	US 12,149,513 B2
	Protecting data transfer between a secure application and networked devices
Luis Kida, Beaverton, OR (US); and Reshma Lal, Portland, OR (US)
Assigned to INTEL CORPORATION, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Aug. 22, 2023, as Appl. No. 18/453,970.
Application 18/453,970 is a continuation of application No. 17/549,014, filed on Dec. 13, 2021, granted, now 11,784,990.
Prior Publication US 2023/0396599 A1, Dec. 7, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 9/50 (2006.01); G06F 13/28 (2006.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)

CPC H04L 63/0485 (2013.01) [G06F 9/5044 (2013.01); G06F 9/5083 (2013.01); G06F 13/28 (2013.01); H04L 9/0825 (2013.01); H04L 9/085 (2013.01); H04L 9/3242 (2013.01); H04L 63/0435 (2013.01); H04L 63/061 (2013.01); H04L 63/123 (2013.01)]

20 Claims

1. An apparatus comprising:

a processor hardware circuitry communicably coupled to a source network interface controller hardware circuitry (source NIC), the processor hardware circuitry to provide a trusted execution environment (TEE) to run an application, wherein the processor hardware circuitry is to:

generate, via the application in the TEE, encrypted data;

copy, via the application in the TEE, the encrypted data to a local shared buffer;

interface, using the application in the TEE, with the source NIC to initiate a copy over a network of the encrypted data from the local shared buffer to a remote buffer of a remote platform; and

communicate, via the application in the TEE, at least one message with the remote platform to indicate that the encrypted data is available and to enable the remote platform to verify integrity of the encrypted data, wherein the at least one message comprises an authentication tag calculated over a payload using a shared secret key.