Patents by Inventor Sergej Deutsch

Sergej Deutsch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12216922
    Abstract: A processor is to execute a first instruction to perform a simulated return in a program from a callee function to a caller function based on a first input stack pointer encoded with a first security context of a first callee stack frame. To perform the simulated return is to include generating a first simulated stack pointer to the caller stack frame. The processor is further to, in response to identifying an exception handler in the first caller function, execute a second instruction to perform a simulated call based on a second input stack pointer encoded with a second security context of the caller stack frame. To perform the simulated call is to include generating a second simulated stack pointer to a new stack frame containing an encrypted instruction pointer associated with the exception handler. The second simulated stack pointer is to be encoded with a new security context.
    Type: Grant
    Filed: September 16, 2022
    Date of Patent: February 4, 2025
    Assignee: Intel Corporation
    Inventors: Hans G. Liljestrand, Sergej Deutsch, David M. Durham, Michael LeMay, Karanvir S. Grewal
  • Publication number: 20250004879
    Abstract: Techniques for error correction with memory safety and compartmentalization are described. In an embodiment, an apparatus includes a processor to provide a first set of data bits and a first tag in connection with a store operation, and an error correcting code (ECC) generation circuit to generate a first set of ECC bits based on a first set of data bits and a first tag.
    Type: Application
    Filed: June 30, 2023
    Publication date: January 2, 2025
    Applicant: Intel Corporation
    Inventors: David M. Durham, Sergej Deutsch, Salmin Sultana, Karanvir Grewal
  • Publication number: 20240333501
    Abstract: In a technique of hardware thread isolation, a processor comprises a first core including a first hardware thread register. The core is to select a first key identifier stored in the first hardware thread register in response to receiving a first memory access request associated with a first hardware thread of a process. Memory controller circuitry coupled to the first core is to obtain a first encryption key associated with the first key identifier. The first key identifier may be selected from the first hardware thread register based, at least in part, on a first portion of a pointer of the first memory access request. The first key identifier selected from the first hardware thread register is to be appended to a physical address translated from a linear address at least partially included in the pointer.
    Type: Application
    Filed: March 31, 2023
    Publication date: October 3, 2024
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Salmin Sultana, Karanvir S. Grewal, Sergej Deutsch
  • Publication number: 20240311234
    Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.
    Type: Application
    Filed: May 29, 2024
    Publication date: September 19, 2024
    Applicant: Intel Corporation
    Inventors: David M. Durham, Sergej Deutsch, Karanvir Grewal
  • Publication number: 20240289438
    Abstract: It is provided an apparatus comprising interface circuitry, machine-readable instructions, and processing circuitry to execute the machine-readable instructions. The machine-readable instructions comprise instructions to obtain a read request for reading data from an address in volatile memory. The machine-readable instructions further comprise instructions to determine whether the address in volatile memory is associated with a trusted domain. The machine-readable instructions further comprise instructions to set, if the address is associated with a trusted domain and the read request is obtained from outside the trusted domain, an identification tag for the trusted domain. The machine-readable instructions further comprise instructions to return, for the read request and subsequent read requests for one or more addresses associated with the trusted domain, poisoned data if the flag is set for the trusted domain.
    Type: Application
    Filed: May 7, 2024
    Publication date: August 29, 2024
    Inventors: Sergej DEUTSCH, David M. DURHAM, Karanvir GREWAL
  • Patent number: 12066888
    Abstract: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.
    Type: Grant
    Filed: September 14, 2022
    Date of Patent: August 20, 2024
    Assignee: Intel Corporation
    Inventors: Sergej Deutsch, David M. Durham, Karanvir Grewal, Rajat Agarwal
  • Patent number: 12050701
    Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.
    Type: Grant
    Filed: June 6, 2022
    Date of Patent: July 30, 2024
    Assignee: Intel Corporation
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Patent number: 12045128
    Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.
