What technology area does this patent fall under?

Primary CPC classification G06F12/1408. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Aug 08 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Technologies for secure authentication and programming of accelerator devices

US11720503B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11720503-B2
Application number	US-202217724743-A
Country	US
Kind code	B2
Filing date	Apr 20, 2022
Priority date	Jun 20, 2018
Publication date	Aug 8, 2023
Grant date	Aug 8, 2023

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; and exchange data with a tenant enclave of the processor, the data protected by the bitstream data key.

First claim

Opening claim text (preview).

The invention claimed is: 1. A computing device comprising: an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish, responsive to validation and authentication of the accelerator device by the ASE, a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; in response to authentication of a tenant enclave of the processor by the ASE, securely receive the bitstream data key from the tenant enclave; and exchange data with the tenant enclave, the data protected by the bitstream data key. 2. The computing device of claim 1 , wherein the ASE to validate a device certificate for the accelerator device, wherein the ASE to request the device certificate from a certificate service using the unique device identifier. 3. The computing device of claim 2 , wherein the ASE to authenticate the accelerator device in response to validation of the device certificate, and wherein the ASE to authenticate the accelerator device using attestation information indicative of the accelerator device configuration of the accelerator device. 4. The computing device of claim 3 , wherein ASE to validate the attestation information by comparing the attestation information indicative of the accelerator device configuration to device configuration data of the device certificate. 5. The computing device of claim 1 , wherein the accelerator device to program the accelerator device further comprises the accelerator device to: receive an encrypted bitstream image from the ASE; decrypt the encrypted bitstream image using the bitstream image key into a decrypted bitstream image; and install the decrypted bitstream image to the accelerator device. 6. The computing device of claim 1 , wherein the unique device identifier is based on a physical unclonable function (PUF) of the accelerator device. 7. The computing device of claim 1 , wherein the tenant enclave is to host a tenant application and wherein the tenant enclave is to securely exchange the data between the tenant application and the accelerator device. 8. The computing device of claim 1 , wherein the accelerator device comprises a field-programmable gate array (FPGA). 9. The computing device of claim 1 , wherein the ASE comprises a secure enclave established with secure enclave support of the processor of the computing device. 10. A method comprising: providing, by an accelerator device of a computing device, a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticating with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establishing, responsive to validation and authentication of the accelerator device by the ASE, a secure channel with the ASE protected by the shared secret tunnel key; receiving bitstream image key and bitstream data key from the ASE via the secure channel; programming the accelerator device via the secure channel using the bitstream image key; in response to authentication of a tenant enclave of the processor by the ASE, securely receiving the bitstream data key from the tenant enclave; and exchanging data with the tenant enclave, the data protected by the bitstream data key. 11. The method of claim 10 , wherein the ASE to validate a device certificate for the accelerator device, wherein the ASE to request the device certificate from a certificate service using the unique device identifier. 12. The method of claim 11 , wherein the ASE to authenticate the accelerator device in response to validation of the device certificate, and wherein the ASE to authenticate the accelerator device using attestation information indicative of the accelerator device configuration of the accelerator device. 13. The method of claim 12 , wherein ASE to validate the attestation information by comparing the attestation information indicative of the accelerator device configuration to device configuration data of the device certificate. 14. The method of claim 10 , wherein the accelerator device to program the accelerator device further comprises the accelerator device to: receive an encrypted bitstream image from the ASE; decrypt the encrypted bitstream image using the bitstream image key into a decrypted bitstream image; and install the decrypted bitstream image to the accelerator device. 15. The method of claim 10 , wherein the tenant enclave is to host a tenant application and wherein the tenant enclave is to securely exchange the data between the tenant application and the accelerator device. 16. A non-transitory computer-readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, cause a computing device to: provide, by an accelerator device of a computing device, a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tunnel key; verifying an enclave certificate of the ASE; and providing an attestation response to the ASE indicative of an accelerator device configuration; establish, responsive to validation and authentication of the accelerator device by the ASE, a secure channel with the ASE protected by the shared secret tunnel key; receive bitstream image key and bitstream data key from the ASE via the secure channel; program the accelerator device via the secure channel using the bitstream image key; in response to authentication of a tenant enclave of the processor by the ASE, securely receive the bitstream data key from the tenant enclave; and exchange data with the tenant enclave, the data protected by the bitstream data key. 17. The non-transitory computer-readable storage media of claim 16 , wherein the ASE to validate a device certificate for the accelerator device, wherein the ASE to request the device certificate from a certificate service using the unique device identifier. 18. The non-transitory computer-readable storage media of claim 17 , wherein ASE to validate attestation information by comparing the attestation information indicative of the accelerator device configuration to device configuration data of the device certificate. 19. The non-transitory computer-readable storage media of claim 16 , wherein the accelerator device to program the accelerator device further comprises the accelerator device to: receive an encrypted bitstream image from the ASE; decrypt the encrypted bitstream image using the bitstream image key into a decrypted bitstream image; and install the decrypted bitstream image to the accelerator device. 20. The non-transitory computer-readable storage media of claim 16 , wherein the tenant enclave is to host a tenant application and wherein the tenant enclave is to securely exchange the data between

Assignees

Intel Corp

Inventors

Classifications

G06F12/1408Primary
by using cryptography (for digital transmission H04L9/00) · CPC title
G06F9/3877Primary
using a secondary processor, e.g. coprocessor (peripheral processor G06F13/12) · CPC title
G06F9/45558
Hypervisor-specific management and integration aspects · CPC title
G06F12/0802
Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches · CPC title
G06F21/57
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title

Patent family

Related publications grouped by family.

View patent family 66244403

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11720503B2 cover?: Technologies for secure authentication and programming of an accelerator device are described. In one example, a computing is disclosed comprising an accelerator device to: provide a unique device identifier to an accelerator services enclave (ASE) of a processor of the computing device; authenticate with the ASE by: performing a secure key exchange with the ASE to establish a shared secret tun…
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification G06F12/1408. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Aug 08 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).