公开(公告)号：US11483300B2

公开(公告)日：2022-10-25

申请号：US16876626

申请日：2020-05-18

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Seosamh O'Riordain ,  Ned M. Smith ,  Tarun Viswanathan

IPC: H04L29/06 ,  H04L9/40 ,  G06F9/455 ,  G06F9/50 ,  G06F21/53 ,  G06F21/62 ,  G06F21/57 ,  G06F9/4401 ,  G06F9/46

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

公开(公告)号：US20220132265A1

公开(公告)日：2022-04-28

申请号：US17208688

申请日：2021-03-22

Applicant: Intel Corporation

Inventor： Valerie J. Young ,  Kapil Sood

IPC: H04W4/02 ,  H04W4/70 ,  H04W4/60 ,  H04W24/02

Abstract: Technologies for performing an automated application exchange negotiation in an operator network include an endpoint device, a mobile edge computing device, a core computing device, an application provider computing device, and a network operator computing device. The mobile edge computing device is configured to receive a request to access an application and/or service stored at the mobile edge computing device and/or the application provider computing device. The mobile edge computing device is further configured to initiate the automated application exchange negotiation between the application provider computing device and the network operator computing device to determine one or more terms of the negotiation, including one or more terms of a service level agreement (SLA). Other embodiments are described herein.

公开(公告)号：US11272267B2

公开(公告)日：2022-03-08

申请号：US16390846

申请日：2019-04-22

Applicant: Intel Corporation

Inventor： Andrew J. Herdrich ,  Patrick L. Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey B. Shaw ,  Edwin Verplanke ,  Scott P. Dubal ,  James Robert Hearn

IPC: H04Q9/02 ,  H04L12/24 ,  H04L12/26 ,  H04L41/5019 ,  H04L41/5009 ,  H04L43/10 ,  H04L43/08

Abstract: Devices and techniques for out-of-band platform tuning and configuration are described herein. A device can include a telemetry interface to a telemetry collection system and a network interface to network adapter hardware. The device can receive platform telemetry metrics from the telemetry collection system, and network adapter silicon hardware statistics over the network interface, to gather collected statistics. The device can apply a heuristic algorithm using the collected statistics to determine processing core workloads generated by operation of a plurality of software systems communicatively coupled to the device. The device can provide a reconfiguration message to instruct at least one software system to switch operations to a different processing core, responsive to detecting an overload state on at least one processing core, based on the processing core workloads. Other embodiments are also described.

公开(公告)号：US20210344653A1

公开(公告)日：2021-11-04

申请号：US17369824

申请日：2021-07-07

Applicant: Intel Corporation

Inventor： David J. Harriman ,  Raghunandan Makaram ,  Ioannis T. Schoinas ,  Kapil Sood ,  Yu-Yuan Chen ,  Vedvyas Shanbhogue ,  Siddhartha Chhabra ,  Reshma Lal ,  Reouven Elbaz

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06 ,  G06F13/42

Abstract: A protected link between a first computing device and a second computing device is set up, wherein communication over the protected link is to comply with a communication protocol that allows packets to be reordered during transit. A plurality of packets are generated according to a packet format that ensures the plurality of packets will not be reordered during transmission over the protected link, the plurality of packets comprising a first packet and a second packet. Data of the plurality of packets are encrypted for transmission over the protected link, wherein data of the first packet is encrypted based on the cryptographic key and a first value of a counter and data of the second packet is encrypted based on the cryptographic key and a second value of the counter.

公开(公告)号：US10972371B2

公开(公告)日：2021-04-06

申请号：US14671863

申请日：2015-03-27

Applicant: Intel Corporation

Inventor： Alexander W. Min ,  Jr-Shian Tsai ,  Janet Tseng ,  Kapil Sood ,  Tsung-Yuan C. Tai

IPC: G06F15/16 ,  H04L12/26 ,  H04L12/911 ,  H04L12/917 ,  H04L12/813 ,  H04L12/721

Abstract: Technologies for monitoring network traffic include a computing device that monitors network traffic at a graphics processing unit (GPU) of the computing device. The computing device manages computing resources of the computing device based on results of the monitored network traffic. The computing resources may include one or more virtual machines to process network traffic that is to be monitored at the GPU the computing device. Other embodiments are described and claimed.

