Patents by Inventor Sham M. Datta
Sham M. Datta has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11354415Abstract: Technologies disclosed herein provide mitigations against warm boot attacks on memory modules. For instance, in one embodiment, a non-volatile dual in-line memory module (NVDIMM) in a host computing system may detect a transition from a low-power state to a full-power state, receive a nonce value from a processor of the host computing system after the transition, verify the nonce value, and allow access to data stored on the NVDIMM based on successful verification of the nonce value. In another embodiment, an NVDIMM may be locked in response to detecting a transition from a high-power state to a low-power state in a host computing system. After a transition from the low-power state to the full-power state, the NVDIMM may obtain one or more passphrases, verify the one or more passphrases, and allow access to data stored on the NVDIMM based on successful verification of the one or more passphrases.Type: GrantFiled: June 29, 2019Date of Patent: June 7, 2022Assignee: Intel CorporationInventors: Anna Trikalinou, Daniel S. Lake, Sham M. Datta, Asher M. Altman, John K. Grooms
-
Publication number: 20190325142Abstract: Technologies disclosed herein provide mitigations against warm boot attacks on memory modules. For instance, in one embodiment, a non-volatile dual in-line memory module (NVDIMM) in a host computing system may detect a transition from a low-power state to a full-power state, receive a nonce value from a processor of the host computing system after the transition, verify the nonce value, and allow access to data stored on the NVDIMM based on successful verification of the nonce value. In another embodiment, an NVDIMM may be locked in response to detecting a transition from a high-power state to a low-power state in a host computing system. After a transition from the low-power state to the full-power state, the NVDIMM may obtain one or more passphrases, verify the one or more passphrases, and allow access to data stored on the NVDIMM based on successful verification of the one or more passphrases.Type: ApplicationFiled: June 29, 2019Publication date: October 24, 2019Applicant: Intel CorporationInventors: Anna Trikalinou, Daniel S. Lake, Sham M. Datta, Asher M. Altman, John K. Grooms
-
Patent number: 9208292Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.Type: GrantFiled: March 15, 2013Date of Patent: December 8, 2015Assignee: Intel CorporationInventors: Sham M. Datta, Ernie F. Brickell, Mohan J. Kumar
-
Patent number: 9202015Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.Type: GrantFiled: December 31, 2009Date of Patent: December 1, 2015Assignee: Intel CorporationInventors: Sham M. Datta, Ernie F. Brickell, Mohan J. Kumar
-
Patent number: 8683191Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.Type: GrantFiled: October 31, 2012Date of Patent: March 25, 2014Assignee: Intel CorporationInventors: Sham M. Datta, Mohan J. Kumar, Ernie Brickell, Ioannis T. Schoinas, James A. Sutton
-
Patent number: 8521969Abstract: In an embodiment, memory access requests for information stored within a system memory pass through an integrated circuit. The system memory may include a micro-architectural memory region to store instructions and/or data, where the micro-architectural memory region is to be exclusively accessible by a micro-architectural agent The integrated circuit may include memory access director to direct memory access requests to the micro-architectural memory region if the memory access director determines that the memory access request includes a location within the at least one micro-architectural memory region and the micro-architectural agent is operating in a micro-architectural memory region access mode.Type: GrantFiled: October 11, 2006Date of Patent: August 27, 2013Assignee: Intel CorporationInventors: Martin G. Dixon, Scott D. Rodgers, James P. Held, Bill Alexander, Larry O. Smith, Scott H. Robinson, Sham M. Datta
-
Publication number: 20130212673Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.Type: ApplicationFiled: March 15, 2013Publication date: August 15, 2013Inventors: Sham M. Datta, Ernie F. Brickell, Mohan J. Kumar
-
Patent number: 8473945Abstract: Apparatuses, methods, and systems for enabling system management mode in a secure system are disclosed. In one embodiment, a processor includes sub-operating-system mode logic, virtual machine logic, and control logic. The sub-operating-system mode logic is to support a sub-operating-system mode. The virtual machine logic is to support virtualization. The control logic is to prevent virtualization from being enabled when the sub-operating-system mode is disabled.Type: GrantFiled: December 31, 2007Date of Patent: June 25, 2013Assignee: Intel CorporationInventors: Sham M. Datta, Mohan J. Kumar, Maheeh Natu
-
Publication number: 20130103938Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.Type: ApplicationFiled: October 31, 2012Publication date: April 25, 2013Inventors: Sham M. Datta, Mohan J. Kumar, Ernie Brickell, Ioannis T. Schoinas, James A. Sutton
-
Patent number: 8423682Abstract: Apparatus and systems, as well as methods and articles, may operate to detect an input/output access operation associated with a configuration memory address and a first memory address bit size. The configuration memory address and associated configuration data may be combined into a packet having a second memory address bit size (e.g., 64 bits) greater than the first memory address bit size (e.g., 32 bits). The packet may be used to establish compatibility for legacy operating systems that attempt to communicate with peripheral component interconnect (PCI) interface-based peripherals, and similar platform devices, that have been integrated into the same package as the processor.Type: GrantFiled: December 30, 2005Date of Patent: April 16, 2013Assignee: Intel CorporationInventors: Sham M. Datta, Robert Greiner, Frank Binns, Keshavan Tiruvallur, Rajesh Parthasarathy, Madhavan Parthasarathy
-
Patent number: 8316414Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.Type: GrantFiled: December 29, 2006Date of Patent: November 20, 2012Assignee: Intel CorporationInventors: Sham M. Datta, Mohan J. Kumar, James A. Sutton, Ernie Brickell, Ioannis T. Schoinas
-
