Patents by Inventor Siddhartha Chhabra

Siddhartha Chhabra has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250117501
    Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.
    Type: Application
    Filed: October 1, 2024
    Publication date: April 10, 2025
    Applicant: Intel Corporation
    Inventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
  • Patent number: 12267423
    Abstract: In one embodiment, an apparatus includes a processor comprising at least one core to execute instructions of a plurality of virtual machines (VMs) and a virtual machine monitor (VMM), and a cryptographic engine to protect data associated with the plurality of VMs through use of a plurality of private keys and a trusted transformer key, where each of the plurality of private keys are to protect program instructions and data of a respective VM and the trusted transformer key is to protect management structure data for the plurality of VMs. The processor is further to provide, to the VMM, read and write access to the management structure data through an untrusted transformer key.
    Type: Grant
    Filed: September 24, 2021
    Date of Patent: April 1, 2025
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra
  • Publication number: 20250103514
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Application
    Filed: December 9, 2024
    Publication date: March 27, 2025
    Applicant: Intel Corporation
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Patent number: 12238221
    Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: February 25, 2025
    Assignee: Intel Corporation
    Inventors: David M. Durham, Rajat Agarwal, Siddhartha Chhabra, Sergej Deutsch, Karanvir S. Grewal, Ioannis T. Schoinas
  • Publication number: 20250053668
    Abstract: Embodiments of apparatuses, methods, and systems for scalable multi-key memory encryption are disclosed. In an embodiment, an apparatus includes a core, an encryption unit, and key identification hardware. The core is to write data to and read data from memory regions, each to be identified by a corresponding address. The encryption unit to encrypt data to be written and decrypt data to be read. The key identification hardware is to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure. The corresponding key identifier is one multiple key identifiers. The corresponding key identifier is to identify which one of multiple encryption keys is to be used to encrypt and decrypt the data.
    Type: Application
    Filed: October 28, 2024
    Publication date: February 13, 2025
    Applicant: Intel Corporation
    Inventors: Barry E. Huntley, Hormuzd M. Khosravi, Thomas Toll, Ramya Jayaram Masti, Siddhartha Chhabra, Vincent Von Bokern
  • Patent number: 12189542
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: January 7, 2025
    Assignee: Intel Corporation
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Patent number: 12189792
    Abstract: Embodiments of apparatuses, methods, and systems for scalable multi-key memory encryption are disclosed. In an embodiment, an apparatus includes a core, an encryption unit, and key identification hardware. The core is to write data to and read data from memory regions, each to be identified by a corresponding address. The encryption unit to encrypt data to be written and decrypt data to be read. The key identification hardware is to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure. The corresponding key identifier is one multiple key identifiers. The corresponding key identifier is to identify which one of multiple encryption keys is to be used to encrypt and decrypt the data.
    Type: Grant
    Filed: September 26, 2020
    Date of Patent: January 7, 2025
    Assignee: Intel Corporation
    Inventors: Barry E. Huntley, Hormuzd M. Khosravi, Thomas Toll, Ramya Jayaram Masti, Siddhartha Chhabra, Vincent Von Bokern
  • Patent number: 12177343
    Abstract: Systems, methods, and apparatuses for providing chiplet binding to a disaggregated architecture for a system on a chip are described. In one embodiment, system includes a plurality of physically separate dies, an interconnect to electrically couple the plurality of physically separate dies together, a first die-to-die communication circuit, of a first die of the plurality of physically separate dies, comprising a transmitter circuit and an encryption circuit having a link key to encrypt data to be sent from the transmitter circuit into encrypted data, and a second die-to-die communication circuit, of a second die of the plurality of physically separate dies, comprising a receiver circuit and a decryption circuit having the link key to decrypt the encrypted data sent from the transmitter circuit to the receiver circuit.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: December 24, 2024
    Assignee: Intel Corporation
    Inventors: Baiju Patel, Siddhartha Chhabra, Prashant Dewan, Ofir Shwartz
  • Patent number: 12174754
    Abstract: Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 1, 2022
    Date of Patent: December 24, 2024
    Assignee: Intel Corporation
    Inventors: Luis Kida, Siddhartha Chhabra, Reshma Lal, Pradeep M. Pappachan
  • Patent number: 12143501
    Abstract: In embodiments detailed herein describe an encryption architecture with fast zero support (e.g., FZ-MKTME) to allow memory encryption and integrity architecture to work efficiently with 3DXP or other far memory memories. In particular, an encryption engine for the purpose of fast zeroing in the far memory controller is detailed along with mechanisms for consistent key programming of this engine. For example, an instruction is detailed which allows software to send keys protected even when the controller is located outside of a system on a chip (SoC), etc.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: November 12, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Manjula Peddireddy, Hormuzd Khosravi
  • Patent number: 12135643
    Abstract: Techniques and mechanisms for metadata, which corresponds to cached data, to be selectively stored to a sequestered memory region. In an embodiment, integrated circuitry evaluates whether a line of a cache can accommodate a first representation of both the data and some corresponding metadata. Where the cache line can accommodate the first representation, said first representation is generated and stored to the line. Otherwise, a second representation of the data is generated and stored to a cache line, and the metadata is stored to a sequestered memory region that is external to the cache. The cache line include an indication as to whether the metadata is represented in the cache line, or is stored in the sequestered memory region. In another embodiment, a metric of utilization of the sequestered memory region is provided to software which determines whether a capacity of the sequestered memory region is to be modified.
