公开(公告)号：US11943207B2

公开(公告)日：2024-03-26

申请号：US17032391

申请日：2020-09-25

Applicant: Intel Corporation

Inventor： Kshitij Arun Doshi ,  Uzair Qureshi ,  Lokpraveen Mosur ,  Patrick Fleming ,  Stephen Doyle ,  Brian Andrew Keating ,  Ned M. Smith

IPC: H04L9/40 ,  G06F13/28 ,  G06F21/60

CPC classification number: H04L63/0435 ,  G06F13/28 ,  G06F21/602 ,  H04L63/166

Abstract: Methods, systems, and use cases for one-touch inline cryptographic data security are discussed, including an edge computing device with a network communications circuitry (NCC), an enhanced DMA engine coupled to a memory device and including a cryptographic engine, and processing circuitry configured to perform a secure exchange with a second edge computing device to negotiate a shared symmetric encryption key, based on a request for data. An inline encryption command for communication to the enhanced DMA engine is generated. The inline encryption command includes a first address associated with a storage location storing the data, a second address associated with a memory location in the memory device, and the shared symmetric encryption key. The data is retrieved from the storage location using the first address, the data is encrypted using the shared symmetric encryption key, and the encrypted data is stored in the memory location using the second address.

公开(公告)号：US20240195789A1

公开(公告)日：2024-06-13

申请号：US18442457

申请日：2024-02-15

Applicant: Intel Corporation

Inventor： Kshitij Arun Doshi ,  Uzair Qureshi ,  Lokpraveen Mosur ,  Patrick Fleming ,  Stephen Doyle ,  Brian Andrew Keating ,  Ned M. Smith

IPC: H04L9/40 ,  G06F13/28 ,  G06F21/60

CPC classification number: H04L63/0435 ,  G06F13/28 ,  G06F21/602 ,  H04L63/166

Abstract: A computing device includes a direct memory access (DMA) engine coupled to a memory, a network interface, and processing circuitry. The processing circuitry is to perform a secure exchange with a second computing device to negotiate a shared encryption key, based on a request for data received via the network interface from the second computing device. The DMA engine is to retrieve the data from a storage location based on an encryption command. The encryption command indicates the storage location. The DMA engine is to encrypt the data based on the shared encryption key to generate encrypted data, and store the encrypted data in the memory.

公开(公告)号：US11824784B2

公开(公告)日：2023-11-21

申请号：US16723330

申请日：2019-12-20

Applicant: Intel Corporation

Inventor： Brian Andrew Keating ,  Marcin Spoczynski ,  Lokpraveen Mosur ,  Kshitij Arun Doshi ,  Francesc Guim Bernat

IPC: G06F9/50 ,  H04L41/16 ,  H04L41/5009 ,  H04L47/2425 ,  H04L49/00 ,  H04L47/80 ,  H04L47/78 ,  H04L41/06 ,  H04L41/40 ,  H04L41/5025 ,  H04L41/5054

CPC classification number: H04L47/2425 ,  G06F9/5011 ,  G06F9/5077 ,  H04L41/06 ,  H04L41/40 ,  H04L41/5009 ,  H04L41/5025 ,  H04L47/781 ,  H04L47/805 ,  H04L49/70 ,  G06F2209/501 ,  G06F2209/503 ,  G06F2209/508 ,  H04L41/5054

Abstract: Various approaches for implementing platform resource management are described. In an edge computing system deployment, an edge computing device includes processing circuitry coupled to a memory. The processing circuitry is configured to obtain, from an orchestration provider, an SLO (or SLA) that defines usage of an accessible feature of the edge computing device by a container executing on a virtual machine within the edge computing system. A computation model is retrieved based on at least one key performance indicator (KPI) specified in the SLO. The defined usage of the accessible feature is mapped to a plurality of feature controls using the retrieved computation model. The plurality of feature controls is associated with platform resources of the edge computing device that are pre-allocated to the container. The usage of the platform resources allocated to the container is monitored using the plurality of feature controls.