Patents by Inventor Santosh Ghosh
Santosh Ghosh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190319800Abstract: In one example an apparatus comprises accelerator logic to pre-compute at least a portion of a message representative, hash logic to generate the message representative based on an input message, and signature logic to generate a signature to be transmitted in association with the message representative, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and determine whether the message representative satisfies a target threshold allocation of computational costs between a cost to generate the signature and a cost to verify the signature. Other examples may be described.Type: ApplicationFiled: June 28, 2019Publication date: October 17, 2019Applicant: Intel CorporationInventors: RAFAEL MISOCZKI, VIKRAM SURESH, DAVID WHEELER, SANTOSH GHOSH, MANOJJ SASTRY
-
Publication number: 20190319804Abstract: A mechanism is described for facilitating unified accelerator for classical and post-quantum digital signature schemes in computing environments, according to one embodiment. A method of embodiments, as described herein, includes unifying classical cryptography and post-quantum cryptography through a unified hardware accelerator hosted by a trusted platform of the computing device. The method may further include facilitating unification of a first finite state machine associated with the classical cryptography and a second finite state machine associated with the post-quantum cryptography though one or more of a single the hash engine, a set of register file banks, and a modular exponentiation engine.Type: ApplicationFiled: June 28, 2019Publication date: October 17, 2019Applicant: Intel CorporationInventors: SANU MATHEW, MANOJ SASTRY, SANTOSH GHOSH, VIKRAM SURESH, ANDREW H. REINDERS, RAGHAVAN KUMAR, RAFAEL MISOCZKI
-
Publication number: 20190319799Abstract: In one example an apparatus comprises a computer readable memory, a signature logic to generate a signature to be transmitted in association with a message, the signature logic to apply a hash-based signature scheme to the message using a private key to generate the signature comprising a public key, or a verification logic to verify a signature received in association with the message, the verification logic to apply the hash-based signature scheme to verify the signature using the public key, and an accelerator logic to apply a structured order to at least one set of inputs to the hash-based signature scheme. Other examples may be described.Type: ApplicationFiled: June 28, 2019Publication date: October 17, 2019Applicant: Intel CorporationInventors: Vikram Suresh, Sanu Mathew, Manoj Sastry, Santosh Ghosh, Raghavan Kumar, Rafael Misoczki
-
Publication number: 20190319787Abstract: In one example an apparatus comprises an unsatisfied parity check (UPC) memory, an unsatisfied parity check (UPC) compute block communicatively coupled to the UPC memory, a first error memory communicatively coupled to the UPC compute block, a polynomial multiplication syndrome memory, a polynomial multiplication compute block communicatively coupled to the polynomial multiplication syndrome memory, a second error memory communicatively coupled to the polynomial multiplication compute block, a codeword memory communicatively coupled to the UPC compute block and the polynomial multiplication compute block, a multiplexer communicatively coupled to first error memory and to the polynomial multiplication compute block, and a controller communicatively coupled to the UPC memory, the polynomial multiplication syndrome memory, the codeword memory, and the multiplexer. Other examples may be described.Type: ApplicationFiled: June 28, 2019Publication date: October 17, 2019Applicant: Intel CorporationInventors: ANDREW H. REINDERS, Santosh Ghosh, Manoj Sastry, Rafael Misoczki
-
Patent number: 10404468Abstract: Technologies for counter with CBC-MAC (CCM) mode encryption include a computing device that performs a CBC-MAC authentication operation on a message with an encryption key, using a 64-bit block cipher to generate a message authentication code. The computing device generates a first 64-bit authentication block including an 8-bit flag field and a length field of between 11 and 32 bits. The flag field indicates the length of the length field. Performing the CBC-MAC authentication operation includes formatting the message into one or more 64-bit authentication blocks. The computing device performs a counter mode encryption operation on the message with the encryption key using the 64-bit block cipher to generate a cipher text. Performing the counter mode encryption includes generating multiple 64-bit keystream blocks. The computing device generates an authentication tag based on the message authentication code and a first keystream block of keystream blocks. Other embodiments are described and claimed.Type: GrantFiled: November 15, 2016Date of Patent: September 3, 2019Assignee: Intel CorporationInventors: Santosh Ghosh, Manoj R. Sastry, Jesse Walker, Li Zhao, Rafael Misoczki
-
Patent number: 10404459Abstract: Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads a datapath selector signal that indicates a 256-bit data width or a 384-bit data width. The ECC engine reads one or more parameters having a data width indicated by the datapath selector signal from a data port. The ECC engine reads an opcode from an instruction port that identifies an ECC operation such as an elliptic curve operation or a prime field arithmetic operation. The ECC engine performs the operation with the data width identified by the datapath selector. The ECC engine writes results data having the data width identified by the datapath selector to one or more output ports. The ECC engine may perform the elliptic curve operation with a specified side-channel protection level. The computing device may include a cryptography driver to control the ECC engine. Other embodiments are described and claimed.Type: GrantFiled: February 9, 2017Date of Patent: September 3, 2019Assignee: Intel CorporationInventors: Santosh Ghosh, Manoj R. Sastry
