公开(公告)号：US11983131B2

公开(公告)日：2024-05-14

申请号：US17134361

申请日：2020-12-26

Applicant: Intel Corporation

Inventor： Patrick G. Kutch ,  Andrey Chilikin ,  Niall D. McDonnell ,  Brian A. Keating ,  Naveen Lakkakula ,  Ilango S. Ganga ,  Venkidesh Krishna Iyer ,  Patrick Fleming ,  Lokpraveen Mosur

IPC: G06F13/40 ,  G06F3/06 ,  G06F9/50 ,  G06F12/0802 ,  G06F13/42

CPC classification number: G06F13/4027 ,  G06F3/0604 ,  G06F3/061 ,  G06F3/0656 ,  G06F3/0679 ,  G06F9/5083 ,  G06F12/0802 ,  G06F13/4221 ,  G06F2212/6042 ,  G06F2213/0026 ,  G06F2213/40

Abstract: Examples described herein include a system comprising: a processing unit package comprising: at least one core and at least one offload processing device communicatively coupled inline between the at least one core and a network interface controller, the at least one offload processing device configurable to perform packet processing. In some examples, the at least one offload processing device is to allow mapping of packet processing pipeline stages of networking applications among software running on the at least one core and the at least one offload processing device to permit flexible entry, exit, and re-entry points among the at least one core and the at least one offload processing device.

公开(公告)号：US11943207B2

公开(公告)日：2024-03-26

申请号：US17032391

申请日：2020-09-25

Applicant: Intel Corporation

Inventor： Kshitij Arun Doshi ,  Uzair Qureshi ,  Lokpraveen Mosur ,  Patrick Fleming ,  Stephen Doyle ,  Brian Andrew Keating ,  Ned M. Smith

IPC: H04L9/40 ,  G06F13/28 ,  G06F21/60

CPC classification number: H04L63/0435 ,  G06F13/28 ,  G06F21/602 ,  H04L63/166

Abstract: Methods, systems, and use cases for one-touch inline cryptographic data security are discussed, including an edge computing device with a network communications circuitry (NCC), an enhanced DMA engine coupled to a memory device and including a cryptographic engine, and processing circuitry configured to perform a secure exchange with a second edge computing device to negotiate a shared symmetric encryption key, based on a request for data. An inline encryption command for communication to the enhanced DMA engine is generated. The inline encryption command includes a first address associated with a storage location storing the data, a second address associated with a memory location in the memory device, and the shared symmetric encryption key. The data is retrieved from the storage location using the first address, the data is encrypted using the shared symmetric encryption key, and the encrypted data is stored in the memory location using the second address.

公开(公告)号：US11687264B2

公开(公告)日：2023-06-27

申请号：US15721053

申请日：2017-09-29

Applicant: Intel Corporation

Inventor： Chih-Jen Chang ,  Brad Burres ,  Jose Niell ,  Dan Biederman ,  Robert Cone ,  Pat Wang ,  Kenneth Keels ,  Patrick Fleming

IPC: H04L67/63 ,  G06F3/06 ,  G06F16/174 ,  G06F21/57 ,  G06F21/73 ,  G06F8/65 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/12 ,  H04L67/10 ,  G06F11/30 ,  G06F9/50 ,  H01R13/453 ,  G06F9/48 ,  G06F9/455 ,  H05K7/14 ,  H04L61/5007 ,  H04L67/75 ,  H03M7/30 ,  H03M7/40 ,  H04L43/08 ,  H04L47/20 ,  H04L47/2441 ,  G06F11/07 ,  G06F11/34 ,  G06F7/06 ,  G06T9/00 ,  H03M7/42 ,  H04L12/28 ,  H04L12/46 ,  G06F13/16 ,  G06F21/62 ,  G06F21/76 ,  H03K19/173 ,  H04L9/08 ,  H04L41/044 ,  H04L49/104 ,  H04L43/04 ,  H04L43/06 ,  H04L43/0894 ,  G06F9/38 ,  G06F12/02 ,  G06F12/06 ,  G06T1/20 ,  G06T1/60 ,  G06F9/54 ,  H04L67/1014 ,  G06F8/656 ,  G06F8/658 ,  G06F8/654 ,  G06F9/4401 ,  H01R13/631 ,  H04L47/78 ,  G06F16/28 ,  H04Q11/00 ,  G06F11/14 ,  H04L41/046 ,  H04L41/0896 ,  H04L41/142 ,  H04L9/40 ,  G06F15/80

