公开(公告)号：US20250119484A1

公开(公告)日：2025-04-10

申请号：US18483547

申请日：2023-10-10

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny

IPC: H04L69/22 ,  H04L47/2408

Abstract: A method for data communication includes receiving messages comprising data for transmission over a packet communication network to a specified destination address and encoding the messages in a series of data records having respective record headers. The data records are encapsulated in respective payloads of a sequence of data packets such that at least some of the data records span multiple consecutive data packets in the sequence. A quality of service (QoS) field in a respective packet header of each data packet in the sequence is set to a first value when a payload of the data packet contains one of the record headers and otherwise to a second value, different from the first value. The sequence of data packets is transmitted over the packet communication network to the specified destination address.

公开(公告)号：US20240146703A1

公开(公告)日：2024-05-02

申请号：US18195615

申请日：2023-05-10

Applicant: Mellanox Technologies, Ltd.

Inventor： Yuval Shicht ,  Miriam Menes ,  Ariel Shahar ,  Uria Basher ,  Boris Pismenny

IPC: H04L9/40 ,  H04L9/06

CPC classification number: H04L63/0485 ,  H04L9/0618 ,  H04L63/123

Abstract: A network device includes a hardware pipeline to process a network packet to be encrypted. A portion of the hardware pipeline retrieves information from the network packet and generates a command based on the information. A block cipher circuit is coupled inline within the hardware pipeline. The hardware pipeline includes hardware engines coupled between the portion of the hardware pipeline and the block cipher circuit. The hardware engines parse and execute the command to determine a set of inputs and input the set of inputs and portions of the network packet to the block cipher circuit. The block cipher circuit encrypts a payload data of the network packet based on the set of inputs.

公开(公告)号：US11765079B2

公开(公告)日：2023-09-19

申请号：US17973962

申请日：2022-10-26

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny ,  Miriam Menes ,  Idan Burstein ,  Liran Liss ,  Noam Bloch ,  Arie Shahar

IPC: H04L45/00 ,  H04L45/42 ,  G06F11/10 ,  H04L69/163 ,  H04L69/22

CPC classification number: H04L45/566 ,  G06F11/1004 ,  H04L45/38 ,  H04L45/42 ,  H04L69/163 ,  H04L69/22

Abstract: A method includes detecting, by an accelerator of a networking device, a serial number of a first data packet is out of order with respect to a previous data packet within a first flow of data packets associated with a packet communication network, wherein the serial number is assigned to the first data packet according to a transport protocol. The method includes reconstructing context data associated with the first flow of data packets, wherein the context data comprises encoding information for encoding of data records containing data conveyed in payloads of data packets in the first flow of data packets according to a storage protocol. The method includes using, by the accelerator, the reconstructed context data in processing a data record associated with a second data packet within the first flow, wherein the second data packet is subsequent to the first data packet in the first flow of data packets.

公开(公告)号：US20230267196A1

公开(公告)日：2023-08-24

申请号：US17676890

申请日：2022-02-22

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Boris Pismenny ,  Miriam Menes ,  Ahmad Atamli ,  Ilan Pardo ,  Ariel Shahar ,  Uria Basher

IPC: G06F21/53 ,  G06F21/79 ,  G06F9/50 ,  G06F13/28

CPC classification number: G06F21/53 ,  G06F21/79 ,  G06F9/5016 ,  G06F9/5077 ,  G06F13/28

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

公开(公告)号：US20230239257A1

公开(公告)日：2023-07-27

申请号：US17582047

申请日：2022-01-24

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny ,  Ben Ben Ishay ,  Gal Yefet ,  Gil Kremer ,  Avi Urman ,  Yorai Itzhak Zack ,  Khalid Manaa ,  Liran Liss

IPC: H04L49/9057 ,  H04L69/22 ,  H04L49/90

CPC classification number: H04L49/9057 ,  H04L69/22 ,  H04L49/9042

Abstract: A peripheral device coupled to a host includes a network interface, a packet processor, and a Data Processing Unit (DPU). The packet processor receives from a communication network, via the network interface, packets that originated from a source in an original order and received at the peripheral device in as order different from the original order. The packet processor splits the received packets into headers and payloads, sends the payloads for storage in a host memory and sends the headers without the payloads for storage in a DPU memory, and based on the headers produces a hint indicative of processing to be applied to the headers, by the DPU, for identifying the original order. Based on the hint, the DPU identifies the original order of the packets by applying the processing indicated by the hint to respective headers in the DPU memory, and notifies the host of the original order.

公开(公告)号：US20230185606A1

公开(公告)日：2023-06-15

申请号：US17899648

申请日：2022-08-31

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Miriam Menes ,  Liran Liss ,  Noam Bloch ,  Idan Burstein ,  Boris Pismenny ,  Ariel Shahar

IPC: G06F9/48 ,  G06F9/50 ,  G06F9/38

CPC classification number: G06F9/4881 ,  G06F9/5027 ,  G06F9/5072 ,  G06F9/3877

Abstract: In one embodiment, a secure distributed processing system includes nodes connected over a network, and configured to process tasks, each respective one of the nodes including a respective processor to process data of respective ones of the tasks, and a respective network interface controller to connect to other nodes over the network, store task master keys for use in computing communication keys for securing data transfer over the network for respective ones of the tasks, compute respective task and node-pair specific communication keys for securing communication with respective ones of the nodes over the network for respective ones of the tasks responsively to respective ones of the task master keys and node-specific data of respective node pairs, and securely communicate the processed data of the respective ones of the tasks with the respective ones of the nodes over the network responsively to the respective task and node-pair specific communication keys.

公开(公告)号：US20230046221A1

公开(公告)日：2023-02-16

申请号：US17973962

申请日：2022-10-26

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny ,  Miriam Menes ,  Idan Burstein ,  Liran Liss ,  Noam Bloch ,  Arie Shahar

IPC: H04L45/00 ,  H04L45/42 ,  G06F11/10 ,  H04L69/163 ,  H04L69/22

Abstract: A method includes detecting, by an accelerator of a networking device, a serial number of a first data packet is out of order with respect to a previous data packet within a first flow of data packets associated with a packet communication network, wherein the serial number is assigned to the first data packet according to a transport protocol. The method includes reconstructing context data associated with the first flow of data packets, wherein the context data comprises encoding information for encoding of data records containing data conveyed in payloads of data packets in the first flow of data packets according to a storage protocol. The method includes using, by the accelerator, the reconstructed context data in processing a data record associated with a second data packet within the first flow, wherein the second data packet is subsequent to the first data packet in the first flow of data packets.

公开(公告)号：US20230034545A1

公开(公告)日：2023-02-02

申请号：US17963216

申请日：2022-10-11

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny ,  Miriam Menes ,  Idan Burstein ,  Liran Liss ,  Noam Bloch ,  Ariel Shahar

IPC: H04L45/00 ,  H04L45/42 ,  G06F11/10 ,  H04L69/163 ,  H04L69/22

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

公开(公告)号：US20220308764A1

公开(公告)日：2022-09-29

申请号：US17527197

申请日：2021-11-16

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Boris Pismenny ,  Oren Duer ,  Dror Goldenberg

IPC: G06F3/06

Abstract: A peripheral device includes a host interface and processing circuitry. The host interface is to communicate with one or more hosts over a peripheral bus.
The processing circuitry is to expose on the peripheral bus a peripheral-bus device that communicates with the one or more hosts using one or more instances of at least one bus storage protocol, to receive, using the exposed peripheral-bus device, Input/Output (I/O) transactions that are issued by the one or more hosts, and to complete the I/O transactions for the one or more hosts in accordance with one or more instances of at least one network storage protocol, by running at least part of a host-side protocol stack of the at least one network storage protocol.

公开(公告)号：US10708240B2

公开(公告)日：2020-07-07

申请号：US15841339

申请日：2017-12-14

Applicant: Mellanox Technologies, Ltd.

Inventor： Adi Menachem ,  Liran Liss ,  Boris Pismenny

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/53 ,  H04L9/08 ,  G06F9/455 ,  H04L9/14 ,  H04L9/32

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.