    Type: Grant
    Filed: December 28, 2022
    Date of Patent: July 23, 2024
    Assignee: Intel Corporation
    Inventors: David M. Durham, Sergej Deutsch, Karanvir Grewal
  • Publication number: 20240220357
    Abstract: The technology disclosed herein includes a memory to store a plurality of pages, a page of the plurality of pages configured as one of a trusted execution environment (TEE) configuration and a non-TEE configuration, and a memory controller to attempt to access the page using a memory address and the TEE configuration and generate a first error correcting code (ECC); and when data for the first ECC is at least one of correct and correctable by ECC for the attempt to access the page using the TEE configuration, attempt to access the page using the memory address and the non-TEE configuration and generate a second ECC, and when data the second ECC is at least one of correct and correctable by ECC for the attempt to access the page using the non-TEE configuration, store the memory address as an unknown cacheline address.
    Type: Application
    Filed: December 28, 2022
    Publication date: July 4, 2024
    Applicant: Intel Corporation
    Inventors: David M. Durham, Sergej Deutsch, Karanvir Grewal
  • Patent number: 11995006
    Abstract: A method comprises generating, for a cacheline, a first tag and a second tag, the first tag and the second tag generated as a function of user data stored and metadata in the cacheline stored in a first memory device, and a multiplication parameter derived from a secret key, storing the user data, the metadata, the first tag and the second tag in the first cacheline of the first memory device; generating, for the cacheline, a third tag and a fourth tag, the third tag and the fourth tag generated as a function of the user data stored and metadata in the cacheline stored in a second memory device, and the multiplication parameter; storing the user data, the metadata, the third tag and the fourth tag in the corresponding cache line of the second memory device; receiving, from a requesting device, a read operation directed to the cacheline; and using the first tag, the second tag, the third tag, and the fourth tag to determine whether a read error occurred during the read operation.
    Type: Grant
    Filed: December 22, 2021
    Date of Patent: May 28, 2024
    Assignee: Intel Corporation
    Inventors: Sergej Deutsch, Karanvir Grewal, David M. Durham, Rajat Agarwal
  • Patent number: 11972126
    Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry to be communicatively coupled to a memory circuitry. The processor circuitry is to receive a memory access request corresponding to an application for access to an address range in a memory allocation of the memory circuitry and to locate a metadata region within the memory allocation. The processor circuitry is also to, in response to a determination that the address range includes at least a portion of the metadata region, obtain first metadata stored in the metadata region, use the first metadata to determine an alternate memory address in a relocation region, and read, at the alternate memory address, displaced data from the portion of the metadata region included in the address range of the memory allocation. The address range includes one or more bytes of an expected allocation region of the memory allocation.
    Type: Grant
    Filed: September 10, 2021
    Date of Patent: April 30, 2024
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael D. LeMay, Sergej Deutsch, Joydeep Rakshit, Anant Vithal Nori, Jayesh Gaur, Sreenivas Subramoney
  • Patent number: 11954045
    Abstract: Technologies disclosed herein provide one example of a system that includes processor circuitry and integrity circuitry. The processor circuitry is to receive a first request associated with an application to perform a memory access operation for an address range in a memory allocation of memory circuitry. The integrity circuitry is to determine a location of a metadata region within a cacheline that includes at least some of the address range, identify a first portion of the cacheline based at least in part on a first data bounds value stored in the metadata region, generate a first integrity value based on the first portion of the cacheline, and prevent the memory access operation in response to determining that the first integrity value does not correspond to a second integrity value stored in the metadata region.
    Type: Grant
    Filed: September 24, 2021
    Date of Patent: April 9, 2024
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Santosh Ghosh, Sergej Deutsch
  • Publication number: 20240053904
    Abstract: The technology disclosed herein comprises a processor; a memory to store data and a plurality of error correcting code (ECC) bits associated with the data; and a memory controller coupled to the memory, the memory controller to receive a write request from the processor and, when an access control field is selected in the write request, perform an exclusive OR (XOR) operation on the plurality of ECC bits and a fixed encoding pattern to generate a plurality of encoded ECC bits and store the data and the plurality of encoded ECC bits in the memory.
