公开(公告)号：US20240146703A1

公开(公告)日：2024-05-02

申请号：US18195615

申请日：2023-05-10

Applicant: Mellanox Technologies, Ltd.

Inventor： Yuval Shicht ,  Miriam Menes ,  Ariel Shahar ,  Uria Basher ,  Boris Pismenny

IPC: H04L9/40 ,  H04L9/06

CPC classification number: H04L63/0485 ,  H04L9/0618 ,  H04L63/123

Abstract: A network device includes a hardware pipeline to process a network packet to be encrypted. A portion of the hardware pipeline retrieves information from the network packet and generates a command based on the information. A block cipher circuit is coupled inline within the hardware pipeline. The hardware pipeline includes hardware engines coupled between the portion of the hardware pipeline and the block cipher circuit. The hardware engines parse and execute the command to determine a set of inputs and input the set of inputs and portions of the network packet to the block cipher circuit. The block cipher circuit encrypts a payload data of the network packet based on the set of inputs.

公开(公告)号：US20240080379A1

公开(公告)日：2024-03-07

申请号：US17902150

申请日：2022-09-02

Applicant: Mellanox Technologies, Ltd.

Inventor： Yamin Friedman ,  Ariel Shahar ,  Idan Borshteen ,  Roee Moyal

IPC: H04L69/22 ,  G06F13/28 ,  G06F15/167 ,  H04L49/90

CPC classification number: H04L69/22 ,  G06F13/28 ,  G06F15/167 ,  H04L49/90

Abstract: Technologies for payload direct memory storing (PDMS) for out-of-order delivery of packets in remote direct memory access (RDMA) are described. A responder device includes an RDMA transport layer that can receive packets out of order and allow direct data placement of packet data in order. The responder device receives a first packet with a first packet number and first location information. The responder device stores first packet data to a first location according to the first location information. The responder device also receives a second packet and stores second packet data to a second location according to the second location information. A second packet number indicates that the first packet is received out of order. The first and second packet data are stored in order. The responder device can provide an indication that a message has arrived in response to determining that all packets of the message have arrived.

公开(公告)号：US20240012762A1

公开(公告)日：2024-01-11

申请号：US17887458

申请日：2022-08-14

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Gal Yefet ,  Yamin Friedman ,  Daniil Provotorov ,  Ariel Shahar ,  Natan Oppenheimer ,  Ran Avraham Koren ,  Av Urman

IPC: G06F12/0891

CPC classification number: G06F12/0891 ,  G06F2212/60

Abstract: An apparatus for cache management includes an interface and a processor. The interface is for communicating with a cache memory configured to store data items. The cache controller is configured to obtain a classification of the data items into a plurality of groups, to obtain respective target capacities for at least some of the groups, each target capacity defining a respective required size of a portion of the cache memory that is permitted to be occupied by the data items belonging to the group, and to cache new data items in the cache memory, or evict cached data items from the cache memory, in accordance with a policy that complies with the target capacities specified for the groups.

公开(公告)号：US11836083B2

公开(公告)日：2023-12-05

申请号：US17536141

申请日：2021-11-29

Applicant: Mellanox Technologies, Ltd.

Inventor： Ran Avraham Koren ,  Ariel Shahar ,  Liran Liss ,  Gabi Liron ,  Aviad Shaul Yehezkel

IPC: G06F12/0882 ,  G06F13/16 ,  G06F12/0831

CPC classification number: G06F12/0882 ,  G06F12/0833 ,  G06F12/0835 ,  G06F13/1673

Abstract: A compute node includes a memory, a processor and a peripheral device. The memory is to store memory pages. The processor is to run software that accesses the memory, and to identify one or more first memory pages that are accessed by the software in the memory. The peripheral device is to directly access one or more second memory pages in the memory of the compute node using Direct Memory Access (DMA), and to notify the processor of the second memory pages that are accessed using DMA. The processor is further to maintain a data structure that tracks both (i) the first memory pages as identified by the processor and (ii) the second memory pages as notified by the peripheral device.

公开(公告)号：US20230351021A1

公开(公告)日：2023-11-02

申请号：US18349147

申请日：2023-07-09

Applicant: Mellanox Technologies, Ltd.

