US 12,135,801 B2
Technologies for trusted I/O protection of I/O data with header information
Soham Jayesh Desai, Rochester, MN (US); Siddhartha Chhabra, Portland, OR (US); Bin Xing, Hillsboro, OR (US); Pradeep M. Pappachan, Tualatin, OR (US); and Reshma Lal, Portland, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Aug. 18, 2022, as Appl. No. 17/820,628.
Application 17/820,628 is a continuation of application No. 16/704,168, filed on Dec. 5, 2019, granted, now 11,423,159.
Application 16/704,168 is a continuation of application No. 15/628,006, filed on Jun. 20, 2017, granted, now 10,552,620, issued on Jan. 15, 2020.
Claims priority of provisional application 62/352,357, filed on Jun. 20, 2016.
Claims priority of provisional application 62/352,356, filed on Jun. 20, 2016.
Prior Publication US 2022/0405403 A1, Dec. 22, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 13/20 (2006.01); G06F 13/28 (2006.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01); G06F 21/85 (2013.01); G09C 1/00 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01); G06F 21/51 (2013.01); H04L 9/06 (2006.01)
CPC G06F 21/602 (2013.01) [G06F 13/20 (2013.01); G06F 13/28 (2013.01); G06F 21/57 (2013.01); G06F 21/6218 (2013.01); G06F 21/6281 (2013.01); G06F 21/85 (2013.01); G09C 1/00 (2013.01); H04L 9/32 (2013.01); H04L 63/126 (2013.01); G06F 21/51 (2013.01); H04L 9/0637 (2013.01); H04L 9/3242 (2013.01); H04L 63/12 (2013.01)] 9 Claims
OG exemplary drawing
 
1. An apparatus comprising:
processor circuitry coupled to a memory;
an input/output (IO) controller to receive a plurality of IO messages from one or more IO devices;
a cryptographic engine configured to perform encryption operations on the plurality of IO messages to generate a respective plurality of encrypted messages and a corresponding plurality of authentication tags (ATs), the cryptographic engine to store the respective plurality of encrypted messages in an encrypted message buffer and to store the corresponding plurality of ATs in an authentication tag queue;
the processor circuitry to execute instructions to:
operate a trusted execution environment (TEE), the TEE to authenticate a next encrypted message of the plurality of encrypted messages based on a comparison with a corresponding AT in the authentication tag queue and, in response to a successful authentication, to decrypt the next encrypted message to generate a decrypted message to be accessible within the TEE;
determine whether the authentication tag queue and the encrypted-message buffer are synchronized; and
drop one or more of the encrypted messages from the encrypted message buffer when the authentication tag queue and the encrypted message buffer are not synchronized, wherein each AT stored in the authentication tag queue comprises one or more of a hash, a message length, or an authentication tag.