    Type: Grant
    Filed: November 12, 2020
    Date of Patent: November 5, 2024
    Assignee: Intel Corporation
    Inventors: Michael Kounavis, Siddhartha Chhabra, David M. Durham
  • Patent number: 12135801
    Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 18, 2022
    Date of Patent: November 5, 2024
    Assignee: Intel Corporation
    Inventors: Soham Jayesh Desai, Siddhartha Chhabra, Bin Xing, Pradeep M. Pappachan, Reshma Lal
  • Patent number: 12126706
    Abstract: Detailed herein are embodiments which allow for integrity protected access control to provide defense against deterministic software attacks. Software attacks such as rowhammer attacks which target the TD bit itself are defended against using cryptographic integrity which the data itself is protected by the TD-bit alone. As such, software is reduced to performing only non-deterministic attacks (e.g., random corruption), but all the deterministic attacks are defended against. Additionally, integrity-protected access control bits are protected against simple hardware attacks where the adversary with physical access to the machine can flip TD bits to get ciphertext access in software which can break confidentiality.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: October 22, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, John Sell
  • Patent number: 12086424
    Abstract: Securing communications over a compute express link (CXL) is performed by receiving allocation of memory in a memory device and a key identifier (ID) to a trusted execution environment virtual machine (TEE VM); configuring a random key for the key ID by sending a random key configuration request to instruct a device security manager (DSM) of the memory device to configure a memory encryption engine (MEE) of the memory device with the random key and the memory allocation; initializing the allocated memory using the random key; and enabling secure access by the TEE VM to the allocated memory over the CXL by encrypting data transfers from the TEE VM to the memory device using the random key or decrypting data transfers from the memory device to the TEE VM using the random key.
    Type: Grant
    Filed: June 16, 2021
    Date of Patent: September 10, 2024
    Assignee: INTEL CORPORATION
    Inventors: Vedvyas Shanbhogue, Siddhartha Chhabra
  • Patent number: 12038845
    Abstract: Techniques and mechanisms for identifying tag information that describes data to be cached at a processor. In an embodiment, a memory controller services a memory access request from the processor, wherein the memory controller reads multiple chunks of data from a memory device, and determines first tag information which corresponds to the multiple chunks. One or more of the multiple chunks are sent to the processor in a response to the request. Based on the first tag information, the memory controller detects for a match—if any—between at least two tags. Where such a match is detected, the memory controller further indicates to the processor that second tag information corresponds to the one or more chunks. In another embodiment, the first tag information is more granular than the second tag information.
    Type: Grant
    Filed: September 23, 2020
    Date of Patent: July 16, 2024
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Siddhartha Chhabra
  • Patent number: 12022013
    Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: June 25, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel
  • Publication number: 20240193263
    Abstract: Techniques for dynamically configurable Scalable Memory Integrity and Enhanced Reliability, Availability, and Serviceability (SMIRAS) are described. A SMIRAS based system may be enabled to use an integrity-based metadata organization, a replay protection-based metadata organization, or a combination of both metadata organizations.
    Type: Application
    Filed: December 26, 2020
    Publication date: June 13, 2024
    Inventor: SIDDHARTHA CHHABRA
  • Publication number: 20240176749
    Abstract: In one embodiment, a multi-tenant computing system includes a processor including a plurality of cores on which agents of tenants of the multi-tenant computing system are to execute, a configuration storage, and a memory execution circuit. The configuration storage includes a first configuration register to store configuration information associated with the memory execution circuit. The first configuration register is to store a mode identifier to identify a mode of operation of the memory execution circuit. The memory execution circuit, in a first mode of operation, is to receive encrypted data of a first tenant, the encrypted data encrypted by the first tenant, generate an integrity value for the encrypted data, and send the encrypted data and the integrity value to a memory, the integrity value not visible to the software of the multi-tenant computing system. Other embodiments are described and claimed.
    Type: Application
    Filed: December 4, 2023
    Publication date: May 30, 2024
    Inventors: Siddhartha Chhabra, David M. Durham
  • Patent number: 11997192
    Abstract: Technologies for establishing device locality are disclosed. A processor in a computing device generates an identifier distinct to the computing device. The processor transmits the identifier to a management controller via a hardware bus in the computing device. The processor generates a key and encrypts the key with the identifier to generate a wrapped key. The processor transmits the wrapped key to the management controller. In turn, the management controller unwraps the key using the identifier. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: May 28, 2024
    Assignee: INTEL CORPORATION
    Inventors: Bo Zhang, Siddhartha Chhabra, William A. Stevens, Reshma Lal
  • Patent number: 11995001
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Grant
    Filed: July 18, 2022
    Date of Patent: May 28, 2024
    Assignee: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith