公开(公告)号：US20240314213A1

公开(公告)日：2024-09-19

申请号：US18410707

申请日：2024-01-11

申请人： Intel Corporation

发明人： Steffen Schulz ,  Patrick Koeberl ,  Alpa Narendra Trivedi ,  Scott Weber

IPC分类号： H04L67/51 ,  H04L9/40 ,  H04L67/00

CPC分类号： H04L67/51 ,  H04L63/08 ,  H04L67/00

摘要： A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

公开(公告)号：US12003238B2

公开(公告)日：2024-06-04

申请号：US17407700

申请日：2021-08-20

申请人： Intel Corporation

发明人： Scott Jeremy Weber ,  Aravind Raghavendra Dasu ,  Mahesh A. Iyer ,  Patrick Koeberl

IPC分类号： H03K19/177 ,  H01L25/00 ,  H01L25/065 ,  H03K19/17756

CPC分类号： H03K19/17756 ,  H01L25/0652 ,  H01L25/50 ,  H01L2225/06513 ,  H01L2225/06527

摘要： An integrated circuit device may include a programmable fabric die having programmable logic fabric and configuration memory that may configure the programmable logic fabric. The integrated circuit device may also include a base die that may provide fabric support circuitry, including memory and/or communication interfaces as well as compute elements that may also be application-specific. The memory in the base die may be directly accessed by the programmable fabric die using a low-latency, high capacity, and high bandwidth interface.

公开(公告)号：US11895201B2

公开(公告)日：2024-02-06

申请号：US16832593

申请日：2020-03-27

申请人： Intel Corporation

发明人： Steffen Schulz ,  Patrick Koeberl ,  Alpa Narendra Trivedi ,  Scott Weber

IPC分类号： H04L67/51 ,  H04L9/40 ,  H04L67/00

CPC分类号： H04L67/51 ,  H04L63/08 ,  H04L67/00

摘要： A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

公开(公告)号：US20230367916A1

公开(公告)日：2023-11-16

申请号：US18359621

申请日：2023-07-26

申请人： Intel Corporation

发明人： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC分类号： G06F21/85 ,  H04L9/08 ,  G06F9/38 ,  G06F15/78 ,  G06F11/30 ,  H04L9/40 ,  G06F9/30 ,  G06F11/07 ,  G06F30/398 ,  G06F30/331 ,  G06F9/50 ,  G06N3/04 ,  G06F15/177 ,  G06F21/71 ,  G06F21/73 ,  G06F21/53 ,  G06F21/57 ,  G06N20/00 ,  G06F21/76 ,  G06F21/44 ,  G06F21/74 ,  G06F119/12 ,  G06F21/30 ,  G06F30/31 ,  H04L9/00 ,  G06F111/04 ,  G06N3/08

CPC分类号： G06F21/85 ,  H04L9/0877 ,  G06F9/3877 ,  G06F15/7825 ,  G06F11/3058 ,  H04L63/0442 ,  G06F9/30101 ,  G06F11/0709 ,  G06F30/398 ,  G06F15/7867 ,  G06F30/331 ,  G06F9/505 ,  H04L63/20 ,  G06N3/04 ,  G06F11/0751 ,  G06F11/0754 ,  G06F15/177 ,  H04L63/12 ,  G06F11/0793 ,  G06F21/71 ,  G06F21/73 ,  G06F21/53 ,  G06F11/3051 ,  G06F21/575 ,  G06N20/00 ,  G06F2221/034 ,  G06F21/76 ,  G06F21/44 ,  G06F21/74 ,  H04L9/0841 ,  G06F2119/12 ,  G06F11/0772 ,  G06F21/30 ,  G06F30/31 ,  H04L9/008 ,  G06F21/57 ,  G06F2111/04 ,  G06N3/08

摘要： An apparatus to facilitate enabling late-binding of security features via configuration security controller for accelerator devices is disclosed. The apparatus includes a security controller to manage security and configuration of the apparatus, wherein the security controller comprises a programmable portion and a non-programmable portion, and wherein the security controller is further to: initialize the programmable portion of the security controller as part of a secure boot and attestation chain of trust; receive configuration data for the programmable portion of the security controller, the programmable portion comprising components of the security controller capable of re-programming; verify and validate the configuration data as originating from a secure and trusted source; and responsive to successful verification and validation of the configuration data, re-program, during runtime of the apparatus, the programmable portion of the security controller using configurations that are based on a security threat model for a given deployment.

公开(公告)号：US11783096B2

公开(公告)日：2023-10-10

申请号：US17708412

申请日：2022-03-30

申请人： Intel Corporation

发明人： Steffen Schulz ,  Alpa Trivedi ,  Patrick Koeberl

IPC分类号： G06F21/00 ,  G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30 ,  G06F119/12 ,  G06F21/76 ,  G06N3/08 ,  H04L9/00 ,  G06F111/04 ,  G06F30/31 ,  G06F21/30 ,  G06F21/53 ,  G06F21/57 ,  G06F21/73 ,  G06F21/74 ,  G06N20/00 ,  G06F21/71 ,  G06F21/44

CPC分类号： G06F21/85 ,  G06F9/30101 ,  G06F9/3877 ,  G06F9/505 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0754 ,  G06F11/0793 ,  G06F11/3058 ,  G06F15/177 ,  G06F15/7825 ,  G06F15/7867 ,  G06F30/331 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0772 ,  G06F11/3051 ,  G06F21/30 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57 ,  G06F21/575 ,  G06F21/71 ,  G06F21/73 ,  G06F21/74 ,  G06F21/76 ,  G06F30/31 ,  G06F2111/04 ,  G06F2119/12 ,  G06F2221/034 ,  G06N3/08 ,  G06N20/00 ,  H04L9/008 ,  H04L9/0841

摘要： An apparatus to facilitate broadcast remote sealing for scalable trusted execution environment provisioning is disclosed. The apparatus includes an execution platform for secure execution of a workload of the tenant to: perform an attestation of the execution platform with a cloud service provider (CSP); receive a command from the CSP to create a group of trusted execution platforms; create the group comprising the execution platform; confirm an existence and a status of the group based on the attestation of the execution platform and based on a current group status of the group; report a trusted computing base (TCB) of the first execution platform to other member execution platforms of the group, wherein the other member execution platforms satisfy minimum TCB requirements of the group; and execute an encrypted workload of the tenant using a group private key, wherein the workload of the tenant is encrypted using a group public key.

公开(公告)号：US20200228388A1

公开(公告)日：2020-07-16

申请号：US16832593

申请日：2020-03-27

申请人： Intel Corporation

发明人： Steffen Schulz ,  Patrick Koeberl ,  Alpa Narendra Trivedi ,  Scott Weber

IPC分类号： H04L29/08 ,  H04L29/06

摘要： A multitenancy system that includes a host provider, a programmable device, and multiple tenants is provided. The host provider may publish a multitenancy mode sharing and allocation policy that includes a list of terms to which the programmable device and tenants can adhere. The programmable device may include a secure device manager configured to operate in a multitenancy mode to load a tenant persona into a given partial reconfiguration (PR) sandbox region on the programmable device. The secure device manager may be used to enforce spatial isolation between different PR sandbox regions and temporal isolation between successive tenants in one PR sandbox region.

公开(公告)号：US09992031B2

公开(公告)日：2018-06-05

申请号：US14040337

申请日：2013-09-27

申请人： Intel Corporation

发明人： Kevin Gotze ,  Gregory Iovino ,  David Johnston ,  Patrick Koeberl ,  Jiangtao Li ,  Wei Wu

IPC分类号： H04L9/34 ,  H04L9/08 ,  H04L9/32 ,  G09C1/00

CPC分类号： H04L9/34 ,  G09C1/00 ,  H04L9/0866 ,  H04L9/3278 ,  H04L2209/12

摘要： Embodiments of an invention for using dark bits to reduce physically unclonable function (PUF) error rates are disclosed. In one embodiment, an integrated circuit includes a PUF cell array and dark bit logic. The PUF cell array is to provide a raw PUF value. The dark bit logic is to select PUF cells to mark as dark bits and to generate a dark bit mask based on repeated testing of the PUF cell array.

