Sergej Deutsch

US Patent:

20140082421, Mar 20, 2014

Filed:

Sep 14, 2012

Appl. No.:

13/619248

Inventors:

Erik Jan Marinissen - Leuven, BE
Sergej Deutsch - Durham NC, US

Assignee:

Cadence Design Systems, Inc. - San Jose CA

International Classification:

G06F 11/263

US Classification:

714 34, 714E11177

Abstract:

A method is provided to test a modular integrated circuit (IC) comprising: testing a module-under-test (MUT) within the IC while causing a controlled toggle rate within a first neighbor module of the MUT; wherein the controlled toggle rate within the first neighbor module is selected so that toggling within the first neighbor module has substantially the same effect upon operation of the MUT that operation of the first neighbor module would have during actual normal functional operation of the first neighbor module.

US Patent:

20220350785, Nov 3, 2022

Filed:

Jul 19, 2022

Appl. No.:

17/868467

Inventors:

- Santa Clara CA, US
Santosh Ghosh - Hillsboro OR, US
Sergej Deutsch - Hillsboro OR, US
Michael LeMay - Hillsboro OR, US
David M. Durham - Beaverton OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 16/22
G06F 16/2457
G06F 16/2455
G06F 9/38
G06F 21/60
G06F 21/62
H03M 13/00

Abstract:

Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.

US Patent:

20220343029, Oct 27, 2022

Filed:

Jun 30, 2022

Appl. No.:

17/855261

Inventors:

- Santa Clara CA, US
Michael LeMay - Hillsboro OR, US
David M. Durham - Beaverton OR, US
Karanvir S. Grewal - Hillsboro OR, US
Sergej Deutsch - Hillsboro OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 21/71
G06F 9/30

Abstract:

Technologies provide domain isolation using encoded pointers to data and code. A system may be configured for decoding an encoded pointer to obtain a linear address of an encrypted code block of a first software component in memory. The first software component shares a linear address space of the memory with a plurality of software components. A processor uses the linear address to access the encrypted code block, determines a relative position of the encrypted code block within a memory slot of the linear address space, and decrypts the encrypted code block to generate a decrypted code block using a code key and a code tweak. The code tweak includes a relative position of the encrypted code block in the address space and domain metadata that uniquely identifies the software component. In some scenarios, the software component may be position independent code and may be relocatable to different address spaces.

US Patent:

20220335140, Oct 20, 2022

Filed:

Jun 30, 2022

Appl. No.:

17/854814

Inventors:

- Santa Clara CA, US
David M. Durham - Beaverton OR, US
Michael LeMay - Hillsboro OR, US
Karanvir S. Grewal - Hillsboro OR, US
Sergej Deutsch - Hillsboro OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 21/60
G06F 21/31
G06F 21/80
G06F 9/30

Abstract:

Techniques for cryptographic computing isolation are described. A processor includes circuitry to be coupled to memory configured to store one or more instructions. The circuitry is to execute the one or more instructions to instantiate a first process based on an application. To instantiate the first process is to include creating a context table to be used by the first process, identifying a software component to be invoked during the first process, encrypting the software component using a first cryptographic key, and creating a first entry in the context table. The first entry is to include first context information identifying the encrypted software component and second context information representing the first cryptographic key. In more specific embodiments, third context information representing a first load address of the encrypted software component is stored in the first entry of the context table.

US Patent:

20220300626, Sep 22, 2022

Filed:

Jun 6, 2022

Appl. No.:

17/833515

Inventors:

- Santa Clara CA, US
Santosh Ghosh - Hillsboro OR, US
Sergej Deutsch - Hillsboro OR, US
Michael LeMay - Hillsboro OR, US
David M. Durham - Beaverton OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 21/60
G06F 12/0897
G06F 9/30
G06F 9/48
G06F 21/72
H04L 9/06
G06F 12/06
G06F 12/0875
G06F 21/79
G06F 9/455
G06F 12/0811
G06F 21/12
H04L 9/08
G06F 12/14
G06F 9/32
G06F 9/50
G06F 12/02
H04L 9/14
G06F 21/62

Abstract:

Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.

US Patent:

20220222158, Jul 14, 2022

Filed:

Mar 3, 2022

Appl. No.:

17/685557

Inventors:

- Santa Clara CA, US
Karanvir S. Grewal - Hillsboro OR, US
Sergej Deutsch - Hillsboro OR, US
Michael E. Kounavis - Portland OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 11/27
G06F 7/72
G06F 11/07
G06F 11/10
G06F 11/14
G06F 11/30
G06F 12/14
H04L 9/06
H04L 9/08
H04L 9/32

Abstract:

Embodiments are directed to aggregate GHASH-based message authentication code (MAC) over multiple cachelines with incremental updates. An embodiment of a system includes a controller comprising circuitry, the controller to generate an error correction code for a memory line, the memory line comprising a plurality of first data blocks, generate a metadata block corresponding to the memory line, the metadata block comprising the error correction code for the memory line and at least one metadata bit, generate an aggregate GHASH corresponding to a region of memory comprising a cacheline set comprising at least the memory line, encode the first data blocks and the metadata block, encrypt the aggregate GHASH as an aggregate message authentication code (AMAC), provide the encoded first data blocks and the encoded metadata block for storage on a memory module comprising the memory line, and provide the AMAC for storage on a device separate from the memory module.

US Patent:

20230027329, Jan 26, 2023

Filed:

Dec 26, 2020

Appl. No.:

17/791000

Inventors:

- Santa Clara CA, US
Michael D. LeMay - Hillsboro OR, US
Salmin Sultana - Hillsboro OR, US
Karanvir S. Grewal - Hillsboro OR, US
Michael E. Kounavis - Portland OR, US
Sergej Deutsch - Hillsboro OR, US
Andrew James Weiler - Hillsboro OR, US
Abhishek Basak - Bothell WA, US
Dan Baum - Haifa, IL
Santosh Ghosh - Hillsboro OR, US

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 21/60
G06F 21/79
G06F 21/54

Abstract:

A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system miming on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.

US Patent:

20210405896, Dec 30, 2021

Filed:

Sep 10, 2021

Appl. No.:

17/472272

Inventors:

- Santa Clara CA, US
Michael D. LeMay - Hillsboro OR, US
Sergej Deutsch - Hillsboro OR, US
Joydeep Rakshit - Burdwan, IN
Anant Vithal Nori - Bangalore, IN
Jayesh Gaur - Bangalore, IN
Sreenivas Subramoney - Bangalore, IN

Assignee:

Intel Corporation - Santa Clara CA

International Classification:

G06F 3/06
G06F 12/1027
G06F 12/02

Abstract:

Technologies disclosed herein provide one example of a system that includes processor circuitry to be communicatively coupled to a memory circuitry. The processor circuitry is to receive a memory access request corresponding to an application for access to an address range in a memory allocation of the memory circuitry and to locate a metadata region within the memory allocation. The processor circuitry is also to, in response to a determination that the address range includes at least a portion of the metadata region, obtain first metadata stored in the metadata region, use the first metadata to determine an alternate memory address in a relocation region, and read, at the alternate memory address, displaced data from the portion of the metadata region included in the address range of the memory allocation. The address range includes one or more bytes of an expected allocation region of the memory allocation.