CPC classification number: G06F3/0641 ,  G06F3/0604 ,  G06F3/065 ,  G06F3/067 ,  G06F3/0608 ,  G06F3/0611 ,  G06F3/0613 ,  G06F3/0617 ,  G06F3/0647 ,  G06F3/0653 ,  G06F7/06 ,  G06F8/65 ,  G06F8/654 ,  G06F8/656 ,  G06F8/658 ,  G06F9/3851 ,  G06F9/3891 ,  G06F9/4401 ,  G06F9/45533 ,  G06F9/4843 ,  G06F9/4881 ,  G06F9/5005 ,  G06F9/505 ,  G06F9/5038 ,  G06F9/5044 ,  G06F9/5083 ,  G06F9/544 ,  G06F11/0709 ,  G06F11/079 ,  G06F11/0751 ,  G06F11/3006 ,  G06F11/3034 ,  G06F11/3055 ,  G06F11/3079 ,  G06F11/3409 ,  G06F12/0284 ,  G06F12/0692 ,  G06F13/1652 ,  G06F16/1744 ,  G06F21/57 ,  G06F21/6218 ,  G06F21/73 ,  G06F21/76 ,  G06T1/20 ,  G06T1/60 ,  G06T9/005 ,  H01R13/453 ,  H01R13/4536 ,  H01R13/4538 ,  H01R13/631 ,  H03K19/1731 ,  H03M7/3084 ,  H03M7/40 ,  H03M7/42 ,  H03M7/60 ,  H03M7/6011 ,  H03M7/6017 ,  H03M7/6029 ,  H04L9/0822 ,  H04L12/2881 ,  H04L12/4633 ,  H04L41/044 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/12 ,  H04L43/04 ,  H04L43/06 ,  H04L43/08 ,  H04L43/0894 ,  H04L47/20 ,  H04L47/2441 ,  H04L49/104 ,  H04L61/5007 ,  H04L67/10 ,  H04L67/1014 ,  H04L67/63 ,  H04L67/75 ,  H05K7/1452 ,  H05K7/1487 ,  H05K7/1491 ,  G06F11/1453 ,  G06F12/023 ,  G06F15/80 ,  G06F16/285 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2221/2107 ,  H04L41/046 ,  H04L41/0896 ,  H04L41/142 ,  H04L47/78 ,  H04L63/1425 ,  H04Q11/0005 ,  H05K7/1447 ,  H05K7/1492

Abstract: Technologies for an accelerator interface over Ethernet are disclosed. In the illustrative embodiment, a network interface controller of a compute device may receive a data packet. If the network interface controller determines that the data packet should be pre-processed (e.g., decrypted) with a remote accelerator device, the network interface controller may encapsulate the data packet in an encapsulating network packet and send the encapsulating network packet to a remote accelerator device on a remote compute device. The remote accelerator device may pre-process the data packet (e.g., decrypt the data packet) and send it back to the network interface controller. The network interface controller may then send the pre-processed packet to a processor of the compute device.

公开(公告)号：US11651092B2

公开(公告)日：2023-05-16

申请号：US17237102

申请日：2021-04-22

Applicant: INTEL CORPORATION

Inventor： Brian S. Hausauer ,  Lokpraveen B. Mosur ,  Tony Hurson ,  Patrick Fleming ,  Adrian R. Pearson

IPC: G06F21/62 ,  H04L9/40 ,  G06F21/78 ,  H04L9/32 ,  H04L9/08 ,  H04L67/1097 ,  G06F16/13

CPC classification number: G06F21/62 ,  G06F21/78 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/3242 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/08 ,  H04L63/10 ,  G06F16/13 ,  G06F2221/2107 ,  H04L9/3213 ,  H04L67/1097

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.

公开(公告)号：US10680643B2

公开(公告)日：2020-06-09

申请号：US16297579

申请日：2019-03-08

Applicant: Intel Corporation

Inventor： David K. Cassetti ,  Stephen T. Palermo ,  Sailesh Bissessur ,  Patrick Fleming ,  Lokpraveen Mosur ,  Smita Kumar ,  Pradnyesh S. Gudadhe ,  Naveen Lakkakula ,  Brian Will ,  Atul Kwatra

IPC: H03M7/38 ,  H03M7/30 ,  H03M7/40 ,  G06F40/126 ,  G06F40/149 ,  G06F40/157 ,  G06F40/284 ,  H03M7/00 ,  H03M5/00

Abstract: In connection with compression of an input stream, multiple portions of the input stream are searched against previously received portions of the input stream to find any matches of character strings in the previously received portions of the input stream. In some cases, matches of longer character strings, as opposed to shorter character strings, can be selected for inclusion in an encoded stream that is to be compressed. Delayed selection can occur whereby among multiple matches, a match that is longer can be selected for inclusion in the encoded stream and non-selected a character string match is reverted to a literal. A search engine that is searching an input stream to identify a repeat pattern of characters can cease to search for characters that were included in the selected character string match.