Inventor： Mor Hoyda Sfadia ,  Yuval Itkin ,  Ahmad Atamli ,  Ariel Shahar ,  Yaniv Strassberg ,  Itsik Levi

IPC: G06F21/57 ,  G06F8/65 ,  G06F9/445

CPC classification number: G06F21/572 ,  G06F8/65 ,  G06F9/445 ,  G06F2221/033

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

公开(公告)号：US20230267196A1

公开(公告)日：2023-08-24

申请号：US17676890

申请日：2022-02-22

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Boris Pismenny ,  Miriam Menes ,  Ahmad Atamli ,  Ilan Pardo ,  Ariel Shahar ,  Uria Basher

IPC: G06F21/53 ,  G06F21/79 ,  G06F9/50 ,  G06F13/28

CPC classification number: G06F21/53 ,  G06F21/79 ,  G06F9/5016 ,  G06F9/5077 ,  G06F13/28

Abstract: A confidential computing (CC) apparatus includes a CPU and a peripheral device. The CPU is to run a hypervisor that hosts one or more Trusted Virtual Machines (TVMs). The peripheral device is coupled to the CPU and to an external memory. The CPU includes a TVM-Monitor (TVMM), to perform management operations on the one or more TVMs, to track memory space that is allocated by the hypervisor to the peripheral device in the external memory, to monitor memory-access requests issued by the hypervisor to the memory space allocated to the peripheral device in the external memory, and to permit or deny the memory-access requests, according to a criterion.

公开(公告)号：US20230185606A1

公开(公告)日：2023-06-15

申请号：US17899648

申请日：2022-08-31

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Miriam Menes ,  Liran Liss ,  Noam Bloch ,  Idan Burstein ,  Boris Pismenny ,  Ariel Shahar

IPC: G06F9/48 ,  G06F9/50 ,  G06F9/38

CPC classification number: G06F9/4881 ,  G06F9/5027 ,  G06F9/5072 ,  G06F9/3877

Abstract: In one embodiment, a secure distributed processing system includes nodes connected over a network, and configured to process tasks, each respective one of the nodes including a respective processor to process data of respective ones of the tasks, and a respective network interface controller to connect to other nodes over the network, store task master keys for use in computing communication keys for securing data transfer over the network for respective ones of the tasks, compute respective task and node-pair specific communication keys for securing communication with respective ones of the nodes over the network for respective ones of the tasks responsively to respective ones of the task master keys and node-specific data of respective node pairs, and securely communicate the processed data of the respective ones of the tasks with the respective ones of the nodes over the network responsively to the respective task and node-pair specific communication keys.

公开(公告)号：US20230097439A1

公开(公告)日：2023-03-30

申请号：US18075460

申请日：2022-12-06

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Miriam Menes ,  Noam Bloch ,  Adi Menachem ,  Idan Burstein ,  Ariel Shahar ,  Maxim Fudim

IPC: H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: In one embodiment, data communication apparatus includes packet processing circuitry to receive data from a memory responsively to a data transfer request, and cryptographically process the received data in units of data blocks using a block cipher so as to add corresponding cryptographically processed data blocks to a sequence of data packets, the sequence including respective ones of the cryptographically processed data blocks having block boundaries that are not aligned with payload boundaries of respective one of the packets, such that respective ones of the cryptographically processed data blocks are divided into two respective segments, which are contained in successive respective ones of the packets in the sequence, and a network interface which includes one or more ports for connection to a packet data network and is configured to send the sequence of data packets to a remote device over the packet data network via the one or more ports.

公开(公告)号：US20230034545A1

公开(公告)日：2023-02-02

申请号：US17963216

申请日：2022-10-11

Applicant: Mellanox Technologies, Ltd.

Inventor： Boris Pismenny ,  Miriam Menes ,  Idan Burstein ,  Liran Liss ,  Noam Bloch ,  Ariel Shahar

IPC: H04L45/00 ,  H04L45/42 ,  G06F11/10 ,  H04L69/163 ,  H04L69/22

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

公开(公告)号：US20220358063A1

公开(公告)日：2022-11-10

申请号：US17503392

申请日：2021-10-18

Applicant: MELLANOX TECHNOLOGIES, LTD.

Inventor： Tzahi Oved ,  Achiad Shochat ,  Liran Liss ,  Noam Bloch ,  Aviv Heller ,  Idan Burstein ,  Ariel Shahar ,  Peter Paneah

IPC: G06F13/28 ,  G06F3/06

Abstract: Computing apparatus includes a host computer, including at least first and second host bus interfaces. A network interface controller (NIC) includes a network port, for connection to a packet communication network, and first and second NIC bus interfaces, which communicate via first and second peripheral component buses with the first and second host bus interfaces, respectively. Packet processing logic, in response to packets received through the network port, writes data to the host memory concurrently via both the first and second NIC bus interfaces in a sequence of direct memory access (DMA) transactions, and after writing the data in any given DMA transaction, writes a completion report to the host memory with respect to the given DMA transaction while verifying that the completion report will be available to the CPU only after all the data in the given DMA transaction have been written to the host memory.