公开(公告)号：US20240406212A1

公开(公告)日：2024-12-05

申请号：US18595475

申请日：2024-03-05

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny ,  Miriam Menes ,  Liran Liss

IPC: H04L9/40 ,  H04L9/08

Abstract: In one embodiment, a local networking device includes a host interface to receive packets from a local host device, packet processing hardware to receive cryptographic material offloaded from the local host device over the host interface, perform cryptographic operations on the packets based on the cryptographic material, generate datagram transport layer security (DTLS) headers including respective DTLS sequence numbers in hardware, and encapsulate the packets with the DTLS headers in hardware, and a network interface to send the packets with the DTLS headers to a remote networking device over a packet data network.

公开(公告)号：US11726666B2

公开(公告)日：2023-08-15

申请号：US17372466

申请日：2021-07-11

Applicant: Mellanox Technologies, Ltd.

Inventor： Ben Ben-Ishay ,  Boris Pismenny ,  Yorai Itzhak Zack ,  Khalid Manaa ,  Liran Liss ,  Uria Basher ,  Or Gerlitz ,  Miriam Menes

IPC: G06F12/00 ,  G06F3/06 ,  H04L1/00 ,  H04L1/1867

CPC classification number: G06F3/0619 ,  G06F3/067 ,  G06F3/0611 ,  G06F3/0659 ,  G06F3/0679 ,  H04L1/0041 ,  H04L1/0045 ,  H04L1/189

Abstract: A network adapter includes a network interface controller and a processor. The network interface controller is to communicate over a peripheral bus with a host, and over a network with a remote storage device. The processor is to expose on the peripheral bus a peripheral-bus device that communicates with the host using a bus storage protocol, to receive first I/O transactions of the bus storage protocol from the host, via the exposed peripheral-bus device, and to complete the first I/O transactions in the remote storage device by (i) translating between the first I/O transactions and second I/O transactions of a network storage protocol, and (ii) executing the second I/O transactions in the remote storage device. For receiving and completing the first I/O transactions, the processor is to cause the network interface controller to transfer data directly between the remote storage device and a memory of the host using zero-copy.

公开(公告)号：US11558175B2

公开(公告)日：2023-01-17

申请号：US17233591

申请日：2021-04-19

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Miriam Menes ,  Noam Bloch ,  Adi Menachem ,  Idan Burstein ,  Ariel Shahar ,  Maxim Fudim

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: In one embodiment, data communication apparatus includes a network interface for connection to a network and configured to receive a sequence of data packets from a remote device over the network, the sequence including data blocks, ones of the data blocks having block boundaries that are not aligned with payload boundaries of the packets, and packet processing circuitry to cryptographically process the data blocks using a block cipher so as to write corresponding cryptographically processed data blocks to a memory, while holding segments of respective ones of the received data blocks in the memory, such that the packet processing circuitry stores a first segment of a data block of a first packet in the memory until a second packet is received, and then cryptographically processes the first and second segments together so as to write a corresponding cryptographically processed data block to the memory.

公开(公告)号：US11502948B2

公开(公告)日：2022-11-15

申请号：US17108002

申请日：2020-12-01

Applicant: Mellanox Technologies, Ltd

Inventor： Boris Pismenny ,  Miriam Menes ,  Idan Burstein ,  Liran Liss ,  Noam Bloch ,  Ariel Shahar

IPC: H04L45/00 ,  H04L45/42 ,  G06F11/10 ,  H04L69/163 ,  H04L69/22

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

公开(公告)号：US20240202315A1

公开(公告)日：2024-06-20

申请号：US18084964

申请日：2022-12-20

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Ilan Pardo ,  Miriam Menes ,  Shahaf Shuler ,  Meni Orenbach ,  Uria Basher

IPC: G06F21/53

CPC classification number: G06F21/53 ,  G06F2221/033

Abstract: The technology disclosed herein enables selective clearing of memory regions upon a context switch. An example method includes the operations of: receiving a memory access request referencing a memory region; determining an identifier of a current execution context associated with the memory region; determining an identifier of a previous execution context specified by metadata associated with the memory region; responsive to determining that the identifier of the current execution context does not match the identifier of the previous execution context, updating the metadata associated with the memory region to store the identifier of the current execution context; clearing at least a part of the memory region; and processing the memory access request with respect to the memory region.

公开(公告)号：US11909856B2

公开(公告)日：2024-02-20

申请号：US18076423

申请日：2022-12-07

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Miriam Menes ,  Noam Bloch ,  Adi Menachem ,  Idan Burstein ,  Ariel Shahar ,  Maxim Fudim

IPC: H04L9/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L9/0625 ,  H04L9/0861 ,  H04L9/3247

Abstract: In one embodiment, an apparatus includes a network interface to receive a sequence of data packets from a remote device responsively to a data transfer request, the received sequence including received data blocks, and packet processing circuitry to read cryptographic parameters from a memory in which the parameters were registered by a processing unit, the cryptographic parameters including an initial cryptographic key and initial value, compute a first cryptographic key responsively to the initial cryptographic key and initial value, cryptographically process a first block responsively to the first cryptographic key, compute an updated value responsively to the initial value and a size of the first block, compute a second cryptographic key responsively to the initial cryptographic key and the updated value, cryptographically process a second block of the received data blocks responsively to the second cryptographic key, and write the cryptographically processed first and second block to the memory.

公开(公告)号：US11909710B2

公开(公告)日：2024-02-20

申请号：US17859022

申请日：2022-07-07

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Eitan Zahavi ,  Guy Rozenberg ,  Matty Kadosh ,  Lion Levi ,  Boris Pismenny ,  Alex Netes ,  Miriam Menes ,  Lior Hodaya Bezen ,  Michael Tahar

IPC: H04L61/106 ,  H04L61/5061 ,  H04L61/5092

CPC classification number: H04L61/106 ,  H04L61/5061 ,  H04L61/5092

Abstract: A method for communication includes provisioning each node in a network with a respective set of two or more network addresses. Each node in succession is assigned a respective network address from the respective provisioned set that has not been assigned for use by any preceding node. Upon finding for a given node that all the network addresses in the respective provisioned set were assigned to preceding nodes, the preceding nodes are searched to identify a candidate node having an additional network address in the respective provisioned set, other than the assigned respective network address, that was not yet assigned to any of the nodes. The additional network address is assigned to the candidate node instead of the respective network address that was previously assigned to the candidate node, and the assigning of the network addresses to the nodes in the succession resumes following the candidate node.

公开(公告)号：US20230273808A1

公开(公告)日：2023-08-31

申请号：US18104086

申请日：2023-01-31

Applicant: Mellanox Technologies, Ltd.

Inventor： Ahmad Atamli ,  Meni Orenbach ,  Miriam Menes ,  Shahaf Shuler

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2009/45595

Abstract: The technology disclosed herein enables a Trusted Execution Environment (TEE) to be extended to an auxiliary device that handles persistently storing data in a security enhanced manner. Extending the trusted computing base to the auxiliary device may involve establishing an auxiliary TEE in the auxiliary device and a trusted communication link between the primary and auxiliary TEEs. The primary TEE may include the computing resources of the primary devices (e.g., CPU and host memory) and the auxiliary TEE may include the computing resources of the auxiliary devices (e.g., hardware accelerators and auxiliary memory). The trusted communication link may enable the auxiliary TEE to access data of the primary TEE that is otherwise inaccessible to all software executing external to the primary TEE (e.g., host operating system and hypervisor). The auxiliary device may use the auxiliary TEE to process the data to avoid compromising the security enhancements provided by the primary TEE.

公开(公告)号：US20230010150A1

公开(公告)日：2023-01-12

申请号：US17372466

申请日：2021-07-11

Applicant: Mellanox Technologies, Ltd.

Inventor： Ben Ben-Ishay ,  Boris Pismenny ,  Yorai Itzhak Zack ,  Khalid Manaa ,  Liran Liss ,  Uria Basher ,  Or Gerlitz ,  Miriam Menes

IPC: G06F3/06 ,  H04L1/18 ,  H04L1/00

Abstract: A network adapter includes a network interface controller and a processor. The network interface controller is to communicate over a peripheral bus with a host, and over a network with a remote storage device. The processor is to expose on the peripheral bus a peripheral-bus device that communicates with the host using a bus storage protocol, to receive first I/O transactions of the bus storage protocol from the host, via the exposed peripheral-bus device, and to complete the first I/O transactions in the remote storage device by (i) translating between the first I/O transactions and second I/O transactions of a network storage protocol, and (ii) executing the second I/O transactions in the remote storage device. For receiving and completing the first I/O transactions, the processor is to cause the network interface controller to transfer data directly between the remote storage device and a memory of the host using zero-copy.

公开(公告)号：US20210111996A1

公开(公告)日：2021-04-15

申请号：US17108002

申请日：2020-12-01

Applicant: Mellanox Technologies, Ltd

Inventor： Boris Pismenny ,  Miriam Menes ,  Idan Burstein ,  Liran Liss ,  Noam Bloch ,  Ariel Shahar

IPC: H04L12/721 ,  H04L12/717 ,  H04L29/06 ,  G06F11/10

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.