-
Publication number: 20190260772Abstract: Various systems and methods for bus-off attack detection are described herein. An electronic device for bus-off attack detection and prevention includes bus-off prevention circuitry coupled to a protected node on a bus, the bus-off prevention circuitry to: detect a transmitted message from the protected node to the bus; detect a bit mismatch of the transmitted message on the bus; suspend further transmissions from the protected node while the bus is analyzed; determine whether the bit mismatch represents a bus fault or an active attack against the protected node; and signal the protected node indicating whether a fault has occurred.Type: ApplicationFiled: May 3, 2019Publication date: August 22, 2019Inventors: Marcio Rogerio Juliato, Shabbir Ahmed, Santosh Ghosh, Christopher Gutierrez, Manoj R. Sastry
-
Publication number: 20190229901Abstract: Methods, systems, and apparatuses associated with hardware mechanisms for link encryption are disclosed. In various embodiments, an interconnect interface is coupled to a processor core to interconnect a peripheral device to the processor core via a link established between the peripheral device and the interconnect interface. The interconnect interface is to select a cryptographic engine of a plurality of cryptographic engines instantiated in the interconnect interface for the link. The cryptographic engine is to symmetrically encrypt data to be transmitted through the link. In more specific embodiments, each of the plurality of cryptographic engines is instantiated for one of a request type on the link, a virtual channel on the link, or a request type within a virtual channel on the link.Type: ApplicationFiled: March 28, 2019Publication date: July 25, 2019Applicant: Intel CorporationInventors: Reouven Elbaz, Hooi Kar Loo, Poh Thiam Teoh, Su Wei Lim, Patrick D. Maloney, Santosh Ghosh
-
Patent number: 10355891Abstract: Embodiments may include systems and methods for authenticating a message between a transmitter and a receiver. An apparatus for communication may include a transmitter to transmit a message to a receiver via a physical channel coupling the transmitter and the receiver. The message may be transmitted via a plurality of transmission voltage levels varied from a plurality of nominal voltage levels on the physical channel. The transmitter may include a voltage generator to generate the plurality of transmission voltage levels varied in accordance with a sequence of voltage variations from the plurality of nominal voltage levels for the message. The sequence of voltage variations may serve to authenticate the message between the transmitter and the receiver. Other embodiments may be described and/or claimed.Type: GrantFiled: September 29, 2017Date of Patent: July 16, 2019Assignee: Intel CorporationInventors: Marcio Juliato, Li Zhao, Ahmed Shabbir, Manoj R. Sastry, Santosh Ghosh, Rafael Misoczki
-
Patent number: 10348495Abstract: Apparatuses and methods associated with configurable crypto hardware engine are disclosed herein. In embodiments, an apparatus for signing or verifying a message may comprise: a hardware hashing computation block to perform hashing computations; a hardware hash chain computation block to perform successive hash chain computations; a hardware private key generator to generate private keys; and a hardware public key generator to generate public keys, including signature generations and signature verifications. The hardware hashing computation block, the hardware hash chain computation block, the hardware private key generator, and the hardware public key generator may be coupled to each other and selectively cooperate with each other to perform private key generation, public key generation, signature generation or signature verification at different points in time. Other embodiments may be disclosed or claimed.Type: GrantFiled: February 23, 2017Date of Patent: July 9, 2019Assignee: Intel CorporationInventors: Santosh Ghosh, Rafael Misoczki, Manoj R. Sastry, Li Zhao
-
Patent number: 10341116Abstract: An attestation protocol between a prover device (P), a verifier device (V), and a trusted third-party device (TTP). P and TTP have a first trust relationship represented by a first cryptographic representation based on a one-or-few-times, hash-based, signature key. V sends an attestation request to P, with the attestation request including a second cryptographic representation of a second trust relationship between V and TTP. In response to the attestation request, P sends a validation request to TTP, with the validation request being based on a cryptographic association of the first trust relationship and the second trust relationship. TTP provides a validation response including a cryptographic representation of verification of validity of the first trust relationship and the second trust relationship. P sends an attestation response to V based on the validation response.Type: GrantFiled: December 28, 2016Date of Patent: July 2, 2019Assignee: Intel CorporationInventors: Xiruo Liu, Rafael Misoczki, Manoj R Sastry, Santosh Ghosh, Li Zhao
-
Patent number: 10326587Abstract: A cryptography accelerator system includes a direct memory access (DMA) controller circuit to read and write data directly to and from memory circuits and an on-the-fly hashing circuit to hash data read from a first memory circuit on-the-fly before writing the read data to a second memory circuit. The hashing circuit performs at least one of integrity protection and firmware/software (FW/SW) verification of the data prior to writing the data to the second memory circuit. The on-the-fly hashing circuit includes a bit repositioning circuit to designate an order of bits of a binary word in a register from a most significant bit (MSB) to a least significant bit (LSB) for performing computations without rotating bits in the register, and an on-the-fly round constant generator circuit to generate a round constant from a counter.Type: GrantFiled: December 28, 2016Date of Patent: June 18, 2019Assignee: Intel CorporationInventors: Santosh Ghosh, Li Zhao, Rafael Misoczki, Manoj R Sastry
