Patents by Inventor Vincent R. Scarlata

Vincent R. Scarlata has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11809545
    Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.
    Type: Grant
    Filed: July 1, 2022
    Date of Patent: November 7, 2023
    Assignee: Intel Corporation, Inc.
    Inventors: Vincent R. Scarlata, Carlos V. Rozas, Baiju Patel, Barry E. Huntley, Ravi L. Sahita, Hormuzd M. Khosravi
  • Patent number: 11782849
    Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
    Type: Grant
    Filed: July 3, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Mona Vij, Rebekah M. Leslie-Hurd, Krystof C. Zmudzinski, Somnath Chakrabarti, Francis X. Mckeen, Vincent R. Scarlata, Simon P. Johnson, Ilya Alexandrovich, Gilbert Neiger, Vedvyas Shanbhogue, Ittai Anati
  • Patent number: 11741230
    Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: August 29, 2023
    Assignee: INTEL CORPORATION
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
  • Publication number: 20230266888
    Abstract: An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device.
    Type: Application
    Filed: December 16, 2022
    Publication date: August 24, 2023
    Inventors: Ilya Alexandrovich, Vladimir Beker, Gideon Gerzon, Vincent R. Scarlata
  • Publication number: 20230042288
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Application
    Filed: July 18, 2022
    Publication date: February 9, 2023
    Applicant: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Patent number: 11531475
    Abstract: An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device.
    Type: Grant
    Filed: May 25, 2020
    Date of Patent: December 20, 2022
    Assignee: Intel Corporation
    Inventors: Ilya Alexandrovich, Vladimir Beker, Gideon Gerzon, Vincent R. Scarlata
  • Patent number: 11489678
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: November 1, 2022
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Publication number: 20220335117
    Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.
    Type: Application
    Filed: July 1, 2022
    Publication date: October 20, 2022
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Carlos V. Rozas, Baiju Patel, Barry E. Huntley, Ravi L. Sahita, Hormuzd M. Khosravi
  • Patent number: 11392507
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Grant
    Filed: January 22, 2021
    Date of Patent: July 19, 2022
    Assignee: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Publication number: 20220035923
    Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.
    Type: Application
    Filed: October 22, 2021
    Publication date: February 3, 2022
    Applicant: Intel Corporation
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
  • Publication number: 20210406201
    Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
    Type: Application
    Filed: July 3, 2021
    Publication date: December 30, 2021
    Inventors: Carlos V. Rozas, Mona Vij, Rebekah M. Leslie-Hurd, Krystof C. Zmudzinski, Somnath Chakrabarti, Francis X. Mckeen, Vincent R. Scarlata, Simon P. Johnson, Ilya Alexandrovich, Gilbert Neiger, Vedvyas Shanbhogue, Ittai Anati
  • Patent number: 11157623
    Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.
    Type: Grant
    Filed: February 20, 2019
    Date of Patent: October 26, 2021
    Assignee: INTEL CORPORATION
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
  • Publication number: 20210255962
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Application
    Filed: January 22, 2021
    Publication date: August 19, 2021
    Applicant: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Patent number: 11055236
    Abstract: A processor includes a decode unit to decode an instruction that is to indicate a page of a protected container memory, and a storage location outside of the protected container memory. An execution unit, in response to the instruction, is to ensure that there are no writable references to the page of the protected container memory while it has a write protected state. The execution unit is to encrypt a copy of the page of the protected container memory. The execution unit is to store the encrypted copy of the page to the storage location outside of the protected container memory, after it has been ensured that there are no writable references. The execution unit is to leave the page of the protected container memory in the write protected state, which is also valid and readable, after the encrypted copy has been stored to the storage location.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: July 6, 2021
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Mona Vij, Rebekah M. Leslie-Hurd, Krystof C. Zmudzinski, Somnath Chakrabarti, Francis X. Mckeen, Vincent R. Scarlata, Simon P. Johnson, Ilya Alexandrovich, Gilbert Neiger, Vedvyas Shanbhogue, Ittai Anati
  • Patent number: 10943012
    Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.
    Type: Grant
    Filed: January 29, 2019
    Date of Patent: March 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Pradeep M. Pappachan, Reshma Lal, Bin Xing, Siddhartha Chhabra, Vincent R. Scarlata, Steven B. McGowan
  • Patent number: 10922241
    Abstract: A processor for supporting secure memory intent is disclosed. The processor of the disclosure includes a memory execution unit to access memory and a processor core coupled to the memory execution unit. The processor core is to receive a request to access a convertible page of the memory. In response to the request, the processor core to determine an intent for the convertible page in view of a page table entry (PTE) corresponding to the convertible page. The intent indicates whether the convertible page is to be accessed as at least one of a secure page or a non-secure page.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: February 16, 2021
    Assignee: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Siddhartha Chhabra, Uday R. Savagaonkar, Simon P. Johnson, Rebekah M. Leslie-Hurd, Francis X. McKeen, Gilbert Neiger, Raghunandan Makaram, Carlos V. Rozas, Amy L. Santoni, Vincent R. Scarlata, Vedvyas Shanbhogue, Ilya Alexandrovich, Ittai Anati, Wesley H. Smith, Michael Goldsmith
  • Publication number: 20210006416
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Application
    Filed: April 23, 2020
    Publication date: January 7, 2021
    Applicant: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, JR., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar
  • Patent number: 10880097
    Abstract: A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: December 29, 2020
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley H. Smith, Eduardo Cabre
  • Publication number: 20200393977
    Abstract: An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device.
    Type: Application
    Filed: May 25, 2020
    Publication date: December 17, 2020
    Inventors: Ilya Alexandrovich, Vladimir Beker, Gideon Gerzon, Vincent R. Scarlata
  • Patent number: 10708067
    Abstract: Embodiments include systems, methods, computer readable media, and devices configured to, for a first processor of a platform, generate a platform root key; create a data structure to encapsulate the platform root key, the data structure comprising a platform provisioning key and an identification of a registration service; and transmit, on a secure connection, the data structure to the registration service to register the platform root key for the first processor of the platform. Embodiments include systems, methods, computer readable media, and devices configured to store a device certificate received from a key generation facility; receive a manifest from a platform, the manifest comprising an identification of a processor associated with the platform; and validate the processor using a stored device certificate.
    Type: Grant
    Filed: July 2, 2016
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Vincent R. Scarlata, Francis X. McKeen, Carlos V. Rozas, Simon P. Johnson, Bo Zhang, James D. Beaney, Jr., Piotr Zmijewski, Wesley Hamilton Smith, Eduardo Cabre, Uday R. Savagaonkar