Patents by Inventor Santosh Ghosh

Santosh Ghosh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11169935
    Abstract: Technologies for secure data transfer include a computing device having a processor, an accelerator, and a security engine, such as a direct memory access (DMA) engine or a memory-mapped I/O (MMIO) engine. The computing device initializes the security engine with an initialization vector and a secret key. During initialization, the security engine pre-fills block cipher pipelines and pre-computes hash subkeys. After initialization, the processor initiates a data transfer, such as a DMA transaction or an MMIO request, between the processor and the accelerator. The security engine performs an authenticated cryptographic operation for the data transfer operation. The authenticated cryptographic operation may be AES-GCM authenticated encryption or authenticated decryption. The security engine may perform encryption or decryption using multiple block cipher pipelines. The security engine may calculate an authentication tag using multiple Galois field multipliers. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 26, 2018
    Date of Patent: November 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Luis S. Kida Kida, Reshma Lal
  • Patent number: 11169934
    Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: November 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Kirk Yap, Siddhartha Chhabra
  • Patent number: 11151007
    Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: October 19, 2021
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Marcio Juliato, Manoj R. Sastry
  • Publication number: 20210297243
    Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first permutation cipher pipeline to defuse a count and a key into a permutation state; a first exclusive-OR (XOR) to generate ciphertext data from 64-bits of the new permutation state; and plaintext data; a concatenator to concatenate the plaintext data and additional authenticated data (AAD) to produce a concatenation result; a second XOR to generate an XOR result from the concatenation result and the latest permutation state; and a second permutation pipeline to generate an authentication tag of the XOR result and the key.
    Type: Application
    Filed: June 8, 2021
    Publication date: September 23, 2021
    Applicant: Intel Corporation
    Inventors: Santosh Ghosh, Luis Kida, Reshma Lal
  • Publication number: 20210126786
    Abstract: In one embodiment, an apparatus includes a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include a multiplier circuit comprising a parallel combinatorial multiplier, and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.
    Type: Application
    Filed: January 8, 2021
    Publication date: April 29, 2021
    Inventors: Santosh Ghosh, Andrew H. Reinders, Sudhir K. Satpathy, Manoj R. Sastry
  • Publication number: 20210119777
    Abstract: An apparatus comprises an input register comprising a state register and a parity field, a first round secure hash algorithm (SHA) datapath communicatively coupled to the state register, comprising a first section to perform a ? step of a SHA calculation, a second section to perform a ? step and a ? step of the SHA calculation, a third section to perform a ? step of the SHA calculation and a fourth section to perform a ? step of the SHA calculation.
    Type: Application
    Filed: December 23, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: SANTOSH GHOSH, Marcio Juliato, Manoj Sastry
  • Publication number: 20210119799
    Abstract: A method comprises maintaining, for at least one remote device, a security footprint and a verified version of a software stack for the remote device, generating an attestation initiation token that includes a nonce to be used to generate an XMSS signature for attestation of the remote device, sending the attestation initiation token to the remote device, receiving, from the remote device, a modified message representative including a hash of a current version of a software stack for the remote device and an indicator of a version number of the current version of the software stack for the remote device, validating the hash, and in response to a determination that the hash is valid, generating an XMSS signature using the security footprint and the current version of a software stack for the remote device and a security footprint for the apparatus.
    Type: Application
    Filed: December 23, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: SANTOSH GHOSH, Marcio Juliato, Manoj Sastry
  • Publication number: 20210119789
    Abstract: A method comprises receiving an image of an update for a software module, a rate parameter, an index parameter, and a public key, generating a 32-byte aligned string, computing a state parameter using the 32-byte aligned string, generating a modified message representative, computing a Merkle Tree root node, and in response to a determination that the Merkle Tree root node matches the public key, forwarding, to a remote device, the image of the update for a software module, the state parameter; and the modified message representative.
    Type: Application
    Filed: December 23, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Santosh Ghosh, Marcio Juliato, Manoj Sastry
  • Publication number: 20210088521
    Abstract: A method of detecting epithelial cancer is described that includes the steps of: (a) determining the level of beta defensin 3 (BD-3) and beta defensin 2 (BD-2) in a suspect sample obtained from a subject; (b) comparing the level of BD-3 to BD-2 determined in the suspect sample to obtain a suspect BD-3/BD-2 ratio, (c) comparing the suspect BD-3/BD-2 ratio to a healthy BD-3/BD-2 ratio to obtain a diagnostic BD-3/BD-2 ratio; and (d) characterizing the subject as having epithelial cancer if the diagnostic BD-3/BD-2 ratio is greater than 1. A microfluidic device for detecting epithelial cancer using the diagnostic BD-3/BD-2 ratio is also described.
    Type: Application
    Filed: October 16, 2020
    Publication date: March 25, 2021
    Inventors: Aaron Weinberg, Santosh Ghosh, Umut A. Gurkan
  • Patent number: 10924276
    Abstract: In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: February 16, 2021
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Andrew H. Reinders, Sudhir K. Satpathy, Manoj R. Sastry
  • Patent number: 10878724
    Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: December 29, 2020
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Li Zhao, Manoj R. Sastry
  • Patent number: 10868817
    Abstract: A data processing system that provides for active prevention of masquerading attacks comprises a microcontroller, a transceiver, and an active attack prevention module (AAPM) in communication with the microcontroller and the transceiver. The microcontroller enables the data processing system to operate as a node in a vehicle control system (VCS). The transceiver enables the node to communicate with a local area network (LAN) of the VCS. The AAPM enables the node to monitor the LAN for messages. In response to detecting a message on the LAN, the AAPM automatically determines whether the message falsely identifies the node as a source, based on a value in an identifier field in the message. In response to determining that the message falsely identifies the node as the source, the AAPM automatically takes at least one remedial action to neutralize the message. Other embodiments are described and claimed.