-
Patent number: 10313130Abstract: One embodiment provides a signer device. The signer device includes hash signature control logic and signer signature logic. The hash signature control logic is to retrieve a first nonce, to concatenate the first nonce and a message to be transmitted and to determine whether a first message representative satisfies a target threshold. The signer signature logic is to generate a first transmitted signature based, at least in part, on the first message representative, if the first message representative satisfies the target threshold. The hash signature control logic is to retrieve a second nonce, concatenate the second nonce and the message to be transmitted and to determine whether a second message representative satisfies the target threshold, if the first message representative does not satisfy the target threshold.Type: GrantFiled: September 27, 2016Date of Patent: June 4, 2019Assignee: Intel CorporationInventors: Rafael Misoczki, Steffen Schulz, Manoj R. Sastry, Santosh Ghosh, Li Zhao
-
Publication number: 20190132118Abstract: Technologies for secure data transfer include a computing device having a processor, an accelerator, and a security engine, such as a direct memory access (DMA) engine or a memory-mapped I/O (MMIO) engine. The computing device initializes the security engine with an initialization vector and a secret key. During initialization, the security engine pre-fills block cipher pipelines and pre-computes hash subkeys. After initialization, the processor initiates a data transfer, such as a DMA transaction or an MMIO request, between the processor and the accelerator. The security engine performs an authenticated cryptographic operation for the data transfer operation. The authenticated cryptographic operation may be AES-GCM authenticated encryption or authenticated decryption. The security engine may perform encryption or decryption using multiple block cipher pipelines. The security engine may calculate an authentication tag using multiple Galois field multipliers. Other embodiments are described and claimed.Type: ApplicationFiled: December 26, 2018Publication date: May 2, 2019Inventors: Santosh Ghosh, Luis S. Kida Kida, Reshma Lal
-
Publication number: 20190108109Abstract: A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults.Type: ApplicationFiled: November 26, 2018Publication date: April 11, 2019Inventors: Santosh Ghosh, Marcio Juliato, Manoj R. Sastry
-
Publication number: 20190104001Abstract: Embodiments may include systems and methods for authenticating a message between a transmitter and a receiver. An apparatus for communication may include a transmitter to transmit a message to a receiver via a physical channel coupling the transmitter and the receiver. The message may be transmitted via a plurality of transmission voltage levels varied from a plurality of nominal voltage levels on the physical channel. The transmitter may include a voltage generator to generate the plurality of transmission voltage levels varied in accordance with a sequence of voltage variations from the plurality of nominal voltage levels for the message. The sequence of voltage variations may serve to authenticate the message between the transmitter and the receiver. Other embodiments may be described and/or claimed.Type: ApplicationFiled: September 29, 2017Publication date: April 4, 2019Inventors: Marcio Juliato, Li Zhao, Ahmed Shabbir, Manoj R. Sastry, Santosh Ghosh, Rafael Misoczki
-
Publication number: 20190052654Abstract: A data processing system that provides for active prevention of masquerading attacks comprises a microcontroller, a transceiver, and an active attack prevention module (AAPM) in communication with the microcontroller and the transceiver. The microcontroller enables the data processing system to operate as a node in a vehicle control system (VCS). The transceiver enables the node to communicate with a local area network (LAN) of the VCS. The AAPM enables the node to monitor the LAN for messages. In response to detecting a message on the LAN, the AAPM automatically determines whether the message falsely identifies the node as a source, based on a value in an identifier field in the message. In response to determining that the message falsely identifies the node as the source, the AAPM automatically takes at least one remedial action to neutralize the message. Other embodiments are described and claimed.Type: ApplicationFiled: July 3, 2018Publication date: February 14, 2019Inventors: Marcio Juliato, Shabbir Ahmed, Santosh Ghosh, Manoj R. Sastry
-
Publication number: 20190044732Abstract: A technique includes generating a direct anonymous attestation (DAA)-based signature to prove an electronic device is a member of a group. Generating the signature includes determining a reciprocal of a prime modulus, and determining the reciprocal of the prime modulus comprises left bit shifting a Barrett multiplier by a predetermined number of bits and multiplying a result of the left bit shifting of the Barrett multiplier with the prime modulus.Type: ApplicationFiled: December 28, 2017Publication date: February 7, 2019Inventors: Andrew Reinders, Manoj Sastry, Santosh Ghosh, Rafael Misoczki
-
Publication number: 20190044718Abstract: In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.Type: ApplicationFiled: May 17, 2018Publication date: February 7, 2019Inventors: Santosh Ghosh, Andrew H. Reinders, Sudhir K. Satpathy, Manoj R. Sastry
-
Publication number: 20190042475Abstract: The disclosed embodiments generally relate to methods, systems and apparatuses to authenticate instructions on a memory circuitry. In an exemplary embodiment, the disclosure relates to a computing device (e.g., a memory protection engine) to protect integrity of one or more memory circuitry.Type: ApplicationFiled: June 28, 2018Publication date: February 7, 2019Applicant: Intel CorporationInventors: Santosh Ghosh, Kirk Yap, Siddhartha Chhabra