公开(公告)号：US20240012951A1

公开(公告)日：2024-01-11

申请号：US18474661

申请日：2023-09-26

申请人： Intel Corporation

发明人： Alpa Trivedi ,  Steffen Schulz ,  Patrick Koeberl

IPC分类号： G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/08 ,  G06F9/30 ,  G06F9/50 ,  G06F15/177 ,  G06F15/78 ,  H04L9/40 ,  G06F11/07 ,  G06F30/331 ,  G06F9/38 ,  G06F11/30

CPC分类号： G06F21/85 ,  G06F30/398 ,  G06N3/04 ,  H04L9/0877 ,  G06F9/30101 ,  G06F9/505 ,  G06F15/177 ,  G06F15/7825 ,  H04L63/0442 ,  H04L63/12 ,  H04L63/20 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0793 ,  G06F30/331 ,  G06F9/3877 ,  G06F15/7867 ,  G06F11/0754 ,  G06F11/3058 ,  G06F2119/12

摘要： An apparatus to facilitate enabling secure communication via attestation of multi-tenant configuration on accelerator devices is disclosed. The apparatus includes a processor to: verify a base bitstream of an accelerator device, the base bitstream published by a cloud service provider (CSP); generate a partial reconfiguration (PR) bitstream based on the base bitstream, the PR bitstream to fit within at least one PR region of PR boundary setups of the accelerator device; inspect accelerator device attestation received from a secure device manager (SDM) of the accelerator device; and responsive to successful inspection of the accelerator device attestation, provide the PR bitstream to the CSP for PR reconfiguration of the accelerator device.

公开(公告)号：US20220006459A1

公开(公告)日：2022-01-06

申请号：US17479963

申请日：2021-09-20

申请人： Intel Corporation

发明人： Miguel Bautista Gabriel ,  Sriram Vangal ,  Patrick Koeberl ,  Pratik Patel ,  Muhammad Khellah ,  James Tschanz ,  Carlos Tokunaga ,  Suyoung Bang

IPC分类号： H03K19/17768 ,  H03K19/17784 ,  H03K19/0185 ,  H03K19/0175 ,  G01R31/28

摘要： A detection circuit includes a tunable delay circuit that generates a delayed signal and that receives a supply voltage. The detection circuit includes a control circuit that adjusts a delay provided by the tunable delay circuit to the delayed signal. The detection circuit includes a time-to-digital converter circuit that converts the delay provided by the tunable delay circuit to the delayed signal to a digital code and adjusts the digital code based on changes in the supply voltage. The control circuit causes the tunable delay circuit to maintain the delay provided to the delayed signal constant in response to the digital code reaching an alignment value. The detection circuit may continuously monitor timing margin of a data signal relative to a clock signal and update the digital code in every clock cycle. The detection circuit may be a security sensor that detects changes in the supply voltage.

公开(公告)号：US20210117268A1

公开(公告)日：2021-04-22

申请号：US17132221

申请日：2020-12-23

申请人： Intel Corporation

发明人： Patrick Koeberl ,  Scott Weber ,  Alpa Trivedi ,  Steffen Schulz ,  Sriram Vangal

IPC分类号： G06F11/07 ,  G06N20/00 ,  G06F21/71

摘要： An apparatus to facilitate runtime fault detection, fault location, and circuit recovery in an accelerator device is disclosed. In one implementation, the accelerator device comprises a sensor network comprising a plurality of sensors; a secure device manager (SDM); and a sensor aggregator communicably coupled to the sensor network and the SDM. In one implementation, the sensor aggregator can receive sensor data from the sensor network; analyze the sensor data to detect a fault condition; determine a spatial location of the fault condition based on the sensor data; and generate an event for the SDM to cause the SDM to mitigate the fault condition.