Publication number: 20110161676Abstract: Systems, apparatuses, and methods, and for entering a secured system environment using multiple authenticated code modules are disclosed. In one embodiment, a processor includes a decoder and control logic. The decoder is to decode a secured enter instruction. The control logic is to find an entry corresponding to the processor in a match table in a master authenticated code module and to read a master header and an individual authenticated code module from the master authenticated code module in response to decoding the secured enter instruction.Type: ApplicationFiled: December 31, 2009Publication date: June 30, 2011Inventors: Sham M. Datta, Ernie F. Brickell, Mohan J. Kumar
-
Patent number: 7971048Abstract: Embodiments of the invention provide systems and methods associated with a measurement engine in a server platform. In one such embodiment of the invention, the measurement engine hardware verifies/authenticates its own firmware and then system initialization firmware by measuring such firmware and storing measurement results in a register that is not spoofable by malicious code. In this instance, the measurement engine holds the host CPU complex in a reset state until the measurement engine has verified the system initialization firmware. In another such embodiment of the invention, the measurement engine hardware also measures firmware associated with one or more system service processors and stores such measurement results in a register. In this case, the measurement engine holds the system service processors and the host CPU complex in reset until the measurements are completed. Other embodiments are described.Type: GrantFiled: March 27, 2008Date of Patent: June 28, 2011Assignee: Intel CorporationInventors: Sham M. Datta, Mohan J. Kumar, Ernest Brickell
-
Patent number: 7725637Abstract: A method includes determining a plurality of memory addresses, each memory address being different from one another. The method further includes generating a plurality of system management interrupt interprocessor interrupts, each system management interrupt interprocessor interrupt having a corresponding processor in a plurality of processors in a system and each system management interrupt interprocessor interrupt including one of the plurality of memory addresses. The method further includes directing each system management interrupt interprocessor interrupt to the corresponding processor. An associated machine readable medium is also disclosed.Type: GrantFiled: December 31, 2007Date of Patent: May 25, 2010Assignee: Intel CorporationInventors: Mohan Kumar, Sarathy Jayakumar, Sham M Datta
-
Publication number: 20090249050Abstract: Embodiments of the invention provide systems and methods associated with a measurement engine in a server platform. In one such embodiment of the invention, the measurement engine hardware verifies/authenticates its own firmware and then system initialization firmware by measuring such firmware and storing measurement results in a register that is not spoofable by malicious code. In this instance, the measurement engine holds the host CPU complex in a reset state until the measurement engine has verified the system initialization firmware. In another such embodiment of the invention, the measurement engine hardware also measures firmware associated with one or more system service processors and stores such measurement results in a register. In this case, the measurement engine holds the system service processors and the host CPU complex in reset until the measurements are completed. Other embodiments are described.Type: ApplicationFiled: March 27, 2008Publication date: October 1, 2009Inventors: Sham M. Datta, Mohan J. Kumar, Ernest Brickell
-
Publication number: 20090172385Abstract: Apparatuses, methods, and systems for enabling system management mode in a secure system are disclosed. In one embodiment, a processor includes sub-operating-system mode logic, virtual machine logic, and control logic. The sub-operating-system mode logic is to support a sub-operating-system mode. The virtual machine logic is to support virtualization. The control logic is to prevent virtualization from being enabled when the sub-operating-system mode is disabled.Type: ApplicationFiled: December 31, 2007Publication date: July 2, 2009Inventors: Sham M. Datta, Mohan J. Kumar, Maheeh Natu
-
Publication number: 20080163331Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.Type: ApplicationFiled: December 29, 2006Publication date: July 3, 2008Inventors: Sham M. Datta, Mohan J. Kumar, James A. Sutton, Ernie Brickell, Ioannis T. Schoinas
-
Patent number: 7392371Abstract: A boot routine is initialized in a computer by bootstrapping a volume top file (VTF) located in a first addressable location accessible upon the initializing of the boot routine and the volume top file bootstrapping a set of firmware modules.Type: GrantFiled: December 20, 2001Date of Patent: June 24, 2008Inventors: Vincent J. Zimmer, Kirk D. Brannock, Sham M. Datta
-
Publication number: 20080091917Abstract: In an embodiment, memory access requests for information stored within a system memory pass through an integrated circuit. The system memory may include a micro-architectural memory region to store instructions and/or data, where the micro-architectural memory region is to be exclusively accessible by a micro-architectural agent The integrated circuit may include memory access director to direct memory access requests to the micro-architectural memory region if the memory access director determines that the memory access request includes a location within the at least one micro-architectural memory region and the micro-architectural agent is operating in a micro-architectural memory region access mode.Type: ApplicationFiled: October 11, 2006Publication date: April 17, 2008Inventors: Martin G. Dixon, Scott D. Rodgers, James P. Held, Bill Alexander, Larry O. Smith, Scott H. Robinson, Sham M. Datta
-
Patent number: 7254676Abstract: In one embodiment, a computer boot method allows choosing a predetermined data block alignment for a cache that has multiple cross processor interactions. A cache RAM column of a cache as RAM system is loaded with a tag to prevent unintended cache line evictions, and boot code is executed, with the preloaded cache RAM appearing to the executing boot code stream as a memory store.Type: GrantFiled: November 15, 2002Date of Patent: August 7, 2007Assignee: Intel CorporationInventors: Sham M. Datta, Vincent J. Zimmer, Kushagra V. Vaid, William A. Stevens, Amy Lynn Santoni