Patents by Inventor Shay Gueron
Shay Gueron has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250088348Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.Type: ApplicationFiled: September 18, 2024Publication date: March 13, 2025Applicant: Intel CorporationInventors: Shay GUERON, Vlad KRASNOV
-
Patent number: 12132821Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.Type: GrantFiled: September 20, 2021Date of Patent: October 29, 2024Assignee: Intel CorporationInventors: Shay Gueron, Vlad Krasnov
-
Patent number: 11811919Abstract: A system coordinates with remote hardware to execute customer workloads. The system uses an architecture for ensuring trust to ensure that debugging is not performed at the remote hardware while the customer workload is being executed on the remote hardware without customer consent. For example, debugging at the remote hardware may enable an entity performing the debugging to view certain aspects of the customer's workload. The architecture for ensuring trusts uses a shared secret to ensure customer consent is given before debugging can be performed while the customer's workload is being executed on the remote hardware.Type: GrantFiled: October 7, 2022Date of Patent: November 7, 2023Assignee: Amazon Technologies, Inc.Inventors: Rodrigo Rubira Branco, Shay Gueron, John Totah
-
Patent number: 11754623Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.Type: GrantFiled: August 9, 2021Date of Patent: September 12, 2023Assignee: Intel CorporationInventors: Tsvika Kurts, Boris Dolgunov, Vladislav Mladentsev, Ittai Anati, Elias Khoury, Maor Kima, Eran Shlomo, Shay Gueron, William Penner
-
Patent number: 11687681Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.Type: GrantFiled: September 14, 2020Date of Patent: June 27, 2023Assignee: INTEL CORPORATIONInventors: Shay Gueron, Siddhartha Chhabra, Nadav Bonen
-
Publication number: 20230115187Abstract: A system coordinates with remote hardware to execute customer workloads. The system uses an architecture for ensuring trust to ensure that debugging is not performed at the remote hardware while the customer workload is being executed on the remote hardware without customer consent. For example, debugging at the remote hardware may enable an entity performing the debugging to view certain aspects of the customer's workload. The architecture for ensuring trusts uses a shared secret to ensure customer consent is given before debugging can be performed while the customer's workload is being executed on the remote hardware.Type: ApplicationFiled: October 7, 2022Publication date: April 13, 2023Applicant: Amazon Technologies, Inc.Inventors: Rodrigo Rubira Branco, Shay Gueron, John Totah
-
Patent number: 11586560Abstract: Various examples are directed to systems and methods for securing a data storage device. A storage controller may receive a read request directed to the data storage device. The read request may comprise address data indicating a first address of a first storage location at the data storage device. The storage controller may request from the data storage device a first encrypted data unit stored at the first memory element and a first encrypted set of parity bits, such as Error Correction Code (ECC) bits, associated with the first storage location. An encryption system may decrypt the first encrypted set of parity bits to generate a first set of parity bits based at least in part on an a first location parity key for the first address.Type: GrantFiled: February 2, 2021Date of Patent: February 21, 2023Assignee: INTEL CORPORATIONInventors: Rodrigo R. Branco, Shay Gueron
-
Patent number: 11563556Abstract: A processor of an aspect is to perform a Single Instruction Multiple Data (SIMD) instruction. The SIMD instruction is to indicate a source register storing input data to be processed by a round of AES and is to indicate a source of a round key to be used for the round of AES. The processor is to perform the SIMD instruction to perform the round of AES on the input data using the round key and store a result of the round of AES in a destination. In one aspect, the SIMD instruction is to provide a parameter to specify whether or not a round of AES to be performed is a last round. Other instructions, processors, methods, and systems are described.Type: GrantFiled: April 6, 2020Date of Patent: January 24, 2023Assignee: INTEL CORPORATIONInventors: Shay Gueron, Wajdi K. Feghali, Vinodh Gopal
-
Patent number: 11469887Abstract: A system coordinates with remote hardware to execute customer workloads. The system uses an architecture for ensuring trust to ensure that debugging is not performed at the remote hardware while the customer workload is being executed on the remote hardware without customer consent. For example, debugging at the remote hardware may enable an entity performing the debugging to view certain aspects of the customer's workload. The architecture for ensuring trusts uses a shared secret to ensure customer consent is given before debugging can be performed while the customer's workload is being executed on the remote hardware.Type: GrantFiled: June 29, 2020Date of Patent: October 11, 2022Assignee: Amazon Technologies, Inc.Inventors: Rodrigo Rubira Branco, Shay Gueron, John Totah
-
Publication number: 20220006612Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.Type: ApplicationFiled: September 20, 2021Publication date: January 6, 2022Inventors: Shay GUERON, Vlad KRASNOV
-
Publication number: 20210364571Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.Type: ApplicationFiled: August 9, 2021Publication date: November 25, 2021Inventors: Tsvika Kurts, Boris Dolgunov, Vladislav Mladentsev, Ittai Anati, Elias Khoury, Maor Kima, Eran Shlomo, Shay Gueron, William Penner
-
