Patents by Inventor Sergej Deutsch
Sergej Deutsch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12216922Abstract: A processor is to execute a first instruction to perform a simulated return in a program from a callee function to a caller function based on a first input stack pointer encoded with a first security context of a first callee stack frame. To perform the simulated return is to include generating a first simulated stack pointer to the caller stack frame. The processor is further to, in response to identifying an exception handler in the first caller function, execute a second instruction to perform a simulated call based on a second input stack pointer encoded with a second security context of the caller stack frame. To perform the simulated call is to include generating a second simulated stack pointer to a new stack frame containing an encrypted instruction pointer associated with the exception handler. The second simulated stack pointer is to be encoded with a new security context.Type: GrantFiled: September 16, 2022Date of Patent: February 4, 2025Assignee: Intel CorporationInventors: Hans G. Liljestrand, Sergej Deutsch, David M. Durham, Michael LeMay, Karanvir S. Grewal
-
Publication number: 20250004879Abstract: Techniques for error correction with memory safety and compartmentalization are described. In an embodiment, an apparatus includes a processor to provide a first set of data bits and a first tag in connection with a store operation, and an error correcting code (ECC) generation circuit to generate a first set of ECC bits based on a first set of data bits and a first tag.Type: ApplicationFiled: June 30, 2023Publication date: January 2, 2025Applicant: Intel CorporationInventors: David M. Durham, Sergej Deutsch, Salmin Sultana, Karanvir Grewal
-
Publication number: 20240333501Abstract: In a technique of hardware thread isolation, a processor comprises a first core including a first hardware thread register. The core is to select a first key identifier stored in the first hardware thread register in response to receiving a first memory access request associated with a first hardware thread of a process. Memory controller circuitry coupled to the first core is to obtain a first encryption key associated with the first key identifier. The first key identifier may be selected from the first hardware thread register based, at least in part, on a first portion of a pointer of the first memory access request. The first key identifier selected from the first hardware thread register is to be appended to a physical address translated from a linear address at least partially included in the pointer.Type: ApplicationFiled: March 31, 2023Publication date: October 3, 2024Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Salmin Sultana, Karanvir S. Grewal, Sergej Deutsch
-
SECURE ERROR CORRECTING CODE (ECC) TRUST EXECUTION ENVIRONMENT (TEE) CONFIGURATION METADATA ENCODING
Publication number: 20240311234Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.Type: ApplicationFiled: May 29, 2024Publication date: September 19, 2024Applicant: Intel CorporationInventors: David M. Durham, Sergej Deutsch, Karanvir Grewal -
Publication number: 20240289438Abstract: It is provided an apparatus comprising interface circuitry, machine-readable instructions, and processing circuitry to execute the machine-readable instructions. The machine-readable instructions comprise instructions to obtain a read request for reading data from an address in volatile memory. The machine-readable instructions further comprise instructions to determine whether the address in volatile memory is associated with a trusted domain. The machine-readable instructions further comprise instructions to set, if the address is associated with a trusted domain and the read request is obtained from outside the trusted domain, an identification tag for the trusted domain. The machine-readable instructions further comprise instructions to return, for the read request and subsequent read requests for one or more addresses associated with the trusted domain, poisoned data if the flag is set for the trusted domain.Type: ApplicationFiled: May 7, 2024Publication date: August 29, 2024Inventors: Sergej DEUTSCH, David M. DURHAM, Karanvir GREWAL
-
Patent number: 12066888Abstract: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.Type: GrantFiled: September 14, 2022Date of Patent: August 20, 2024Assignee: Intel CorporationInventors: Sergej Deutsch, David M. Durham, Karanvir Grewal, Rajat Agarwal
-
Patent number: 12050701Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.Type: GrantFiled: June 6, 2022Date of Patent: July 30, 2024Assignee: Intel CorporationInventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
