Patents by Inventor Tarun Viswanathan
Tarun Viswanathan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210105258Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.Type: ApplicationFiled: May 18, 2020Publication date: April 8, 2021Inventors: Kapil Sood, Seosamh O'Riordain, Ned M. Smith, Tarun Viswanathan
-
Publication number: 20210021484Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to schedule workloads based on secure edge to device telemetry by calculating a difference between a first telemetric data received from a first hardware device and an operating parameter and computing an adjustment for a second hardware device based on the difference between the first telemetric data and the operating parameter.Type: ApplicationFiled: September 25, 2020Publication date: January 21, 2021Inventors: Kapil Sood, Timothy Verrall, Ned M. Smith, Tarun Viswanathan, Kshitij Doshi, Francesc Guim Bernat, John J. Browne, Katalin Bartfai-Walcott, Maryam Tahhan, Eoin Walsh, Damien Power
-
Publication number: 20210021533Abstract: Systems and techniques for intelligent data forwarding in edge networks are described herein. A request may be received from an edge user device for a service via a first endpoint. A time value may be calculated using a timestamp of the request. Motion characteristics may be determined for the edge user device using the time value. A response to the request may be transmitted to a second endpoint based on the motion characteristics.Type: ApplicationFiled: September 25, 2020Publication date: January 21, 2021Inventors: Francesc Guim Bernat, Ned M. Smith, Kshitij Arun Doshi, Suraj Prabhakaran, Timothy Verrall, Kapil Sood, Tarun Viswanathan
-
Publication number: 20210021619Abstract: Various aspects of methods, systems, and use cases for trust-based orchestration of an edge node. An edge node may be configured for trust-based orchestration in an edge computing environment, where the edge node includes a transceiver to receive an instruction to perform a workload, the instruction from an edge orchestrator, the edge node being in a group of edge nodes managed with a ledger; and a processor to execute the workload at the edge node to produce a result, wherein the execution of the workload is evaluated by other edge nodes in the group of edge nodes to produce a reputation score of the edge node, where the transceiver is to provide the result to the edge orchestrator.Type: ApplicationFiled: September 26, 2020Publication date: January 21, 2021Inventors: Ned M. Smith, Francesc Guim Bernat, Rajesh Poornachandran, Kshitij Arun Doshi, Tarun Viswanathan, Kapil Sood
-
Patent number: 10848974Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.Type: GrantFiled: December 28, 2018Date of Patent: November 24, 2020Assignee: Intel CorporationInventors: Alexander Bachmutsky, Dario Sabella, Francesc Guim Bernat, John J. Browne, Kapil Sood, Kshitij Arun Doshi, Mats Gustav Agerstam, Ned M. Smith, Rajesh Poornachandran, Tarun Viswanathan
-
Publication number: 20200287813Abstract: Methods and apparatus for workload feedback mechanisms facilitating a closed loop architecture. Platform telemetry data is collected from a server platform including one or more hardware components and running one or more virtual network functions (VNFs). A workload performance associated one or more VNFs or one or more applications associated with the one or more VNFs is monitored to detect whether the performance of a VNF or application fails to meet a performance criteria, such as a Service Level Agreement (SLA) metric, and corresponding performance indicia is generated by the VNF. Based on the platform telemetry data and the performance indicia, an operational configuration of one of more of the hardware components is adjusted to increase the workload performance to meet or exceed the performance criteria.Type: ApplicationFiled: April 16, 2020Publication date: September 10, 2020Inventors: Patrick Kutch, John Browne, Shobhi Jain, Jasvinder Singh, Sunku Ranganath, Adrian Hoban, Swati Sehgal, Killian Muldoon, Tarun Viswanathan, Khawar Abbasi
-
Publication number: 20200242258Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.Type: ApplicationFiled: April 10, 2020Publication date: July 30, 2020Inventors: Ned SMITH, Kshitij A. DOSHI, Francesc GUIM BERNAT, Kapil SOOD, Tarun VISWANATHAN
-
Patent number: 10708247Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.Type: GrantFiled: September 27, 2018Date of Patent: July 7, 2020Assignee: Intel CorporationInventors: Kapil Sood, Seosamh O'Riordain, Ned M. Smith, Tarun Viswanathan
-
Publication number: 20200112591Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: ApplicationFiled: September 11, 2019Publication date: April 9, 2020Inventors: Tarun Viswanathan, Uri Kahana, Alan Ross, Eran Birk
-
Publication number: 20200084202Abstract: Various approaches for implementing attestation using an attestation token are described. In an edge computing system deployment, an edge computing device includes an attestable feature (e.g., resource, service, entity, property, etc.) which is accessible from use of an attestation token, by the operations of: obtaining a first instance of a token that provides proof of attestation for an accessible feature of the edge computing device, with the token including data to indicate trust level designations for the feature as attested by an attestation provider; receiving, from a prospective user of the feature, a request to use the feature and a second instance of the token, with the second instance of the token originating from the attestation provider; and providing access to the feature based on a verification of the instances of the token, by using the verification to confirm attestation of the trust level designations for the feature.Type: ApplicationFiled: November 14, 2019Publication date: March 12, 2020Inventors: Ned M. Smith, John J. Browne, Kapil Sood, Francesc Guim Bernat, Kshitij Arun Doshi, Rajesh Poornachandran, Tarun Viswanathan, Manish Dave
-
Patent number: 10511638Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: October 23, 2018Date of Patent: December 17, 2019Assignee: Intel CorporationInventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Publication number: 20190230002Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device.Type: ApplicationFiled: March 29, 2019Publication date: July 25, 2019Inventors: Francesc Guim Bernat, Kapil Sood, Tarun Viswanathan, Kshitij Doshi, Timothy Verrall, Ned M. Smith, Manish Dave, Alex Vul
-
Publication number: 20190229897Abstract: Technologies for accelerated key caching in an edge hierarchy include multiple edge appliance devices organized in tiers. An edge appliance device receives a request for a key, such as a private key. The edge appliance device determines whether the key is included in a local key cache and, if not, requests the key from an edge appliance device included in an inner tier of the edge hierarchy. The edge appliance device may request the key from an edge appliance device included in a peer tier of the edge hierarchy. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys in the key cache for eviction. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys for pre-fetching. Those functions of the edge appliance device may be performed by an accelerator such as an FPGA. Other embodiments are described and claimed.Type: ApplicationFiled: March 29, 2019Publication date: July 25, 2019Inventors: Timothy Verrall, Thomas Willhalm, Francesc Guim Bernat, Karthik Kumar, Ned M. Smith, Rajesh Poornachandran, Kapil Sood, Tarun Viswanathan, John J. Browne, Patrick Kutch
-
Publication number: 20190141536Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.Type: ApplicationFiled: December 28, 2018Publication date: May 9, 2019Inventors: Alexander Bachmutsky, Dario Sabella, Francesc Guim Bernat, John J. Browne, Kapil Sood, Kshitij Arun Doshi, Mats Gustav Agerstam, Ned M. Smith, Rajesh Poornachandran, Tarun Viswanathan
-
Publication number: 20190058737Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: ApplicationFiled: October 23, 2018Publication date: February 21, 2019Inventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Publication number: 20190042783Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.Type: ApplicationFiled: September 27, 2018Publication date: February 7, 2019Inventors: Francesc Guim Bernat, Mark Schmisseur, Kshitij Doshi, Kapil Sood, Tarun Viswanathan
-
Publication number: 20190042314Abstract: Particular embodiments described herein provide for an electronic device that can be configured to partition a resource into a plurality of partitions and allocate a reserved portion and a corresponding burst portion in each of the plurality of partitions. Each of the allocated reserved portions and corresponding burst portions are reserved for a specific component or application, where any part of the allocated burst portion not being used by the specific component or application can be used by other components and/or applications.Type: ApplicationFiled: January 12, 2018Publication date: February 7, 2019Applicant: Intel CorporationInventors: Timothy Verrall, John J. Browne, Tomasz Kantecki, Maryam Tahhan, Eoin Walsh, Andrew Duignan, Alan Carey, Wojciech Andralojc, Damien Power, Tarun Viswanathan
-
Publication number: 20180357099Abstract: Particular embodiments described herein provide for a network element that can be configured to determine a pre-execution performance test, where the pre-execution performance test is at least partially based on requirements for a process to be executed, cause the pre-execution performance test to be executed on a platform before the process is executed on the platform, where the platform is a dynamically allocated group of resources, analyze results of the pre-execution performance test, and cause the process to be executed on the platform if the results of the pre-execution performance test satisfy a condition. In an example, the process is a virtual network function.Type: ApplicationFiled: June 8, 2017Publication date: December 13, 2018Applicant: Intel CorporationInventors: John J. Browne, Tomasz Kantecki, Eoin Walsh, Maryam Tahhan, Timothy Verrall, Tarun Viswanathan, Rory Browne
-
Patent number: 10122766Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: February 23, 2016Date of Patent: November 6, 2018Assignee: Intel CorporationInventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Publication number: 20180173549Abstract: There is disclosed in an example, a computing apparatus, including: a processor having a resource direction capability; and one or more logic elements providing a network function virtualization orchestrator (NFVO) engine to: store for a virtual machine (VM) an extended performance profile, comprising a metric from the resource direction capability.Type: ApplicationFiled: December 16, 2016Publication date: June 21, 2018Applicant: Intel CorporationInventors: John J. Browne, Tomasz Kantecki, Timothy Verrall, Maryam Tahhan, Eoin Walsh, Rory Browne, Tarun Viswanathan