Patent number: 11184157Abstract: Protection against the obsolescence of cryptographic algorithms is provided by generating a cryptographic key pair for future use and storing the public key on a device. The cryptographic key pair supports a signature scheme that is potentially resistant to quantum computing attacks. In an embodiment, a key management server generates a set of one-time use keys sufficient to sign the anticipated number of software updates to be applied to a device. The key management server provides a public key which is stored on the device for later use. In an embodiment, an update to the device us signed with the one-time-use private key, and can be authenticated by the device using the public key. In an embodiment, the key pair supports the use of a one-time signature technique such as a Merkle signature scheme, Winternitz signature, or Lampert signature.Type: GrantFiled: June 13, 2018Date of Patent: November 23, 2021Assignee: Amazon Technologies, Inc.Inventors: Shay Gueron, Matthew John Campagna
-
Patent number: 11128443Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.Type: GrantFiled: November 6, 2020Date of Patent: September 21, 2021Assignee: Intel CorporationInventors: Shay Gueron, Vlad Krasnov
-
Patent number: 11108552Abstract: Plaintext data is encrypted and decrypted using a symmetric encryption algorithm that generates a sequence of pseudorandom values from a cryptographic key. A portion of the sequence of pseudorandom values is discarded. For example, in an embodiment, each value in the sequence of pseudorandom values is truncated by a number of bits. Encryption and decryption is performed by combining plaintext or ciphertext with the truncated sequence of pseudorandom values. In an embodiment, the combination is made by performing a bitwise exclusive or operation between the truncated pseudorandom values and the plaintext or ciphertext. In an embodiment, a number of bits discarded from each value is encoded into a message authentication code which is provided with any resulting ciphertext.Type: GrantFiled: May 2, 2018Date of Patent: August 31, 2021Assignee: Amazon Technologies, Inc.Inventors: Shay Gueron, Matthew John Campagna
-
Patent number: 11085964Abstract: Systems and techniques of the present disclosure may provide remote debugging of an integrated circuit (IC) device while preventing unauthorized access of device intellectual property (IP). A system may include an IC device that generates an encrypted session key and an interface that enables communication between the IC device and a remote debugging site. The interface may enable the IC device to send the encrypted the encrypted session key to initiate a remote debug process, receive an acknowledgement from the remote debugging session, and authenticate the acknowledgement. Further, the interface may enable to the IC device to initiate a secure debug session between the IC device and the remote debugging site.Type: GrantFiled: May 3, 2019Date of Patent: August 10, 2021Assignee: Intel CorporationInventors: Tsvika Kurts, Boris Dolgunov, Vladislav Mladentsev, Ittai Anati, Elias Khoury, Maor Kima, Eran Shlomo, Shay Gueron, William Penner
-
Patent number: 11075746Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.Type: GrantFiled: April 13, 2020Date of Patent: July 27, 2021Assignee: Intel CorporationInventors: Shay Gueron, Vlad Krasnov
-
Publication number: 20210182217Abstract: Various examples are directed to systems and methods for securing a data storage device. A storage controller may receive a read request directed to the data storage device. The read request may comprise address data indicating a first address of a first storage location at the data storage device. The storage controller may request from the data storage device a first encrypted data unit stored at the first memory element and a first encrypted set of parity bits, such as Error Correction Code (ECC) bits, associated with the first storage location. An encryption system may decrypt the first encrypted set of parity bits to generate a first set of parity bits based at least in part on an a first location parity key for the first address.Type: ApplicationFiled: February 2, 2021Publication date: June 17, 2021Inventors: Rodrigo R. Branco, Shay Gueron
-
Publication number: 20210103682Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.Type: ApplicationFiled: September 14, 2020Publication date: April 8, 2021Inventors: Shay Gueron, Siddhartha Chhabra, Nadav Bonen
-
Patent number: 10963593Abstract: Techniques described herein enhance information security in contexts that utilize key management systems and other providers of cryptographic services. A user of a key, management system is able to use a secret that is outside the control of the key management system combined with a secret that is cryptographically protected by the key management system (e.g., by encryption using a key managed by the key management system) to generate a message encryption key, thereby rendering the secrets individually insufficient for access to data encrypted using the message encryption key.Type: GrantFiled: December 11, 2018Date of Patent: March 30, 2021Assignee: Amazon Technologies, Inc.Inventors: Matthew John Campagna, Shay Gueron
-
Publication number: 20210058236Abstract: A processor includes a decode unit to decode an SM3 two round state word update instruction. The instruction is to indicate one or more source packed data operands. The source packed data operand(s) are to have eight 32-bit state words Aj, Bj, Cj, Dj, Ej, Fj, Gj, and Hj that are to correspond to a round (j) of an SM3 hash algorithm. The source packed data operand(s) are also to have a set of messages sufficient to evaluate two rounds of the SM3 hash algorithm. An execution unit coupled with the decode unit is operable, in response to the instruction, to store one or more result packed data operands, in one or more destination storage locations. The result packed data operand(s) are to have at least four two-round updated 32-bit state words Aj+2, Bj+2, Ej+2, and Fj+2, which are to correspond to a round (j+2) of the SM3 hash algorithm.Type: ApplicationFiled: November 6, 2020Publication date: February 25, 2021Inventors: Shay GUERON, Vlad KRASNOV