公开(公告)号：US20240241831A1

公开(公告)日：2024-07-18

申请号：US18622745

申请日：2024-03-29

Applicant: Intel Corporation

Inventor： Junyuan WANG ,  Haoxiang SUN ,  Xin ZENG ,  Maksim LUKOSHKOV ,  Weigang LI ,  Zijuan FAN ,  Jun XU

IPC: G06F12/0862

CPC classification number: G06F12/0862 ,  G06F2212/602

Abstract: Techniques to reduce data processing latency for a device. Circuitry at a device coupled with a host processor can facilitate execution of parallel tasks associated with processing data for a service offloaded to the device from the host processor. The parallel tasks can include prefetching information for address translations related to a shared virtual memory (SVM) space that is shared between the device and the host processor and prefetching data to be processed by device in relation to the offloaded service.

公开(公告)号：US20220060322A1

公开(公告)日：2022-02-24

申请号：US17463453

申请日：2021-08-31

Applicant: INTEL CORPORATION

Inventor： Changzhen WEI ,  Junyuan WANG ,  Ned SMITH ,  Weigang LI ,  Ping YU

IPC: H04L9/08 ,  G16Y30/10 ,  G06F21/45 ,  H04L9/32 ,  H04L29/06

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

公开(公告)号：US20210014217A1

公开(公告)日：2021-01-14

申请号：US16957628

申请日：2018-03-31

Applicant: INTEL CORPORATION

Inventor： Changzheng WEI ,  Weigang LI ,  Danny T. ZHOU ,  Junyuan WANG ,  Hari K. TADEPALLI ,  Rashmin N. PATEL

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/00

Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.

公开(公告)号：US20240296137A1

公开(公告)日：2024-09-05

申请号：US18647547

申请日：2024-04-26

Applicant: Intel Corporation

Inventor： Junyuan WANG ,  Maksim LUKOSHKOV ,  Weigang LI ,  Xin ZENG

IPC: G06F13/42

CPC classification number: G06F13/4221 ,  G06F2213/0024

Abstract: Techniques to improve device scalability using a peer-to-peer protocol over a communication link. The techniques can include use of an input/output (IO) device access instruction set architecture (ISA) command to place an IO job request through an agent device from a host processor to a device, the host processor, agent device and device coupled to a communication link switch. The IO job request can be communicated through the communication link switch.

公开(公告)号：US20210203491A1

公开(公告)日：2021-07-01

申请号：US16649192

申请日：2017-12-29

Applicant: INTEL CORPORATION

Inventor： Changzheng WEI ,  Junyuan WANG ,  Ned SMITH ,  Weigang LI ,  Ping YU

IPC: H04L9/08 ,  G16Y30/10 ,  H04L9/32 ,  H04L29/06 ,  G06F21/45

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

公开(公告)号：US20220279013A1

公开(公告)日：2022-09-01

申请号：US17744463

申请日：2022-05-13

Applicant: Intel Corporation

Inventor： Kun QIU ,  Hao CHANG ,  Ying WANG ,  Wenjun ZHU ,  Xiahui YU ,  Yingqi LIU ,  Baoqian LI ,  Weigang LI

IPC: H04L9/40 ,  G06F16/242 ,  G06F16/903 ,  H04L9/32

Abstract: Methods and apparatus for a flexible Deterministic Finite Automata (DFA) tokenizer for AI-based malicious traffic detection. A DFA compiler is used to process profiles, such as SQLi, HTML5 and XSS profiles, as well as user-defined profiles, to generate corresponding DFA transition tables. The DFA tokenizer includes a DFA engine that employs the DFA transition table(s) to generate token sequences derived from input strings. The token sequences are converted into feature vectors using a feature extraction engine, and the feature vectors are used for training a machine learning/Artificial Intelligence (AI) model configured to perform binary classification (benign or malicious). During run-time, strings are extracted from input received via a network and tokenized with the DFA tokenizer to generate token sequences that are converted into feature vectors. The feature vectors are then classified using the AI model to determine whether the input is benign or malicious.