-
Secure error correcting code (ECC) trust execution environment (TEE) configuration metadata encoding
Patent number: 12045128Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.Type: GrantFiled: December 28, 2022Date of Patent: July 23, 2024Assignee: Intel CorporationInventors: David M. Durham, Sergej Deutsch, Karanvir Grewal -
SECURE ERROR CORRECTING CODE (ECC) TRUST EXECUTION ENVIRONMENT (TEE) CONFIGURATION METADATA ENCODING
Publication number: 20240220357Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.Type: ApplicationFiled: December 28, 2022Publication date: July 4, 2024Applicant: Intel CorporationInventors: David M. Durham, Sergej Deutsch, Karanvir Grewal -
Patent number: 11995006Abstract: A method comprises generating, for a cacheline, a first tag and a second tag, the first tag and the second tag generated as a function of user data stored and metadata in the cacheline stored in a first memory device, and a multiplication parameter derived from a secret key, storing the user data, the metadata, the first tag and the second tag in the first cacheline of the first memory device; generating, for the cacheline, a third tag and a fourth tag, the third tag and the fourth tag generated as a function of the user data stored and metadata in the cacheline stored in a second memory device, and the multiplication parameter; storing the user data, the metadata, the third tag and the fourth tag in the corresponding cache line of the second memory device; receiving, from a requesting device, a read operation directed to the cacheline; and using the first tag, the second tag, the third tag, and the fourth tag to determine whether a read error occurred during the read operation.Type: GrantFiled: December 22, 2021Date of Patent: May 28, 2024Assignee: Intel CorporationInventors: Sergej Deutsch, Karanvir Grewal, David M. Durham, Rajat Agarwal
-
Patent number: 11972126Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry to be communicatively coupled to a memory circuitry. The processor circuitry is to receive a memory access request corresponding to an application for access to an address range in a memory allocation of the memory circuitry and to locate a metadata region within the memory allocation. The processor circuitry is also to, in response to a determination that the address range includes at least a portion of the metadata region, obtain first metadata stored in the metadata region, use the first metadata to determine an alternate memory address in a relocation region, and read, at the alternate memory address, displaced data from the portion of the metadata region included in the address range of the memory allocation. The address range includes one or more bytes of an expected allocation region of the memory allocation.Type: GrantFiled: September 10, 2021Date of Patent: April 30, 2024Assignee: Intel CorporationInventors: David M. Durham, Michael D. LeMay, Sergej Deutsch, Joydeep Rakshit, Anant Vithal Nori, Jayesh Gaur, Sreenivas Subramoney
-
Patent number: 11954045Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry and integrity circuitry. The processor circuitry is to receive a first request associated with an application to perform a memory access operation for an address range in a memory allocation of memory circuitry. The integrity circuitry is to determine a location of a metadata region within a cacheline that includes at least some of the address range, identify a first portion of the cacheline based at least in part on a first data bounds value stored in the metadata region, generate a first integrity value based on the first portion of the cacheline, and prevent the memory access operation in response to determining that the first integrity value does not correspond to a second integrity value stored in the metadata region.Type: GrantFiled: September 24, 2021Date of Patent: April 9, 2024Assignee: Intel CorporationInventors: David M. Durham, Michael LeMay, Santosh Ghosh, Sergej Deutsch
-
Publication number: 20240053904Abstract: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.Type: ApplicationFiled: September 14, 2022Publication date: February 15, 2024Applicant: Intel CorporationInventors: Sergej Deutsch, David M. Durham, Karanvir Grewal, Rajat Agarwal
-
Publication number: 20230400996Abstract: Some aspects of the present disclosure relate to an apparatus comprising interface circuitry and processor circuitry to write data bits to a memory, by applying a diffusion function on the data bits to calculate diffused data bits, calculating error correcting code (ECC) bits based on the data bits or based on the diffused data bits, applying a diffusion function on the ECC bits to calculate diffused ECC bits, storing the diffused ECC bits in an ECC portion of the memory, and storing the data bits or the diffused data bits in a data portion of the memory.Type: ApplicationFiled: June 13, 2023Publication date: December 14, 2023Inventors: Sergej DEUTSCH, David M. DURHAM, Karanvir GREWAL, Raghunandan MAKARAM, Rajat AGARWAL, Christoph DOBRAUNIG, Krystian MATUSIEWICZ, Santosh GHOSH
-
MESSAGE AUTHENTICATION GALOIS INTEGRITY AND CORRECTION (MAGIC) FOR LIGHTWEIGHT ROW HAMMER MITIGATION
Publication number: 20230402077Abstract: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.Type: ApplicationFiled: December 22, 2022Publication date: December 14, 2023Applicant: Intel CorporationInventors: Sergej Deutsch, Christoph Dobraunig, Rajat Agarwal, David M. Durham, Santosh Ghosh, Karanvir Grewal, Krystian Matusiewicz -
Publication number: 20230393769Abstract: A processor includes a register to store an encoded pointer for a memory address within a first memory allocation of a plurality of memory allocations in a memory region of a memory. The processor further includes circuitry to receive a memory operation request based on the encoded pointer and to obtain a first tag of a plurality of tags stored in a table in the memory. Each memory allocation of the plurality of memory allocations is associated with a respective one of the plurality of tags stored in the table. The circuitry is to further obtain pointer metadata stored in the encoded pointer and to determine whether to perform a memory operation corresponding to the memory operation request based, at least in part, on a determination of whether the first pointer metadata corresponds to the first tag.Type: ApplicationFiled: September 30, 2022Publication date: December 7, 2023Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Sergej Deutsch, Dan Baum
-
Patent number: 11784786Abstract: Technologies disclosed herein provide one example of a processor that includes a register to store a first encoded pointer for a first memory allocation for an application and circuitry coupled to memory. Size metadata is stored in first bits of the first encoded pointer and first memory address data associated with the first memory allocation is stored in second bits of the first encoded pointer. The circuitry is configured to determine a first memory address of a first marker region in the first memory allocation, obtain current data from the first marker region at the first memory address, compare the current data to a reference marker stored separately from the first memory allocation, and determine that the first memory allocation is in a first state in response to a determination that the current data corresponds to the reference marker.Type: GrantFiled: March 26, 2021Date of Patent: October 10, 2023Assignee: Intel CorporationInventors: Sergej Deutsch, David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Michael E. Kounavis
-
Patent number: 11711201Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.Type: GrantFiled: March 26, 2021Date of Patent: July 25, 2023Assignee: Intel CorporationInventors: Andrew James Weiler, David M. Durham, Michael D. LeMay, Sergej Deutsch, Michael E. Kounavis, Salmin Sultana, Karanvir S. Grewal
-
Patent number: 11704297Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.Type: GrantFiled: July 19, 2022Date of Patent: July 18, 2023Assignee: INTEL CORPORATIONInventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
-
Patent number: 11693754Abstract: Embodiments are directed to aggregate GHASH-based message authentication code (MAC) over multiple cachelines with incremental updates. An embodiment of a system includes a controller comprising circuitry, the controller to generate an error correction code for a memory line, the memory line comprising a plurality of first data blocks, generate a metadata block corresponding to the memory line, the metadata block comprising the error correction code for the memory line and at least one metadata bit, generate an aggregate GHASH corresponding to a region of memory comprising a cacheline set comprising at least the memory line, encode the first data blocks and the metadata block, encrypt the aggregate GHASH as an aggregate message authentication code (AMAC), provide the encoded first data blocks and the encoded metadata block for storage on a memory module comprising the memory line, and provide the AMAC for storage on a device separate from the memory module.Type: GrantFiled: March 3, 2022Date of Patent: July 4, 2023Assignee: INTEL CORPORATIONInventors: David M. Durham, Karanvir S. Grewal, Sergej Deutsch, Michael E. Kounavis