Patents by Inventor Siddhartha Chhabra

Siddhartha Chhabra has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11876835
    Abstract: Various embodiments are generally directed to techniques to enforce policies for computing platform resources, such as to prevent denial of service (DoS) attacks on the computing platform resources. Some embodiments are particularly directed to ISA instructions that allow trusted software/applications to securely enforce policies on a platform resource/device while allowing untrusted software to control allocation of the platform resource. In many embodiments, the ISA instructions may enable secure communication between a trusted application and a platform resource. In several embodiments, a first ISA instruction implemented by microcode may enable a trusted application to wrap policy information for secure transmission through an untrusted stack.
    Type: Grant
    Filed: October 15, 2021
    Date of Patent: January 16, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11874776
    Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: January 16, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11861020
    Abstract: An apparatus includes a processor, persistent memory coupled to the processor, and a memory protection logic. The processor may include multiple processing engines. The persistent memory may include a persistent storage portion and a memory expansion portion. The memory protection logic is to: obtain a first ephemeral component associated with the persistent storage portion; generate a persistent key using the first ephemeral component; obtain a second ephemeral component associated with the memory expansion portion; and generate a non-persistent key using the second ephemeral component. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 26, 2020
    Date of Patent: January 2, 2024
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Hormuzd M. Khosravi
  • Publication number: 20230421545
    Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.
    Type: Application
    Filed: June 30, 2023
    Publication date: December 28, 2023
    Applicant: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Siddhartha Chhabra, David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas
  • Patent number: 11847067
    Abstract: Methods and apparatus relating to cryptographic protection of memory attached over interconnects are described. In an embodiment, memory stores data and a processor having execution circuitry executes an instruction to program an inline memory expansion logic and a host memory encryption logic with one or more cryptographic keys. The inline memory expansion logic encrypts the data to be written to the memory and decrypts encrypted data to be read from the memory. The memory is coupled to the processor via an interconnect endpoint of a system fabric. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: October 19, 2021
    Date of Patent: December 19, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan
  • Patent number: 11841806
    Abstract: In one embodiment, a multi-tenant computing system includes at least one processor including a plurality of cores on which a plurality of agents of a plurality of tenants of the multi-tenant computing system are to execute, a configuration storage, and a memory execution circuit. The configuration storage includes a first configuration register to store configuration information associated with the memory execution circuit. The first configuration register is to store a mode identifier to identify a mode of operation of the memory execution circuit. The memory execution circuit, in a first mode of operation, is to receive encrypted data of a first tenant of the plurality of tenants, the encrypted data encrypted by the first tenant, generate an integrity value for the encrypted data, and send the encrypted data and the integrity value to a memory, wherein the integrity value is not visible to the software of the multi-tenant computing system.
    Type: Grant
    Filed: August 2, 2021
    Date of Patent: December 12, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, David M. Durham
  • Patent number: 11816040
    Abstract: Device memory protection for supporting trust domains is described. An example of a computer-readable storage medium includes instructions for allocating device memory for one or more trust domains (TDs) in a system including one or more processors and a graphics processing unit (GPU); allocating a trusted key ID for a TD of the one or more TDs; creating LMTT (Local Memory Translation Table) mapping for address translation tables, the address translation tables being stored in a device memory of the GPU; transitioning the TD to a secure state; and receiving and processing a memory access request associated with the TD, processing the memory access request including accessing a secure version of the address translation tables.
    Type: Grant
    Filed: April 2, 2022
    Date of Patent: November 14, 2023
    Assignee: INTEL CORPORATION
    Inventors: Vidhya Krishnan, Siddhartha Chhabra, David Puffer, Ankur Shah, Daniel Nemiroff, Utkarsh Y. Kakaiya
  • Publication number: 20230315857
    Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
    Type: Application
    Filed: April 5, 2023
    Publication date: October 5, 2023
    Inventors: Ravi L. Sahita, Baiju V. Patel, Barry E. Huntley, Gilbert Neiger, Hormuzd M. Khosravi, Ido Ouziel, David M. Durham, Ioannis T. Schoinas, Siddhartha Chhabra, Carlos V. Rozas, Gideon Gerzon
  • Patent number: 11775447
    Abstract: In one embodiment, an apparatus comprises a processor to read a data line from memory in response to a read request from a VM. The data line comprises encrypted memory data. The apparatus also comprises a memory encryption circuit in the processor. The memory encryption circuit is to use an address of the read request to select an entry from a P2K table; obtain a key identifier from the selected entry of the P2K table; use the key identifier to select a key for the read request; and use the selected key to decrypt the encrypted memory data into decrypted memory data. The processor is further to make the decrypted memory data available to the VM. The P2K table comprises multiple entries, each comprising (a) a key identifier for a page of memory and (b) an encrypted address for that page of memory. Other embodiments are described and claimed.
    Type: Grant
    Filed: October 12, 2021
    Date of Patent: October 3, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Patent number: 11775332
    Abstract: Systems and methods for memory isolation are provided. The methods include receiving a request to write a data line to a physical memory address, where the physical memory address includes a key identifier, selecting an encryption key from a key table based on the key identifier of the physical memory address, determining whether the data line is compressible, compressing the data line to generate a compressed line in response to determining that the data line is compressible, where the compressed line includes compression metadata and compressed data, adding encryption metadata to the compressed line, where the encryption metadata is indicative of the encryption key, encrypting a part of the compressed line with the encryption key to generate an encrypted line in response to adding the encryption metadata, and writing the encrypted line to a memory device at the physical memory address. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 22, 2021
    Date of Patent: October 3, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Siddhartha Chhabra, Michael E. Kounavis
  • Patent number: 11765239
    Abstract: Technologies disclosed herein provide a method for receiving at a device from a remote server, a request for state information from a first processor of the device, obtaining the state information from one or more registers of the first processor based on a request structure indicated by a first instruction of a software program executing on the device, and generating a response structure based, at least in part, on the obtained state information. The method further includes using a cryptographic algorithm and a shared key established between the device and the remote server to generate a signature based, at least in part, on the response structure, and communicating the response structure and the signature to the remote server. In more specific embodiments, both the response structure and the request structure each include a same nonce value.
    Type: Grant
    Filed: February 2, 2022
    Date of Patent: September 19, 2023
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Siddhartha Chhabra, Uttam K. Sengupta, Howard C. Herbert
  • Publication number: 20230289479
    Abstract: A processor includes a first model specific register (MSR); and memory encryption circuitry to receive a request to access a memory, determine if a key identifier (ID) of the request is zero, and if the key ID is zero, to bypass data encryption when the request is to write data to the memory and to bypass memory decryption when the request is to read data from the memory and when a selected bit of the first MSR is set, and if the selected bit of the first MSR is not set, to encrypt write data when the request is to write data or decrypt data in a read response when the request is to read data, with a key associated with the key ID equal to zero.
    Type: Application
    Filed: March 11, 2022
    Publication date: September 14, 2023
    Applicant: Intel Corporation
    Inventors: Siddhartha Chhabra, Raghunandan Makaram, Barry Huntley, Hisham Shafi, Hormuzd Khosravi
  • Publication number: 20230291567
    Abstract: Described herein is a paging technique that can be implemented in any accelerator with attached memory and support for operating on encrypted data when the CPU is not within the trusted compute base (TCB). Memory storing data that is encrypted using hardware physical address (HPA)-based encrypted can be paged out of accelerator device memory by decoupling encryption from the hardware physical address and re-encrypting the data for page-out. Upon page-in, the data is decrypted, the integrity and authenticity of the data is verified, then the data is re-encrypted using HPA-based encryption.
    Type: Application
    Filed: March 11, 2022
    Publication date: September 14, 2023
    Applicant: Intel Corporation
    Inventors: VIDHYA KRISHNAN, SIDDHARTHA CHHABRA, VEDVYAS SHANBHOGUE, XIAOYU RUAN, ADITYA NAVALE, JULIEN CARRENO
  • Patent number: 11741230
    Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: August 29, 2023
    Assignee: INTEL CORPORATION
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
  • Patent number: 11743240
    Abstract: Methods, systems, and apparatuses associated with a secure stream protocol for a serial interconnect are disclosed. An apparatus comprises a first device comprising circuitry to, using an end-to-end protocol, secure a transaction in a first secure stream based at least in part on a transaction type of the transaction, where the first secure stream is separate from a second secure stream. The first device is further to send the transaction secured in the first secure stream to a second device over a link established between the first device and the second device, where the transaction is to traverse one or more intermediate devices from the first device to the second device. In more specific embodiments, the first secure stream is based on one of a posted transaction type, a non-posted transaction type, or completion transaction type.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: August 29, 2023
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Siddhartha Chhabra, David J. Harriman, Raghunandan Makaram, Ioannis T. Schoinas
  • Patent number: 11734436
    Abstract: Methods and apparatus relating to Organic Light Emitting Diode (OLED) compensation based on protected content are described. In an embodiment, secure memory stores data that is only accessible by trusted logic. Display controller logic circuitry updates pixel values to be stored in the secure memory based on a plurality of frames. The display controller logic circuitry allows access by untrusted software to the updated pixel values after a first number of updates to the pixel values stored in the secure memory. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: August 22, 2023
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Siddhartha Chhabra, Junhai Qiu, Ke Sun
  • Patent number: 11706039
    Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: July 18, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel
  • Patent number: 11700135
    Abstract: Techniques for encrypting data using a key generated by a physical unclonable function (PUF) are described. An apparatus according to the present disclosure may include decoder circuitry to decode an instruction and generate a decoded instruction. The decoded instruction includes operands and an opcode. The opcode indicates that execution circuitry is to encrypt data using a key generated by a PUF. The apparatus may further include execution circuitry to execute the decoded instruction according to the opcode to encrypt the data to generate encrypted data using the key generated by the PUF.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: July 11, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan, Baiju Patel, Vedvyas Shanbhogue
  • Patent number: 11687681
    Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.
    Type: Grant
    Filed: September 14, 2020
    Date of Patent: June 27, 2023
    Assignee: INTEL CORPORATION
    Inventors: Shay Gueron, Siddhartha Chhabra, Nadav Bonen
  • Patent number: 11687654
    Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: June 27, 2023
    Assignee: Intel Corporation
    Inventors: Ravi L. Sahita, Baiju V. Patel, Barry E. Huntley, Gilbert Neiger, Hormuzd M. Khosravi, Ido Ouziel, David M. Durham, Ioannis T. Schoinas, Siddhartha Chhabra, Carlos V. Rozas, Gideon Gerzon