公开(公告)号：US20200233717A1

公开(公告)日：2020-07-23

申请号：US15755216

申请日：2017-03-28

Applicant: INTEL CORPORATION

Inventor： Ned M. SMITH ,  Changzheng WEI ,  Songwu SHEN ,  Ziye YANG ,  Junyuan WANG ,  Weigang LI ,  Wenqian YU

IPC: G06F9/50 ,  G06F21/76

Abstract: Technologies for hybrid acceleration of code include a computing device (100) having a processor (120), a field-programmable gate array (FPGA) (130), and an application-specific integrated circuit (ASIC) (132). The computing device (100) offloads a service request, such as a cryptographic request or a packet processing request, to the FPGA (130). The FPGA (130) performs one or more algorithmic tasks of an algorithm to perform the service request. The FPGA (130) determines one or more primitive tasks associated with an algorithm task and encapsulates each primitive task in a buffer that is accessible by the ASIC (132). The ASIC (132) performs the primitive tasks in response to encapsulation in the buffer, and the FPGA (130) returns results of the algorithm. The primitive operations may include cryptographic primitives such as modular exponentiation, modular multiplicative inverse, and modular multiplication. The results may be returned to the processor (120) or a network interface controller of the computing device (100).

公开(公告)号：US20200150734A1

公开(公告)日：2020-05-14

申请号：US16747202

申请日：2020-01-20

Applicant: Intel Corporation

Inventor： Liang MA ,  Weigang LI ,  Madhusudana RAGHUPATRUNI ,  Hongjun NI ,  Xuekun HU ,  Changzheng WEI ,  Chris MACNAMARA ,  John J. BROWNE

IPC: G06F1/324 ,  G06F21/60 ,  G06F9/54 ,  G06F21/53

Abstract: Examples described herein provide for a first core to map a measurement of packet processing activity and operating parameters so that a second core can access the measurement of packet processing activity and potentially modify an operating parameter of the first core. The second core can modify operating parameters of the first core based on the measurement of packet processing activity. The first and second cores can be provisioned on start-up with a common key. The first and second cores can use the common key to encrypt or decrypt measurement of packet processing activity and operating parameters that are shared between the first and second cores. Accordingly, operating parameters of the first core can be modified by a different core while providing for secure modification of operating parameters.

公开(公告)号：US20240118913A1

公开(公告)日：2024-04-11

申请号：US18283205

申请日：2021-03-26

Applicant: Intel Corporation

Inventor： Kaijie GUO ,  Junyuan WANG ,  Maksim LUKOSHKOV ,  Weigang LI ,  Xin ZENG

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45579 ,  G06F2009/45583 ,  G06F2009/45591

Abstract: An apparatus and method to implement shared virtual memory in a trust zone. For example, one embodiment of a processor comprises: a plurality of cores; a memory controller coupled to the plurality of cores to establish a first private memory region in a system memory using a first key associated with a first trust domain of a first guest; an input/output memory management unit (IOMMU) coupled to the memory controller, the IOMMU to receive a memory access request by an input/output (IO) device, the memory access request comprising a first address space identifier and a guest virtual address (GVA), the IOMMU to access an entry in a first translation table using at least the first address space identifier to determine that the memory access request is directed to the first private memory region which is not directly accessible to the IOMMU, the IOMMU to generate an address translation request associated with the memory access request, wherein based on the address translation request, a virtual machine monitor (VMM) running on one or more of the plurality of cores is to initiate a secure transaction sequence with trust domain manager to cause a secure entry into the first trust domain to translate the GVA to a physical address based on the address space identifier, the IOMMU to receive the physical address from the VMM and to use the physical address to perform the requested memory access on behalf of the IO device.

公开(公告)号：US20240020241A1

公开(公告)日：2024-01-18

申请号：US18254322

申请日：2020-12-24

Applicant: Intel Corporation

Inventor： Kaijie GUO ,  Weigang LI ,  Junyuan WANG ,  Bo CUI ,  Mithilesh K. DAS ,  Amit K. WARDHAN ,  Zijuan FAN ,  Maojun JI ,  Qianjun XIE ,  Tingqiang CHU

IPC: G06F12/1081

CPC classification number: G06F12/1081 ,  G06F2212/657

Abstract: Apparatus and method for performing address pre-translation to enhance direct memory access by hardware subsystems is described herein. An apparatus embodiment includes a processor to execute an enqueue instruction to submit, to a hardware subsystem, a job descriptor describing a job to be performed. The job descriptor includes virtual addresses of memory locations in which data required to perform the job are stored. An input-output memory management unit (IOMMU) is to obtain the address translations for the virtual addresses responsive to a pre-translation request from the processor. The address translations is obtained by the IOMMU prior to receiving a memory access request from the hardware subsystem. The IOMMU is to retrieve the data from the memory location using the address translations and to provide the retrieved data to the hardware subsystem to fulfill the request.