Patents by Inventor Sergej Deutsch

Sergej Deutsch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240053904
    Abstract: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.
    Type: Application
    Filed: September 14, 2022
    Publication date: February 15, 2024
    Applicant: Intel Corporation
    Inventors: Sergej Deutsch, David M. Durham, Karanvir Grewal, Rajat Agarwal
  • Publication number: 20230400996
    Abstract: Some aspects of the present disclosure relate to an apparatus comprising interface circuitry and processor circuitry to write data bits to a memory, by applying a diffusion function on the data bits to calculate diffused data bits, calculating error correcting code (ECC) bits based on the data bits or based on the diffused data bits, applying a diffusion function on the ECC bits to calculate diffused ECC bits, storing the diffused ECC bits in an ECC portion of the memory, and storing the data bits or the diffused data bits in a data portion of the memory.
    Type: Application
    Filed: June 13, 2023
    Publication date: December 14, 2023
    Inventors: Sergej DEUTSCH, David M. DURHAM, Karanvir GREWAL, Raghunandan MAKARAM, Rajat AGARWAL, Christoph DOBRAUNIG, Krystian MATUSIEWICZ, Santosh GHOSH
  • Publication number: 20230402077
    Abstract: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.
    Type: Application
    Filed: December 22, 2022
    Publication date: December 14, 2023
    Applicant: Intel Corporation
    Inventors: Sergej Deutsch, Christoph Dobraunig, Rajat Agarwal, David M. Durham, Santosh Ghosh, Karanvir Grewal, Krystian Matusiewicz
  • Publication number: 20230393769
    Abstract: A processor includes a register to store an encoded pointer for a memory address within a first memory allocation of a plurality of memory allocations in a memory region of a memory. The processor further includes circuitry to receive a memory operation request based on the encoded pointer and to obtain a first tag of a plurality of tags stored in a table in the memory. Each memory allocation of the plurality of memory allocations is associated with a respective one of the plurality of tags stored in the table. The circuitry is to further obtain pointer metadata stored in the encoded pointer and to determine whether to perform a memory operation corresponding to the memory operation request based, at least in part, on a determination of whether the first pointer metadata corresponds to the first tag.
    Type: Application
    Filed: September 30, 2022
    Publication date: December 7, 2023
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Sergej Deutsch, Dan Baum
  • Patent number: 11784786
    Abstract: Technologies disclosed herein provide one example of a processor that includes a register to store a first encoded pointer for a first memory allocation for an application and circuitry coupled to memory. Size metadata is stored in first bits of the first encoded pointer and first memory address data associated with the first memory allocation is stored in second bits of the first encoded pointer. The circuitry is configured to determine a first memory address of a first marker region in the first memory allocation, obtain current data from the first marker region at the first memory address, compare the current data to a reference marker stored separately from the first memory allocation, and determine that the first memory allocation is in a first state in response to a determination that the current data corresponds to the reference marker.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Sergej Deutsch, David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Michael E. Kounavis
  • Patent number: 11711201
    Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: July 25, 2023
    Assignee: Intel Corporation
    Inventors: Andrew James Weiler, David M. Durham, Michael D. LeMay, Sergej Deutsch, Michael E. Kounavis, Salmin Sultana, Karanvir S. Grewal
  • Patent number: 11704297
    Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.
    Type: Grant
    Filed: July 19, 2022
    Date of Patent: July 18, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Patent number: 11693754
    Abstract: Embodiments are directed to aggregate GHASH-based message authentication code (MAC) over multiple cachelines with incremental updates. An embodiment of a system includes a controller comprising circuitry, the controller to generate an error correction code for a memory line, the memory line comprising a plurality of first data blocks, generate a metadata block corresponding to the memory line, the metadata block comprising the error correction code for the memory line and at least one metadata bit, generate an aggregate GHASH corresponding to a region of memory comprising a cacheline set comprising at least the memory line, encode the first data blocks and the metadata block, encrypt the aggregate GHASH as an aggregate message authentication code (AMAC), provide the encoded first data blocks and the encoded metadata block for storage on a memory module comprising the memory line, and provide the AMAC for storage on a device separate from the memory module.
    Type: Grant
    Filed: March 3, 2022
    Date of Patent: July 4, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Karanvir S. Grewal, Sergej Deutsch, Michael E. Kounavis
  • Patent number: 11580234
    Abstract: In one embodiment, a processor includes a memory hierarchy and a core coupled to the memory hierarchy. The memory hierarchy stores encrypted data, and the core includes circuitry to access the encrypted data stored in the memory hierarchy, decrypt the encrypted data to yield decrypted data, perform an entropy test on the decrypted data, and update a processor state based on a result of the entropy test. The entropy test may include determining a number of data entities in the decrypted data whose values are equal to one another, determining a number of adjacent data entities in the decrypted data whose values are equal to one another, determining a number of data entities in the decrypted data whose values are equal to at least one special value from a set of special values, or determining a sum of n highest data entity value frequencies.
    Type: Grant
    Filed: December 10, 2019
    Date of Patent: February 14, 2023
    Assignee: Intel Corporation
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, David M. Durham
  • Patent number: 11575504
    Abstract: A processor comprises a first register to store an encoded pointer to a memory location. First context information is stored in first bits of the encoded pointer and a slice of a linear address of the memory location is stored in second bits of the encoded pointer. The processor also includes circuitry to execute a memory access instruction to obtain a physical address of the memory location, access encrypted data at the memory location, derive a first tweak based at least in part on the encoded pointer, and generate a keystream based on the first tweak and a key. The circuitry is to further execute the memory access instruction to store state information associated with memory access instruction in a first buffer, and to decrypt the encrypted data based on the keystream. The keystream is to be generated at least partly in parallel with accessing the encrypted data.
    Type: Grant
    Filed: January 29, 2020
    Date of Patent: February 7, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Anant Vithal Nori, Jayesh Gaur, Sreenivas Subramoney, Karanvir S. Grewal
  • Publication number: 20230027329
    Abstract: A processor, a system, a machine readable medium, and a method.
    Type: Application
    Filed: December 26, 2020
    Publication date: January 26, 2023
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael D. LeMay, Salmin Sultana, Karanvir S. Grewal, Michael E. Kounavis, Sergej Deutsch, Andrew James Weiler, Abhishek Basak, Dan Baum, Santosh Ghosh
  • Publication number: 20230018585
    Abstract: A processor is to execute a first instruction to perform a simulated return in a program from a callee function to a caller function based on a first input stack pointer encoded with a first security context of a first callee stack frame. To perform the simulated return is to include generating a first simulated stack pointer to the caller stack frame. The processor is further to, in response to identifying an exception handler in the first caller function, execute a second instruction to perform a simulated call based on a second input stack pointer encoded with a second security context of the caller stack frame. To perform the simulated call is to include generating a second simulated stack pointer to a new stack frame containing an encrypted instruction pointer associated with the exception handler. The second simulated stack pointer is to be encoded with a new security context.
    Type: Application
    Filed: September 16, 2022
    Publication date: January 19, 2023
    Applicant: Intel Corporation
    Inventors: Hans G. Liljestrand, Sergej Deutsch, David M. Durham, Michael LeMay, Karanvir S. Grewal
  • Patent number: 11531750
    Abstract: Systems, apparatuses and methods may provide for technology that associates a key domain of a plurality of key domains with a customer boot image, receives the customer boot image from the customer, and verifies the integrity of the customer boot image that is to be securely installed at memory locations determined from an untrusted privileged entity (e.g., a virtual machine manager).
    Type: Grant
    Filed: July 23, 2020
    Date of Patent: December 20, 2022
    Assignee: Intel Corporation
    Inventors: David M. Durham, Karanvir S. Grewal, Sergej Deutsch, Michael Lemay
  • Patent number: 11496486
    Abstract: A data processing system includes technology to enable implicit integrity to be used for digital communications. That technology comprises a hardware processor and an implicit integrity engine (IIE) responsive to the processor. For instance, in response to the data processing system receiving a communication that contains a message, the IIE is to automatically analyze the communication to determine whether the message was sent with implicit integrity. If the message was sent with implicit integrity, the IIE is to automatically use a pattern matching algorithm to analyze entropy characteristics of a plaintext version of the message, and to automatically determine whether the message has low entropy, based on results of the pattern matching algorithm and a predetermined entropy threshold. If the message does not have low entropy, the IIE is to automatically determine that the message has been corrupted. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 13, 2021
    Date of Patent: November 8, 2022
    Assignee: Intel Corporation
    Inventors: Michael Kounavis, Amitabh Das, Sergej Deutsch, Karanvir S. Grewal, David M. Durham
  • Publication number: 20220350785
    Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.
    Type: Application
    Filed: July 19, 2022
    Publication date: November 3, 2022
    Applicant: Intel Corporation
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Publication number: 20220343029
    Abstract: Technologies provide domain isolation using encoded pointers to data and code. A system may be configured for decoding an encoded pointer to obtain a linear address of an encrypted code block of a first software component in memory. The first software component shares a linear address space of the memory with a plurality of software components. A processor uses the linear address to access the encrypted code block, determines a relative position of the encrypted code block within a memory slot of the linear address space, and decrypts the encrypted code block to generate a decrypted code block using a code key and a code tweak. The code tweak includes a relative position of the encrypted code block in the address space and domain metadata that uniquely identifies the software component. In some scenarios, the software component may be position independent code and may be relocatable to different address spaces.
    Type: Application
    Filed: June 30, 2022
    Publication date: October 27, 2022
    Applicant: Intel Corporation
    Inventors: Salmin Sultana, Michael LeMay, David M. Durham, Karanvir S. Grewal, Sergej Deutsch
  • Publication number: 20220335140
    Abstract: Techniques for cryptographic computing isolation are described. A processor includes circuitry to be coupled to memory configured to store one or more instructions. The circuitry is to execute the one or more instructions to instantiate a first process based on an application. To instantiate the first process is to include creating a context table to be used by the first process, identifying a software component to be invoked during the first process, encrypting the software component using a first cryptographic key, and creating a first entry in the context table. The first entry is to include first context information identifying the encrypted software component and second context information representing the first cryptographic key. In more specific embodiments, third context information representing a first load address of the encrypted software component is stored in the first entry of the context table.
    Type: Application
    Filed: June 30, 2022
    Publication date: October 20, 2022
    Applicant: Intel Corporation
    Inventors: Salmin Sultana, David M. Durham, Michael LeMay, Karanvir S. Grewal, Sergej Deutsch
  • Patent number: 11469902
    Abstract: The present disclosure is directed to systems and methods for the secure transmission of plaintext data blocks encrypted using a NIST standard encryption to provide a plurality of ciphertext data blocks, and using the ciphertext data blocks to generate a Galois multiplication-based authentication tag and parity information that is communicated in parallel with the ciphertext blocks and provides a mechanism for error detection, location and correction for a single ciphertext data block or a plurality of ciphertext data blocks included on a storage device. The systems and methods include encrypting a plurality of plaintext blocks to provide a plurality of ciphertext blocks. The systems and methods include generating a Galois Message Authentication Code (GMAC) authentication tag and parity information using the ciphertext blocks.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: October 11, 2022
    Assignee: Intel Corporation
    Inventors: Michael Kounavis, Sergej Deutsch, David Durham, Karanvir Grewal
  • Publication number: 20220300626
    Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.
    Type: Application
    Filed: June 6, 2022
    Publication date: September 22, 2022
    Applicant: Intel Corporation
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Patent number: 11429580
    Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to compute a plurality of hash functions that combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein each of the plurality of hash functions differs in one of the additions, the bit-level reordering, the wide substitutions, or the bit-linear mixing; and access a hash table utilizing results of the plurality of hash functions.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: August 30, 2022
    Assignee: INTEL CORPORATION
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham