Patents by Inventor Ulhas S. Warrier
Ulhas S. Warrier has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10749683Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.Type: GrantFiled: September 18, 2018Date of Patent: August 18, 2020Assignee: Intel CorporationInventors: Ansuya Negi, Nitin V. Sarangdhar, Ulhas S. Warrier, Ramkumar Venkatachary, Ravi L. Sahita, Scott H. Robinson, Karanvir S. Grewal
-
Publication number: 20190036699Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.Type: ApplicationFiled: September 18, 2018Publication date: January 31, 2019Inventors: Ansuya Negi, Nitin V. Sarangdhar, Ulhas S. Warrier, Ramkumar Venkatachary, Ravi L. Sahita, Scott H. Robinson, Karanvir S. Grewal
-
Patent number: 10079684Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.Type: GrantFiled: December 18, 2015Date of Patent: September 18, 2018Assignee: Intel CorporationInventors: Ansuya Negi, Nitin V. Sarangdhar, Ulhas S. Warrier, Ramkumar Venkatachary, Ravi L. Sahita, Scott H. Robinson, Karanvir S. Grewal
-
Patent number: 9838367Abstract: According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register.Type: GrantFiled: June 26, 2015Date of Patent: December 5, 2017Assignee: INTEL CORPORATIONInventors: Siddhartha Chhabra, Prashant Dewan, Reshma Lal, Ulhas S. Warrier
-
Publication number: 20170134396Abstract: In an embodiment, a system includes at least one core and a trusted execution environment (TEE) to conduct an identity authentication that includes a comparison of streamed video data with previously recorded image data. Responsive to establishment of a match of the streamed video data to the previously recorded image data via the comparison, the TEE is to generate an identity attestation that indicates the match. Other embodiments are described and claimed.Type: ApplicationFiled: November 21, 2016Publication date: May 11, 2017Inventors: Abhilasha Bhargav-Spantzel, Ned M. Smith, Hormuzd M. Khosravi, Ulhas S. Warrier
-
Publication number: 20170104597Abstract: Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.Type: ApplicationFiled: December 18, 2015Publication date: April 13, 2017Inventors: Ansuya Negi, Nitin V. Sarangdhar, Ulhas S. Warrier, Ramkumar Venkatachary, Ravi L. Sahita, Scott H. Robinson, Karanvir S. Grewal
-
Publication number: 20160380985Abstract: According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register.Type: ApplicationFiled: June 26, 2015Publication date: December 29, 2016Applicant: Intel CorporationInventors: Siddhartha Chhabra, Prashant Dewan, Reshma Lal, Ulhas S. Warrier
-
Patent number: 9525668Abstract: In an embodiment, a system includes at least one core and a trusted execution environment (TEE) to conduct an identity authentication that includes a comparison of streamed video data with previously recorded image data. Responsive to establishment of a match of the streamed video data to the previously recorded image data via the comparison, the TEE is to generate an identity attestation that indicates the match. Other embodiments are described and claimed.Type: GrantFiled: June 27, 2014Date of Patent: December 20, 2016Assignee: Intel CorporationInventors: Abhilasha Bhargav-Spantzel, Ned M. Smith, Hormuzd M. Khosravi, Ulhas S. Warrier
-
Publication number: 20150381575Abstract: In an embodiment, a system includes at least one core and a trusted execution environment (TEE) to conduct an identity authentication that includes a comparison of streamed video data with previously recorded image data. Responsive to establishment of a match of the streamed video data to the previously recorded image data via the comparison, the TEE is to generate an identity attestation that indicates the match. Other embodiments are described and claimed.Type: ApplicationFiled: June 27, 2014Publication date: December 31, 2015Inventors: Abhilasha Bhargav-Spantzel, Ned M. Smith, Hormuzd M. Khosravi, Ulhas S. Warrier
-
Patent number: 9092632Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: GrantFiled: March 15, 2013Date of Patent: July 28, 2015Assignee: Intel CorporationInventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Patent number: 8776245Abstract: A system for executing trusted applications with a reduced trusted computing base. In one embodiment, the system includes a processor to dynamically instantiate an application protection module in response to a request by a program to be executed under a trusted mode. The system further includes memory to store the program which is capable of interacting with a remote service for security verification. In one embodiment, the application protection module includes a processor-measured application protection service (P-MAPS) operable to measure and to provide protection to the application.Type: GrantFiled: December 23, 2009Date of Patent: July 8, 2014Assignee: Intel CorporationInventors: Ravi L. Sahita, Ulhas S. Warrier, Prashant Dewan, Ranjit S. Narjala
-
Patent number: 8522322Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: GrantFiled: September 22, 2010Date of Patent: August 27, 2013Assignee: Intel CorporationInventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Publication number: 20130219191Abstract: A method, apparatus, machine-readable medium, and system are disclosed. In one embodiment the method includes a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: ApplicationFiled: March 15, 2013Publication date: August 22, 2013Inventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Publication number: 20120072734Abstract: A method, apparatus, method, machine-readable medium, and system are disclosed. In one embodiment the method includes is a processor. The processor includes switching a platform firmware update mechanism located in a computer platform to a platform firmware armoring technology (PFAT) mode on a boot of the computer platform. The computer platform includes a platform firmware storage location that stores a platform firmware. The method then persistently locks the platform firmware storage location in response to the platform firmware update mechanism switching to the PFAT mode. When persistently locked, writes are only allowed to the platform firmware storage location by an Authenticated Code Module in the running platform and only after a platform firmware update mechanism unlocking procedure.Type: ApplicationFiled: September 22, 2010Publication date: March 22, 2012Inventors: Allen R. Wishman, Sergiu D. Ghetie, Michael Neve De Mevergnies, Ulhas S. Warrier, Adil Karrar, Douglas R. Moran, Kirk Brannock
-
Publication number: 20110154500Abstract: A system for executing trusted applications with a reduced trusted computing base. In one embodiment, the system includes a processor to dynamically instantiate an application protection module in response to a request by a program to be executed under a trusted mode. The system further includes memory to store the program which is capable of interacting with a remote service for security verification. In one embodiment, the application protection module includes a processor-measured application protection service (P-MAPS) operable to measure and to provide protection to the application.Type: ApplicationFiled: December 23, 2009Publication date: June 23, 2011Inventors: Ravi L. Sahita, Ulhas S. Warrier, Prashant Dewan, Ranjit S. Narjala
-
Patent number: 7437474Abstract: Routing packets of information without proxies over a network having both private and public networks includes reviewing the destination address of a packet received a private network interface and rerouting the packet to a private client connected to the private network interface when the destination address of the packet is the public address of the private network.Type: GrantFiled: February 22, 2001Date of Patent: October 14, 2008Assignee: Intel CorporationInventors: Prakash N. Iyer, Ulhas S. Warrier
-
Patent number: 7293108Abstract: A first machine communicates with a second machine, using a protocol that sends the first machine's network configuration data in application data sent to the second machine, through a translating access point which translates network traffic from the first machine so as to originate from the access point. A network configuration server provides to the first machine network configuration data not subject to translation by the access point, which is sent to the second machine in the application data. The second machine communicates with the provided network configuration, and this communication is in turn made available to the first machine.Type: GrantFiled: March 15, 2001Date of Patent: November 6, 2007Assignee: Intel CorporationInventors: Ulhas S. Warrier, Saul Lewites, Rameshkumar G. Illikkal, Ramanan Ganesan
-
Patent number: 7120701Abstract: A method and apparatus are provided for sending a data packet through a network. The network has public and private realms separated by an interface device. A client in the private realm performs the method. The method includes determining if a destination address of the data packet corresponds to the private realm or to the public realm and retrieving a source address for the client based on the destination address of the packet. The method also includes assigning a retrieved address to be the source address of the data packet.Type: GrantFiled: February 22, 2001Date of Patent: October 10, 2006Assignee: Intel CorporationInventors: Ulhas S. Warrier, Saul Lewites, Prakash N. Iyer
-
Patent number: 7096495Abstract: This invention uses network stack information to enforce context-based policies. The combination of policies, user/application context information and packet filtering is used to enable fine-grained control of network resources.Type: GrantFiled: March 31, 2000Date of Patent: August 22, 2006Assignee: Intel CorporationInventors: Ulhas S. Warrier, Prakash Iyer
-
Publication number: 20040032876Abstract: A method of transmitting data, includes providing selectable data channels through a data forwarding device, at least two of the selectable data channels having different transmission characteristics, reserving one of the selectable data channels based on a received channel request message, and transmitting a data packet through the reserved data channel.Type: ApplicationFiled: August 19, 2002Publication date: February 19, 2004Inventors: Ajay Garg, Ulhas S. Warrier