Patents by Inventor Reshma Lal

Reshma Lal has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11989595
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to: provide a remote GPU middleware layer to act as a proxy for an application stack on a client platform separate from the apparatus; communicate, by the remote GPU middleware layer, with a kernel mode driver of the one or more processors to cause the host memory to be allocated for command buffers and data structures received from the client platform for consumption by a command streamer of a remote GPU of the apparatus; and invoke, by the remote GPU middleware layer, the kernel mode driver to submit a workload generated by the application stack, the workload submitted for processing by the remote GPU using the command buffers and the data structures allocated in the host memory as directed by the command streamer.
    Type: Grant
    Filed: November 15, 2021
    Date of Patent: May 21, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20240160488
    Abstract: A computing platform comprising a plurality of disaggregated data center resources and an infrastructure processing unit (IPU), communicatively coupled to the plurality of resources, to compose a platform of the plurality of disaggregated data center resources for allocation of micro service s cluster.
    Type: Application
    Filed: December 14, 2023
    Publication date: May 16, 2024
    Applicant: Intel Corporation
    Inventors: Soham Jayesh Desai, Reshma Lal
  • Publication number: 20240160581
    Abstract: An apparatus includes a central processing unit (CPU), including a plurality of processing cores, each having a cache memory, a fabric interconnect coupled to the plurality of processing cores and cryptographic circuitry, coupled to the fabric interconnect including mesh stop station to receive memory data and determine a destination of the memory data and encryption circuitry to encrypt/decrypt the memory data based on a destination of the memory data.
    Type: Application
    Filed: November 14, 2022
    Publication date: May 16, 2024
    Applicant: Intel Corporation
    Inventors: Marcin Andrzej Chrapek, Reshma Lal
  • Publication number: 20240143802
    Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.
    Type: Application
    Filed: October 27, 2023
    Publication date: May 2, 2024
    Applicant: Intel Corporation
    Inventors: Salessawi Ferede Yitbarek, Lawrence A. Booth, Jr., Brent D. Thomas, Reshma Lal, Pradeep M. Pappachan, Akshay Kadam
  • Publication number: 20240143363
    Abstract: An apparatus comprising a memory device, a system on chip (SoC), including a central processing unit (CPU) to execute a virtual machine to retrieve data from the memory device and transmit the data to a remote input/output (I/O) device coupled to a remote computing platform as memory transaction data; and a port to transmit the memory transaction data as transaction layer packets (TLPs) and a network interface card (NIC) to receive the TLPs, including an interface to receive the TLPs and packet conversion hardware to convert the TLPs to network protocol packets and transmit the network protocol packets to the remote I/O memory device.
    Type: Application
    Filed: October 26, 2022
    Publication date: May 2, 2024
    Applicant: Intel Corporation
    Inventor: Reshma Lal
  • Publication number: 20240134804
    Abstract: An apparatus comprising translator circuitry to receive a plurality of physical addresses of memory data, determine an offset associated with each of the physical page addresses and apply a tweak seed to each offset to generate a plurality of tweaks.
    Type: Application
    Filed: October 18, 2022
    Publication date: April 25, 2024
    Applicant: Intel Corporation
    Inventors: Marcin Andrzej Chrapek, Reshma Lal
  • Publication number: 20240126691
    Abstract: Technologies for cryptographic separation of MMIO operations with an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment. The accelerator determines, based on a target memory address, a first memory address range associated with the memory-mapped I/O transaction, generates a second authentication tag using a first cryptographic key from a set of cryptographic keys, wherein the first key is uniquely associated with the first memory address range. An accelerator validator determines whether the first authentication tag matches the second authentication tag, and a memory mapper commits the memory-mapped I/O transaction in response to a determination that the first authentication tag matches the second authentication tag. Other embodiments are described and claimed.
    Type: Application
    Filed: September 7, 2023
    Publication date: April 18, 2024
    Applicant: Intel Corporation
    Inventors: Luis S. Kida, Reshma Lal, Soham Jayesh Desai
  • Publication number: 20240121097
    Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.
    Type: Application
    Filed: December 20, 2023
    Publication date: April 11, 2024
    Applicant: Intel Corporation
    Inventors: Pradeep M. Pappachan, Reshma Lal
  • Patent number: 11947801
    Abstract: An apparatus to facilitate in-place memory copy during remote data transfer in a heterogeneous compute environment is disclosed. The apparatus includes a processor to receive data via a network interface card (NIC) of a hardware accelerator device; identify a destination address of memory of the hardware accelerator device to write the data; determine that access control bits of the destination address in page tables maintained by a memory management unit (MMU) indicate that memory pages of the destination address are both registered and free; write the data to the memory pages of the destination address; and update the access control bits for memory pages of the destination address to indicate that the memory pages are restricted, wherein setting the access control bits to restricted prevents the NIC and a compute kernel of the hardware accelerator device from accessing the memory pages.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: April 2, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Sarbartha Banerjee
  • Publication number: 20240104226
    Abstract: Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.
    Type: Application
    Filed: July 25, 2023
    Publication date: March 28, 2024
    Applicant: Intel Corporation
    Inventors: Pradeep M. Pappachan, Luis S. Kida, Reshma Lal
  • Publication number: 20240106625
    Abstract: Systems and methods include establishing a cryptographically secure communication between an application module and an audio module. The application module is configured to execute on an information-handling machine, and the audio module is coupled to the information-handling machine. The establishment of the cryptographically secure communication may be at least partially facilitated by a mutually trusted module.
    Type: Application
    Filed: November 6, 2023
    Publication date: March 28, 2024
    Applicant: Intel Corporation
    Inventors: Pradeep M. Pappachan, Reshma Lal, Rakesh A. Ughreja, Kumar N. Dwarakanath, Victoria C. Moore
  • Patent number: 11940944
    Abstract: A computer platform is disclosed. The computer platform comprises a non-volatile memory to store fuse override data; and a system on chip (SOC), coupled to the non-volatile memory, including a fuse memory to store fuse data and security micro-controller to receive the fuse override data and perform a fuse override to overwrite the fuse data stored in the fuse memory with the fuse override data.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: March 26, 2024
    Assignee: Intel Corporation
    Inventors: Bharat Pillilli, Saravana Priya Ramanathan, Reshma Lal
  • Patent number: 11941457
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a source remote direct memory access (RDMA) network interface controller (RNIC); a queue to store a data entry corresponding to an RDMA request between the source RNIC and a sink RNIC; a data buffer to store data for an RDMA transfer corresponding to the RDMA request, the RDMA transfer between the source RNIC and the sink RNIC; and a trusted execution environment (TEE) comprising an authentication tag controller to: initialize a first authentication tag calculated using a first key known between a source consumer generating the RDMA request and the source RNIC; associate the first authentication tag with the data entry as integrity verification; initialize a second authentication tag calculated using a second key; and associate the second authentication tag with the data buffer as integrity verification for the data buffer.
    Type: Grant
    Filed: November 12, 2021
    Date of Patent: March 26, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20240086258
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes one or more processors to facilitate receiving a manifest corresponding to graph nodes representing regions of memory of a remote client machine, the graph nodes corresponding to a command buffer and to associated data structures and kernels of the command buffer used to initialize a hardware accelerator and execute the kernels, and the manifest indicating a destination memory location of each of the graph nodes and dependencies of each of the graph nodes; identifying, based on the manifest, the command buffer and the associated data structures to copy to the host memory; identifying, based on the manifest, the kernels to copy to local memory of the hardware accelerator; and patching addresses in the command buffer copied to the host memory with updated addresses of corresponding locations in the host memory.
    Type: Application
    Filed: November 16, 2023
    Publication date: March 14, 2024
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp
  • Publication number: 20240073013
    Abstract: An apparatus comprises a hardware processor to perform an attestation procedure to attest a remote device, establish a session key for a communication session with the remote device, define a linear address (LA) region outside an established address range for a secure enclave, generate, for the linear address (LA) region, a unique encryption key accessible only to the enclave, assign a key identifier to the unique encryption key, store the linear address (LA) region and the unique encryption key in an enclave control structure, set a pending bit in the enclave control structure to a value to indicate that contents of the linear address region cannot be changed without approval from the secure enclave, clear the pending bit to indicate that the linear address range is available for use by the enclave, wrap the key identifier and the unique encryption key with the session key, and send the key identifier and the unique encryption key to the remote device.
    Type: Application
    Filed: August 30, 2022
    Publication date: February 29, 2024
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Krystof Zmudzinski
  • Publication number: 20240070091
    Abstract: An apparatus comprises a hardware processor to program a memory table for a trusted domain with a first device identifier associated with a device, a guest physical address (GPA) range associated with the device, and a guest physical address offset, receive a memory access request from the device, the memory access request comprising a second device identifier and a guest physical address, and validate the memory access request using the memory table.
    Type: Application
    Filed: August 29, 2022
    Publication date: February 29, 2024
    Applicant: Intel Corporation
    Inventors: Pradeep Pappachan, Krystof Zmudzinski, Reshma Lal
  • Publication number: 20240062102
    Abstract: An apparatus to facilitate protecting assets of mutually distrustful entities during federated learning training on a remote device is disclosed. The apparatus includes a processor to a processor to: receive, at a trusted execution environment (TEE) hosted by a client platform, an encrypted machine learning (ML) model and a cryptographic message authentication code (MAC) from a model owner platform, wherein the encrypted ML model is encrypted by the model owner platform using homomorphic encryption (HE); verify integrity of the encrypted ML model using the cryptographic MAC and a TEE key established by the processor during remote attestation of the TEE with the model owner platform; perform, in the TEE, training of the encrypted ML model using HE computation on sensor data; and send, to the model owner platform, output of the training comprising updated model parameters of the encrypted ML model, where the output is homomorphically encrypted.
    Type: Application
    Filed: August 22, 2022
    Publication date: February 22, 2024
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Sarbartha Banerjee
  • Publication number: 20240061697
    Abstract: An apparatus comprises a hardware processor to create an input/output control data structure (IOCS) for a trusted execution environment (TEE), allocate an input/output (I/O) address range comprising a host physical address (HPA) and a plurality of input/output (IO) pages to the input/output control structure, create an entry in the input/output control structure (IOCS) for a set of input/output (IO) pages and a device identifier for a remote device, set a pending bit to a first value which indicates that the remote device is authorized to access the input/output (I/O) address range, and grant the remote device access to the set of input/output pages in the input/output control structure upon verification of an input/output (IO) address range for the remote device.
    Type: Application
    Filed: August 19, 2022
    Publication date: February 22, 2024
    Applicant: Intel Corporation
    Inventors: RESHMA LAL, KRYSTOF ZMUDZINSKI, PRADEEP PAPPACHAN
  • Publication number: 20240045968
    Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
    Type: Application
    Filed: October 23, 2023
    Publication date: February 8, 2024
    Applicant: Intel Corporation
    Inventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
  • Patent number: 11893425
    Abstract: An apparatus to facilitate disaggregated computing for a distributed confidential computing environment is disclosed. The apparatus includes a processor executing a trusted execution environment (TEE) comprising a field-programmable gate array (FPGA) driver to interface with an FPGA device that is remote to the apparatus; and a remote memory-mapped input/output (MMIO) driver to expose the FPGA device as a legacy device to the FPGA driver, wherein the processor to utilize the remote MMIO driver to: enumerate the FPGA device using FPGA enumeration data provided by a remote management controller of the FPGA device, the FPGA enumeration data comprising a configuration space and device details; load function drivers for the FPGA device in the TEE; create corresponding device files in the TEE based on the FPGA enumeration data; and handle remote MMIO reads and writes to the FPGA device via a network transport protocol.
    Type: Grant
    Filed: November 19, 2021
    Date of Patent: February 6, 2024
    Assignee: INTEL CORPORATION
    Inventors: Reshma Lal, Pradeep Pappachan, Luis Kida, Soham Jayesh Desai, Sujoy Sen, Selvakumar Panneer, Robert Sharp