公开(公告)号：US20230418773A1

公开(公告)日：2023-12-28

申请号：US18035705

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Kaijie Guo ,  Xin Zeng ,  Ned Smith ,  Weigang Li ,  Junyuan Wang ,  Songwu Shen ,  Zijuan Fan ,  Yao Huo ,  Maksim Lukoshkov ,  Laurent Coquerel

IPC: G06F13/28

CPC classification number: G06F13/28

Abstract: Techniques and mechanisms for determining an operation to be performed with a direct memory access (DMA) request. An inspection unit (105) is coupled between an input-output memory management unit (IOMMU) (120) and an endpoint device (118). The inspection unit (105) stores a registry (330) comprising entries (332) which each correspond to a respective address, and a respective one or more resources of the endpoint device (118). A given entry (332) of the registry (330) is created based on a message from the IOM MU (120) which indicates the successful completion of an address translation to facilitate a DMA request. The endpoint device (118) performs a search, based on a DMA request, to determine if any registry (330) entry (332) indicates a combination of an address and an endpoint resource, where said combination matches a corresponding combination indicated by the DMA request. Communication of the DMA request to the IOMMU (120) is contingent on a result of the search.

公开(公告)号：US11736277B2

公开(公告)日：2023-08-22

申请号：US17463453

申请日：2021-08-31

Applicant: INTEL CORPORATION

Inventor： Changzhen Wei ,  Junyuan Wang ,  Ned Smith ,  Weigang Li ,  Ping Yu

IPC: H04L9/40 ,  H04L9/08 ,  G16Y30/10 ,  G06F21/45 ,  H04L9/32

CPC classification number: H04L9/0833 ,  G06F21/45 ,  G16Y30/10 ,  H04L9/0822 ,  H04L9/321 ,  H04L9/3215 ,  H04L9/3255 ,  H04L63/0442

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

公开(公告)号：US11115193B2

公开(公告)日：2021-09-07

申请号：US16649192

申请日：2017-12-29

Applicant: INTEL CORPORATION

Inventor： Changzheng Wei ,  Junyuan Wang ,  Ned Smith ,  Weigang Li ,  Ping Yu

IPC: H04L9/08 ,  G16Y30/10 ,  H04L9/32 ,  G06F21/45 ,  H04L29/06

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

公开(公告)号：US20240320161A1

公开(公告)日：2024-09-26

申请号：US18575832

申请日：2021-08-20

Applicant: Intel Corporation

Inventor： Kaijie Guo ,  Qianjun Xie ,  Weigang Li ,  Junyuan Wang ,  Ashok Raj ,  Zijuan Fan

IPC: G06F12/1045 ,  G06F9/30

CPC classification number: G06F12/1045 ,  G06F9/3016 ,  G06F2212/50

Abstract: Systems, methods, and apparatuses to support a device translation lookaside buffer pre-translation instruction are described. A hardware system includes an input/output device, an input/output memory controller to perform a direct memory access of a memory for the input/output device, and a processor core separate from the input/output device and comprising a decoder circuit to decode a single instruction into a decoded single instruction, the single instruction including one or more fields to identify a virtual address to physical address mapping for the input/output device in the memory, and an opcode to indicate an execution circuit is to store the virtual address to physical address mapping into a translation lookaside buffer within the input/output device, and the execution circuit to execute the decoded single instruction according to the opcode.

公开(公告)号：US11422944B2

公开(公告)日：2022-08-23

申请号：US16989667

申请日：2020-08-10

Applicant: Intel Corporation

Inventor： Kaijie Guo ,  Weigang Li ,  Junyuan Wang ,  Liang Ma ,  Maksim Lukoshkov ,  Yao Huo

IPC: G06F12/1009 ,  H04L61/2596 ,  G06F12/1027 ,  G06F13/28 ,  G06F13/42

Abstract: Examples herein relate to a system that includes a first memory device; a second memory device; and an input-output memory management unit (IOMMU). The IOMMU can search for a virtual-to-physical address translation entry in a first table for a received virtual address and based on a virtual-to-physical address translation entry for the received virtual address not being present in the first table, search a second table for a virtual-to-physical address translation entry for the received virtual address, wherein the first table is stored in the first memory device and the second table is stored in the second memory device. In some examples, based on a virtual-to-physical address translation entry for the received virtual address not being present in the second table, a page table walk is performed to determine a virtual-to-physical address translation for the received virtual address. In some examples, the first table includes an IO translation lookaside buffer (IOTLB).

公开(公告)号：US11805116B2

公开(公告)日：2023-10-31

申请号：US16957628

申请日：2018-03-31

Applicant: INTEL CORPORATION

Inventor： Changzheng Wei ,  Weigang Li ,  Danny Y. Zhou ,  Junyuan Wang ,  Hari K. Tadepalli ,  Rashmin N. Patel

IPC: H04W12/04 ,  H04W12/06 ,  H04L9/40 ,  H04W12/00 ,  H04L9/32 ,  G06F21/72

CPC classification number: H04L63/0823 ,  H04L9/3242 ,  H04L63/12 ,  H04W12/009 ,  H04L2463/062

Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.