公开(公告)号：US10601738B2

公开(公告)日：2020-03-24

申请号：US16024774

申请日：2018-06-30

Applicant: Intel Corporation

Inventor： Bruce Richardson ,  Chris MacNamara ,  Patrick Fleming ,  Tomasz Kantecki ,  Ciara Loftus ,  John J. Browne ,  Patrick Connor

IPC: H04L12/861 ,  H04L12/879

Abstract: Technologies for buffering received network packet data include a compute device with a network interface controller (NIC) configured to determine a packet size of a network packet received by the NIC and identify a preferred buffer size between a small buffer and a large buffer. The NIC is further configured to select, from the descriptor, a buffer pointer based on the preferred buffer size, wherein the buffer pointer comprises one of a small buffer pointer corresponding to a first physical address in memory allocated to the small buffer or a large buffer pointer corresponding to a second physical address in memory allocated to the large buffer. Additionally, the NIC is configured to store at least a portion of the network packet in the memory based on the selected buffer pointer. Other embodiments are described herein.

公开(公告)号：US20190356589A1

公开(公告)日：2019-11-21

申请号：US16414814

申请日：2019-05-17

Applicant: Intel Corporation

Inventor： Eliel Louzoun ,  Manasi Deval ,  Stephen Doyle ,  Noam Elati ,  Patrick Fleming ,  Gregory Bowers

IPC: H04L12/741 ,  H04L12/861

Abstract: An apparatus, a method and a computer program for generating data packets according to a transport protocol from an application buffer comprising a plurality of data streams is provided. The apparatus comprises an input circuit configured to receive metadata comprising at least one of information about data packet types supported by the transport protocol, information about an offset and a length of the supported data packet types, and information about possible stream header start positions, possible payload start positions and possible offsets in the data streams. Further, the apparatus comprises a parsing circuit configured to identify offsets in an application buffer as possible segmentation points based on the metadata, to segment the application buffer at the possible segmentation points into segments for data packets, and to generate data packets according to the transport protocol based on the segments. Furthermore, an apparatus, a method and a computer program for processing the application buffer is provided.

公开(公告)号：US12177277B2

公开(公告)日：2024-12-24

申请号：US17313353

申请日：2021-05-06

Applicant: Intel Corporation

Inventor： Lokpraveen Mosur ,  Ilango Ganga ,  Robert Cone ,  Kshitij Arun Doshi ,  John J. Browne ,  Mark Debbage ,  Stephen Doyle ,  Patrick Fleming ,  Doddaballapur Jayasimha

IPC: H04L65/61 ,  H04L47/50 ,  H04L49/9005

Abstract: In one embodiment, a system includes a device and a host. The device includes a device stream buffer. The host includes a processor to execute at least a first application and a second application, a host stream buffer, and a host scheduler. The first application is associated with a first transmit streaming channel to stream first data from the first application to the device stream buffer. The first transmit streaming channel has a first allocated amount of buffer space in the device stream buffer. The host scheduler schedules enqueue of the first data from the first application to the first transmit streaming channel based at least in part on availability of space in the first allocated amount of buffer space in the device stream buffer. Other embodiments are described and claimed.

公开(公告)号：US20220021540A1

公开(公告)日：2022-01-20

申请号：US17320762

申请日：2021-05-14

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Naveen Lakkakula ,  Hari K. Tadepalli ,  Lokpraveen Mosur ,  Rajesh Gadiyar ,  Patrick Fleming

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06 ,  H04L9/14 ,  G06F21/57 ,  G06F21/60

Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.

公开(公告)号：US11042657B2

公开(公告)日：2021-06-22

申请号：US15721769

申请日：2017-09-30

Applicant: INTEL CORPORATION

Inventor： Brian S. Hausauer ,  Lokpraveen B. Mosur ,  Tony Hurson ,  Patrick Fleming ,  Adrian R. Pearson

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/78 ,  H04L9/32 ,  H04L9/08 ,  H04L29/08 ,  G06F16/13

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to de determine a secure memory region for a transaction, the secure memory region associated with a security association context to perform one or more of an encryption/decryption operation and an authentication operation for the transaction, perform one or more of the encryption/decryption operation and the authentication operation for the transaction based on the security association context, and cause communication of the transaction.