupled to the second computing system by a network; determining a type of the first function call; and generating a list of parameter values of the first function call.
    Type: Application
    Filed: June 25, 2021
    Publication date: October 14, 2021
    Applicant: Intel Corporation
    Inventors: Pradeep Pappachan, Sujoy Sen, Joseph Grecco, Mukesh Gangadhar Bhavani Venkatesan, Reshma Lal
  • Publication number: 20210311798
    Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of microservices cluster.
    Type: Application
    Filed: June 24, 2021
    Publication date: October 7, 2021
    Applicant: Intel Corporation
    Inventors: Soham Jayesh Desai, Reshma Lal
  • Publication number: 20210311904
    Abstract: A computer platform is disclosed. The computer platform comprises a non-volatile memory to store fuse override data; and a system on chip (SOC), coupled to the non-volatile memory, including a fuse memory to store fuse data and security micro-controller to receive the fuse override data and perform a fuse override to overwrite the fuse data stored in the fuse memory with the fuse override data.
    Type: Application
    Filed: June 22, 2021
    Publication date: October 7, 2021
    Applicant: Intel Corporation
    Inventors: Bharat Pillilli, Saravana Priya Ramanathan, Reshma Lal
  • Publication number: 20210311629
    Abstract: A computing platform comprising a first computer system including a first host and a first accelerator communicatively coupled to the first host, including a first memory, a first page table to perform a translation of virtual addresses to physical addresses in the first memory and a first trusted agent to validate the address translations.
    Type: Application
    Filed: June 22, 2021
    Publication date: October 7, 2021
    Applicant: Intel Corporation
    Inventors: Pradeep Pappachan, Reshma Lal
  • Patent number: 11138132
    Abstract: Technologies for secure I/O data transfer with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The trusted execution environment may generate an authentication tag based on a memory-mapped I/O transaction, write the authentication tag to a register of the accelerator, and dispatch the transaction to the accelerator. The accelerator performs a cryptographic operation associated with the transaction, generates an authentication tag based on the transaction, and compares the generated authentication tag to the authentication tag received from the trusted execution environment. The accelerator device may initialize an authentication tag in response to a command from the trusted execution environment, transfer data between host memory and accelerator memory, perform a cryptographic operation in response to transferring the data, and update the authentication tag in response to transferrin the data.
    Type: Grant
    Filed: December 26, 2018
    Date of Patent: October 5, 2021
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Alpa Narendra Trivedi, Luis Kida, Pradeep M. Pappachan, Soham Jayesh Desai, Nanda Kumar Unnikrishnan
  • Publication number: 20210297243
    Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first permutation cipher pipeline to defuse a count and a key into a permutation state; a first exclusive-OR (XOR) to generate ciphertext data from 64-bits of the new permutation state; and plaintext data; a concatenator to concatenate the plaintext data and additional authenticated data (AAD) to produce a concatenation result; a second XOR to generate an XOR result from the concatenation result and the latest permutation state; and a second permutation pipeline to generate an authentication tag of the XOR result and the key.
    Type: Application
    Filed: June 8, 2021
    Publication date: September 23, 2021
    Applicant: Intel Corporation
    Inventors: Santosh Ghosh, Luis Kida, Reshma Lal
  • Patent number: 11126733
    Abstract: In one embodiment, an apparatus includes: a memory encryption circuit to encrypt data from a protected device, the data to be stored to a memory; and a filter circuit coupled to the memory encryption circuit, the filter circuit including a plurality of filter entries, each filter entry to store a channel identifier corresponding to a protected device, an access control policy for the protected device, and a session encryption key provided by an enclave, the enclave permitted to access the data according to the access control policy, where the filter circuit is to receive the session encryption key from the enclave in response to validation of the enclave. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: September 21, 2021
    Assignee: Intel Corporation
    Inventors: Pradeep M. Pappachan, Siddhartha Chhabra, Bin Xing, Reshma Lal, Baruch Chaikin
  • Patent number: 11070527
    Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: July 20, 2021
    Assignee: Intel Corporation
    Inventors: David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas, Kapil Sood, Yu-Yuan Chen, Vedvyas Shanbhogue, Siddhartha Chhabra, Reshma Lal, Reouven Elbaz
  • Patent number: 11048800
    Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: June 29, 2021
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
  • Publication number: 20210126776
    Abstract: Technologies for establishing device locality are disclosed. A processor in a computing device generates an identifier distinct to the computing device. The processor transmits the identifier to a management controller via a hardware bus in the computing device. The processor generates a key and encrypts the key with the identifier to generate a wrapped key. The processor transmits the wrapped key to the management controller. In turn, the management controller unwraps the key using the identifier. Other embodiments are described and claimed.
    Type: Application
    Filed: September 25, 2020
    Publication date: April 29, 2021
    Inventors: Bo Zhang, Siddhartha Chhabra, William A. Stevens, Reshma Lal
  • Publication number: 20210117576
    Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
    Type: Application
    Filed: December 2, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20210117247
    Abstract: A computing platform is disclosed. The computing platform includes a first computer system comprising a first graphics processing unit (GPU), a network coupled to the first computer system and a second computer system, coupled to the first computer system via the network, comprising a second GPU, wherein the first and second computer system are configured to perform distributed processing of graphics workloads between the first GPU and the second GPU.
    Type: Application
    Filed: December 24, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Selvakumar Panneer, Pradeep Pappachan, Reshma Lal
  • Publication number: 20210117246
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.
    Type: Application
    Filed: December 23, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp