Patents by Inventor Salessawi Ferede Yitbarek
Salessawi Ferede Yitbarek has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240143802Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.Type: ApplicationFiled: October 27, 2023Publication date: May 2, 2024Applicant: Intel CorporationInventors: Salessawi Ferede Yitbarek, Lawrence A. Booth, Jr., Brent D. Thomas, Reshma Lal, Pradeep M. Pappachan, Akshay Kadam
-
Patent number: 11836272Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.Type: GrantFiled: July 28, 2022Date of Patent: December 5, 2023Assignee: INTEL CORPORATIONInventors: Lawrence A. Booth, Jr., Salessawi Ferede Yitbarek, Reshma Lal, Pradeep M. Pappachan, Brent D. Thomas
-
Patent number: 11836262Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.Type: GrantFiled: October 3, 2022Date of Patent: December 5, 2023Assignee: INTEL CORPORATIONInventors: Salessawi Ferede Yitbarek, Lawrence A. Booth, Jr., Brent D. Thomas, Reshma Lal, Pradeep M. Pappachan, Akshay Kadam
-
Patent number: 11575672Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent executes an attestation algorithm to generate a first secure attestation for the first I/O device and a second secure attestation for the second I/O device, obtains a peer-to-peer communication key, and forwards the peer-to-peer communication key to the first I/O device and a second I/O device to enable secure peer-to-peer communication between the first I/O device and the second I/O device over a communication link secured by the peer-to-peer communication key. Other embodiments are described and claimed.Type: GrantFiled: December 20, 2019Date of Patent: February 7, 2023Assignee: INTEL CORPORATIONInventors: Salessawi Ferede Yitbarek, Pradeep M. Pappachan, Vincent Scarlata, Reshma Lal
-
Publication number: 20230026602Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.Type: ApplicationFiled: October 3, 2022Publication date: January 26, 2023Applicant: Intel CorporationInventors: Salessawi Ferede Yitbarek, Lawrence A. Booth, JR., Brent D. Thomas, Reshma Lal, Pradeep M. Pappachan, Akshay Kadam
-
Publication number: 20220366081Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.Type: ApplicationFiled: July 28, 2022Publication date: November 17, 2022Applicant: Intel CorporationInventors: Lawrence A. Booth, JR., Salessawi Ferede Yitbarek, Reshma Lal, Pradeep M. Pappachan, Brent D. Thomas
-
Patent number: 11461483Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.Type: GrantFiled: January 28, 2020Date of Patent: October 4, 2022Assignee: Intel CorporationInventors: Salessawi Ferede Yitbarek, Lawrence A. Booth, Jr., Brent D. Thomas, Reshma Lal, Pradeep M. Pappachan, Akshay Kadam
-
Patent number: 11423171Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.Type: GrantFiled: December 23, 2019Date of Patent: August 23, 2022Assignee: Intel CorporationInventors: Lawrence A. Booth, Jr., Salessawi Ferede Yitbarek, Reshma Lal, Pradeep M. Pappachan, Brent D. Thomas
-
Publication number: 20200167488Abstract: Embodiments are directed to protection of communications between a trusted execution environment and a hardware accelerator utilizing enhanced end-to-end encryption and inter-context security. An embodiment of an apparatus includes one or more processors having one or more trusted execution environments (TEEs) including a first TEE to include a first trusted application; an interface with a hardware accelerator, the hardware accelerator including trusted embedded software or firmware; and a computer memory to store an untrusted kernel mode driver for the hardware accelerator, the one or more processors to establish an encrypted tunnel between the first trusted application in the first TEE and the trusted software or firmware, generate a call for a first command from the first trusted application, generate an integrity tag for the first command, and transfer command parameters for the first command and the integrity tag to the kernel mode driver to generate the first command.Type: ApplicationFiled: January 28, 2020Publication date: May 28, 2020Applicant: Intel CorporationInventors: Salessawi Ferede Yitbarek, Lawrence A. Booth Jr., Brent Thomas, Reshma Lal, Pradeep M. Pappachan, Akshay Kadam
-
Publication number: 20200153629Abstract: A method comprises initializing a compute platform in a cloud computing environment, assigning at least a first cryptographic key associated with the platform manufacturer and a second cryptographic key associated with a workload owner to a debug/management interface of the compute platform, and encrypting device information generated by the debug/management interface of the compute platform using at least one of the first cryptographic key or the second cryptographic key.Type: ApplicationFiled: December 20, 2019Publication date: May 14, 2020Applicant: Intel CorporationInventors: Salessawi Ferede Yitbarek, Luis Kida, Vincent Scarlata, Reshma Lal, Simon Johnson
-
Publication number: 20200145419Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent executes an attestation algorithm to generate a first secure attestation for the first I/O device and a second secure attestation for the second I/O device, obtains a peer-to-peer communication key, and forwards the peer-to-peer communication key to the first I/O device and a second I/O device to enable secure peer-to-peer communication between the first I/O device and the second I/O device over a communication link secured by the peer-to-peer communication key. Other embodiments are described and claimed.Type: ApplicationFiled: December 20, 2019Publication date: May 7, 2020Applicant: Intel CorporationInventors: Salessawi Ferede Yitbarek, Pradeep M. Pappachan, Vincent Scarlata, Reshma Lal
-
Publication number: 20200134230Abstract: Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.Type: ApplicationFiled: December 23, 2019Publication date: April 30, 2020Applicant: Intel CorporationInventors: Lawrence A. Booth, JR., Salessawi Ferede Yitbarek, Reshma Lal, Pradeep M. Pappachan, Brent Thomas
-
Publication number: 20200127850Abstract: A method comprises receiving, in a trusted execution environment (TEE), an attestation public key and one or more endorsement credentials for a trusted platform module, inspecting the one or more endorsement credentials for the trusted platform module, generating an attestation that the attestation public key resides within the trusted platform module identified by the one or more endorsement credentials, the attestation comprising at least a portion of the public attestation key, encrypting, in the trusted execution environment, at least a component of the attestation to generate an attestation key activation blob, forwarding the attestation key activation blob to the platform module, and receiving, from the platform module, a response that varies based on whether at least a portion of the public attestation key in the attestation key activation blob matches a public attestation key on the platform module.Type: ApplicationFiled: December 20, 2019Publication date: April 23, 2020Applicant: Intel CorporationInventors: Vincent Scarlata, Bin Xing, Reshma Lal, Salessawi Ferede Yitbarek, Shanwei Cen