公开(公告)号：US10884814B2

公开(公告)日：2021-01-05

申请号：US16147118

申请日：2018-09-28

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Patrick L. Connor ,  Scott P. Dubal ,  James Robert Hearn ,  Andrew J. Herdrich

IPC: G06F9/50 ,  G06F9/455 ,  G06F21/53 ,  G06F12/14 ,  H04L9/08 ,  H04W12/08 ,  G06F21/74 ,  G06T19/00 ,  H04L29/06 ,  H04W12/02

Abstract: System and techniques for multifactor intelligent agent control are described herein. A workload request may be received from a user device via a network. The workload may be instantiated in an isolated environment on an edge computing platform. Here, the isolated environment may be a container or a virtual machine. The instantiation of the workload may include using a hardware security component (SEC) of the mobile edge computing platform to prevent access to data or code of the workload from other environments hosted by the mobile edge computing platform. The workload may then be executed in the isolated environment and a result of the workload returned to the user device.

公开(公告)号：US20200167196A1

公开(公告)日：2020-05-28

申请号：US16723760

申请日：2019-12-20

Applicant: Intel Corporation

Inventor： Ned Smith ,  Francesc Guim Bernat ,  Sanjay Bakshi ,  Katalin Bartfai-Walcott ,  Kapil Sood ,  Kshitij Doshi ,  Robert Munoz

IPC: G06F9/50 ,  G06F9/48 ,  G06F11/30 ,  H04L9/32 ,  G06F9/54 ,  H04L9/06

Abstract: Methods and apparatus to execute a workload in an edge environment are disclosed. An example apparatus includes a node scheduler to accept a task from a workload scheduler, the task including a description of a workload and tokens, a workload executor to execute the workload, the node scheduler to access a result of execution of the workload and provide the result to the workload scheduler, and a controller to access the tokens and distribute at least one of the tokens to at least one provider, the provider to provide a resource to the apparatus to execute the workload.

公开(公告)号：US10572650B2

公开(公告)日：2020-02-25

申请号：US15056570

申请日：2016-02-29

Applicant: Intel Corporation

Inventor： Trevor Cooper ,  Kapil Sood ,  Scott P. Dubal ,  Michael Hingston McLaughlin Bursell ,  Jesse C. Brandeburg ,  Stephen T. Palermo

IPC: H04L12/24 ,  G06F3/06 ,  G06Q30/06 ,  G06F21/44

Abstract: Technologies for monitoring service level agreement (SLA) performance in an end-to-end SLA monitoring architecture include a network functions virtualization (NFV) SLA controller configured to manage SLA agents initialized in various network processing components of the end-to-end SLA monitoring architecture. To do so, the NFV SLA controller is configured to provide instruction to the SLA agents indicating which types of telemetry data to monitor and receive the requested telemetry data, as securely collected and securely packaged by the SLA agents. The NFV SLA controller is further configured to securely analyze the received telemetry data to determine one or more performance metrics and compare performance benchmarks against the performance metrics to generate an SLA report that includes the results of the comparison. Other embodiments are described and claimed.

公开(公告)号：US10367840B2

公开(公告)日：2019-07-30

申请号：US15683360

申请日：2017-08-22

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Manuel Nedbal

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/53 ,  H04L29/08

Abstract: Technologies for secure personalization of a security monitoring virtual network function (VNF) in a network functions virtualization (NFV) architecture include various security monitoring components, including a NFV security services controller, a VNF manager, and a security monitoring VNF. The security monitoring VNF is configured to receive provisioning data from the NFV security services controller and perform a mutually authenticated key exchange procedure using at least a portion of the provisioning data to establish a secure communication path between the security monitoring VNF and a VNF manager. The security monitoring VNF is further configured to receive personalization data from the VNF manager via the secure communication path and perform a personalization operation to configure one or more functions of the security monitoring VNF based on the personalization data. Other embodiments are described and claimed.

公开(公告)号：US20190230002A1

公开(公告)日：2019-07-25

申请号：US16368980

申请日：2019-03-29

Applicant: Intel Corporation

Inventor： Francesc Guim Bernat ,  Kapil Sood ,  Tarun Viswanathan ,  Kshitij Doshi ,  Timothy Verrall ,  Ned M. Smith ,  Manish Dave ,  Alex Vul

IPC: H04L12/24 ,  H04L29/06

Abstract: Technologies for accelerated orchestration and attestation include multiple edge devices. An edge appliance device performs an attestation process with each of its components to generate component certificates. The edge appliance device generates an appliance certificate that is indicative of the component certificates and a current utilization of the edge appliance device and provides the appliance certificate to a relying party. The relying party may be an edge orchestrator device. The edge orchestrator device receives a workload scheduling request with a service level agreement requirement. The edge orchestrator device verifies the appliance certificate and determines whether the service level agreement requirement is satisfied based on the appliance certificate. If satisfied, the workload is scheduled to the edge appliance device. Attestation and generation of the appliance certificate by the edge appliance device may be performed by an accelerator of the edge appliance device. Other embodiments are described and claimed.