    Type: Application
    Filed: September 14, 2022
    Publication date: February 15, 2024
    Applicant: Intel Corporation
    Inventors: Sergej Deutsch, David M. Durham, Karanvir Grewal, Rajat Agarwal
  • Publication number: 20230400996
    Abstract: Some aspects of the present disclosure relate to an apparatus comprising interface circuitry and processor circuitry to write data bits to a memory, by applying a diffusion function on the data bits to calculate diffused data bits, calculating error correcting code (ECC) bits based on the data bits or based on the diffused data bits, applying a diffusion function on the ECC bits to calculate diffused ECC bits, storing the diffused ECC bits in an ECC portion of the memory, and storing the data bits or the diffused data bits in a data portion of the memory.
    Type: Application
    Filed: June 13, 2023
    Publication date: December 14, 2023
    Inventors: Sergej DEUTSCH, David M. DURHAM, Karanvir GREWAL, Raghunandan MAKARAM, Rajat AGARWAL, Christoph DOBRAUNIG, Krystian MATUSIEWICZ, Santosh GHOSH
  • Publication number: 20230402077
    Abstract: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.
    Type: Application
    Filed: December 22, 2022
    Publication date: December 14, 2023
    Applicant: Intel Corporation
    Inventors: Sergej Deutsch, Christoph Dobraunig, Rajat Agarwal, David M. Durham, Santosh Ghosh, Karanvir Grewal, Krystian Matusiewicz
  • Publication number: 20230393769
    Abstract: A processor includes a register to store an encoded pointer for a memory address within a first memory allocation of a plurality of memory allocations in a memory region of a memory. The processor further includes circuitry to receive a memory operation request based on the encoded pointer and to obtain a first tag of a plurality of tags stored in a table in the memory. Each memory allocation of the plurality of memory allocations is associated with a respective one of the plurality of tags stored in the table. The circuitry is to further obtain pointer metadata stored in the encoded pointer and to determine whether to perform a memory operation corresponding to the memory operation request based, at least in part, on a determination of whether the first pointer metadata corresponds to the first tag.
    Type: Application
    Filed: September 30, 2022
    Publication date: December 7, 2023
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Sergej Deutsch, Dan Baum
  • Patent number: 11784786
    Abstract: Technologies disclosed herein provide one example of a processor that includes a register to store a first encoded pointer for a first memory allocation for an application and circuitry coupled to memory. Size metadata is stored in first bits of the first encoded pointer and first memory address data associated with the first memory allocation is stored in second bits of the first encoded pointer. The circuitry is configured to determine a first memory address of a first marker region in the first memory allocation, obtain current data from the first marker region at the first memory address, compare the current data to a reference marker stored separately from the first memory allocation, and determine that the first memory allocation is in a first state in response to a determination that the current data corresponds to the reference marker.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Sergej Deutsch, David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Michael E. Kounavis
  • Patent number: 11711201
    Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: July 25, 2023
    Assignee: Intel Corporation
    Inventors: Andrew James Weiler, David M. Durham, Michael D. LeMay, Sergej Deutsch, Michael E. Kounavis, Salmin Sultana, Karanvir S. Grewal
  • Patent number: 11704297
    Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.
    Type: Grant
    Filed: July 19, 2022
    Date of Patent: July 18, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Patent number: 11693754
    Abstract: Embodiments are directed to aggregate GHASH-based message authentication code (MAC) over multiple cachelines with incremental updates. An embodiment of a system includes a controller comprising circuitry, the controller to generate an error correction code for a memory line, the memory line comprising a plurality of first data blocks, generate a metadata block corresponding to the memory line, the metadata block comprising the error correction code for the memory line and at least one metadata bit, generate an aggregate GHASH corresponding to a region of memory comprising a cacheline set comprising at least the memory line, encode the first data blocks and the metadata block, encrypt the aggregate GHASH as an aggregate message authentication code (AMAC), provide the encoded first data blocks and the encoded metadata block for storage on a memory module comprising the memory line, and provide the AMAC for storage on a device separate from the memory module.
    Type: Grant
    Filed: March 3, 2022
    Date of Patent: July 4, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Karanvir S. Grewal, Sergej Deutsch, Michael E. Kounavis