公开(公告)号：US11615194B2

公开(公告)日：2023-03-28

申请号：US16975661

申请日：2018-06-29

Applicant: Intel Corporation

Inventor： Changzheng Wei ,  Ziye Yang ,  Junyuan Wang ,  Cunming Liang ,  Junhua Hou ,  Weigang Li ,  Ping Yu ,  Yi Yang ,  Baoqian Li ,  Xin Zeng

IPC: G06F21/60 ,  G06F16/14 ,  H04L9/08 ,  H04L9/40 ,  H04L67/1097

Abstract: Embodiments include apparatuses, methods, and systems including one or more servers and one or more storage devices, coupled with each other, to provide virtual storage service to store a file and meta data of the file for a client computing device. The file and the meta data of the file may be encrypted by the client computing device before providing to the virtual storage service. The file may be encrypted with a secret key of the client computing device, and the meta data of the file may be encrypted with a shared session key between the client computing device and the virtual storage service. The encrypted file may be stored in the one or more storage devices, and the encrypted meta data of the file may be stored in one or more secured areas of the one or more servers. Other embodiments may also be described and claimed.

公开(公告)号：US11372684B2

公开(公告)日：2022-06-28

申请号：US17220763

申请日：2021-04-01

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Changzheng Wei ,  Songwu Shen ,  Ziye Yang ,  Junyuan Wang ,  Weigang Li ,  Wenqian Yu

IPC: G06F9/50 ,  G06F21/76 ,  G06F21/60

Abstract: Technologies for hybrid acceleration of code include a computing device (100) having a processor (120), a field-programmable gate array (FPGA) (130), and an application-specific integrated circuit (ASIC) (132). The computing device (100) offloads a service request, such as a cryptographic request or a packet processing request, to the FPGA (130). The FPGA (130) performs one or more algorithmic tasks of an algorithm to perform the service request. The FPGA (130) determines one or more primitive tasks associated with an algorithm task and encapsulates each primitive task in a buffer that is accessible by the ASIC (132). The ASIC (132) performs the primitive tasks in response to encapsulation in the buffer, and the FPGA (130) returns results of the algorithm. The primitive operations may include cryptographic primitives such as modular exponentiation, modular multiplicative inverse, and modular multiplication. The results may be returned to the processor (120) or a network interface controller of the computing device (100).

公开(公告)号：US12271327B2

公开(公告)日：2025-04-08

申请号：US18035705

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Kaijie Guo ,  Xin Zeng ,  Ned Smith ,  Weigang Li ,  Junyuan Wang ,  Songwu Shen ,  Zijuan Fan ,  Yao Huo ,  Maksim Lukoshkov ,  Laurent Coquerel

IPC: G06F13/28

Abstract: Techniques and mechanisms for determining an operation to be performed with a direct memory access (DMA) request. An inspection unit (105) is coupled between an input-output memory management unit (IOMMU) (120) and an endpoint device (118). The inspection unit (105) stores a registry (330) comprising entries (332) which each correspond to a respective address, and a respective one or more resources of the endpoint device (118). A given entry (332) of the registry (330) is created based on a message from the IOM MU (120) which indicates the successful completion of an address translation to facilitate a DMA request. The endpoint device (118) performs a search, based on a DMA request, to determine if any registry (330) entry (332) indicates a combination of an address and an endpoint resource, where said combination matches a corresponding combination indicated by the DMA request. Communication of the DMA request to the IOMMU (120) is contingent on a result of the search.

公开(公告)号：US20230409197A1

公开(公告)日：2023-12-21

申请号：US18239363

申请日：2023-08-29

Applicant: Intel Corporation

Inventor： Kaijie Guo ,  Ashok Raj ,  Ned Smith ,  Weigang Li ,  Junyuan Wang ,  Xin Zeng ,  Brian Will ,  Zijuan Fan ,  Michael E. Kounavis ,  Qianjun Xie ,  Yuan Wang ,  Yao Huo

IPC: G06F3/06

CPC classification number: G06F3/061 ,  G06F3/0655 ,  G06F3/0673

Abstract: An embodiment of an integrated circuit may comprise memory to store respective resource control descriptors in correspondence with respective identifiers, and an input/output (JO) memory management unit (IOMMU) communicatively coupled to the memory, the IOMMU including circuitry to determine resource control information for an IO transaction based on a resource control descriptor stored in the memory that corresponds to an identifier associated with the IO transaction, and control utilization of one or more resources of the IOMMU based on the determined resource control information. Other embodiments are disclosed and claimed.