    Type: Grant
    Filed: July 3, 2018
    Date of Patent: December 15, 2020
    Assignee: Intel Corporation
    Inventors: Marcio Juliato, Shabbir Ahmed, Santosh Ghosh, Manoj R. Sastry
  • Patent number: 10833868
    Abstract: A technique includes generating a direct anonymous attestation (DAA)-based signature to prove an electronic device is a member of a group. Generating the signature includes determining a reciprocal of a prime modulus, and determining the reciprocal of the prime modulus comprises left bit shifting a Barrett multiplier by a predetermined number of bits and multiplying a result of the left bit shifting of the Barrett multiplier with the prime modulus.
    Type: Grant
    Filed: December 28, 2017
    Date of Patent: November 10, 2020
    Assignee: Intel Corporation
    Inventors: Andrew Reinders, Manoj Sastry, Santosh Ghosh, Rafael Misoczki
  • Publication number: 20200349866
    Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.
    Type: Application
    Filed: July 9, 2020
    Publication date: November 5, 2020
    Applicant: Intel Corporation
    Inventors: SANTOSH GHOSH, LI ZHAO, MANOJ R. SASTRY
  • Patent number: 10826710
    Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks.
    Type: Grant
    Filed: November 13, 2019
    Date of Patent: November 3, 2020
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Manoj R. Sastry
  • Patent number: 10816549
    Abstract: A method of detecting epithelial cancer is described that includes the steps of: (a) determining the level of beta defensin 3 (BD-3) and beta defensin 2 (BD-2) in a suspect sample obtained from a subject; (b) comparing the level of BD-3 to BD-2 determined in the suspect sample to obtain a suspect BD-3/BD-2 ratio, (c) comparing the suspect BD-3/BD-2 ratio to a healthy BD-3/BD-2 ratio to obtain a diagnostic BD-3/BD-2 ratio; and (d) characterizing the subject as having epithelial cancer if the diagnostic BD-3/BD-2 ratio is greater than 1. A microfluidic device for detecting epithelial cancer using the diagnostic BD-3/BD-2 ratio is also described.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: October 27, 2020
    Assignee: CASE WESTERN RESERVE UNIVERSITY
    Inventors: Aaron Weinberg, Santosh Ghosh, Umut A. Gurkan
  • Patent number: 10803400
    Abstract: A self-adaptive security framework for a device is disclosed. A first security level for a device is set wherein the first security level comprises procedures that authenticate a user and allow the user to access the device. Input from sensors associated with the device may be received at a contextual sensing engine, wherein the input at least includes location data, and wherein at least a portion of the input is related to a physical setting where the device is located. A threat level for the device is determined in the physical setting via the contextual sensing engine based on analyzing the input. The first security level is altered to a second security level to provide an altered threat response for the device based on the threat level wherein the second security level has different procedures to authenticate the user compared to the first security level.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: October 13, 2020
    Assignee: Intel Corporation
    Inventors: Suraj Sindia, Lital Shiryan, Tamir Damian Munafo, Santosh Ghosh, Balkaran Gill
  • Publication number: 20200257827
    Abstract: Technologies disclosed herein provide cryptographic computing with memory write access in the core. An example method comprises executing a first instruction of a software entity. The first instruction comprises a first operand comprising a certificate for a memory region in memory. Executing the first instruction includes computing encrypted first data based, at least in part, on a cryptographic algorithm and a first data parameter, determining whether the certificate authorizes the software entity to access the memory region of the memory, and based on determining the certificate in the first operand authorizes the software entity to access the memory region, performing a write operation to store the encrypted first data in the memory region. More specific embodiments include performing the write operation without performing a preceding read operation on the memory region, which may be called a write for ownership.
    Type: Application
    Filed: April 29, 2020
    Publication date: August 13, 2020
    Applicant: Intel Corporation
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Patent number: 10741098
    Abstract: One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (LCE), the LCE is optimized and has an associated throughput greater than or equal to a target throughput.
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: August 11, 2020
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Li Zhao, Manoj R. Sastry
  • Publication number: 20200169383
    Abstract: A processor comprises a first register to store an encoded pointer to a memory location. First context information is stored in first bits of the encoded pointer and a slice of a linear address of the memory location is stored in second bits of the encoded pointer. The processor also includes circuitry to execute a memory access instruction to obtain a physical address of the memory location, access encrypted data at the memory location, derive a first tweak based at least in part on the encoded pointer, and generate a keystream based on the first tweak and a key. The circuitry is to further execute the memory access instruction to store state information associated with memory access instruction in a first buffer, and to decrypt the encrypted data based on the keystream. The keystream is to be generated at least partly in parallel with accessing the encrypted data.
    Type: Application
    Filed: January 29, 2020
    Publication date: May 28, 2020
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Anant Vithal Nori, Jayesh Gaur, Sreenivas Subramoney, Karanvir S. Grewal