公开(公告)号：US10445272B2

公开(公告)日：2019-10-15

申请号：US16027776

申请日：2018-07-05

Applicant: Intel Corporation

Inventor： Kevin Devey ,  John Browne ,  Chris Macnamara ,  Eoin Walsh ,  Bruce Richardson ,  Andrew Cunningham ,  Niall Power ,  David Hunt ,  Changzheng Wei ,  Eliezer Tamir

IPC: G06F13/38 ,  G06F1/3203 ,  G06F9/455 ,  G06F9/4401

Abstract: A network system includes a central processing unit and a peripheral device in electrical communication with the central processing unit. The peripheral device has at least one power input and a data input. The network system also includes an out of band controller in electrical communication with the central processing unit, the peripheral device, and an external management interface. Responsive to an identified threat, the out of band controller is configured to disable the at least one power input and the data input to the peripheral device, where the disablement indicates to the central processing unit that a hot plug event has occurred with respect to the peripheral device. The out of band controller is also configured to enable auxiliary power to the peripheral device such that the out of band controller remains in communication with the peripheral device during remediation of the identified threat.

公开(公告)号：US20190042506A1

公开(公告)日：2019-02-07

申请号：US16027776

申请日：2018-07-05

Applicant: Intel Corporation

Inventor： Kevin Devey ,  John Browne ,  Chris Macnamara ,  Eoin Walsh ,  Bruce Richardson ,  Andrew Cunningham ,  Niall Power ,  David Hunt ,  Changzheng Wei ,  Eliezer Tamir

IPC: G06F13/38 ,  G06F1/32 ,  G06F9/455

Abstract: A network system includes a central processing unit and a peripheral device in electrical communication with the central processing unit. The peripheral device has at least one power input and a data input. The network system also includes an out of band controller in electrical communication with the central processing unit, the peripheral device, and an external management interface. Responsive to an identified threat, the out of band controller is configured to disable the at least one power input and the data input to the peripheral device, where the disablement indicates to the central processing unit that a hot plug event has occurred with respect to the peripheral device. The out of band controller is also configured to enable auxiliary power to the peripheral device such that the out of band controller remains in communication with the peripheral device during remediation of the identified threat.

公开(公告)号：US20190042419A1

公开(公告)日：2019-02-07

申请号：US16024773

申请日：2018-06-30

Applicant: Intel Corporation

Inventor： Eliezer Tamir ,  Bruce Richardson ,  Niall Power ,  Andrew Cunningham ,  David Hunt ,  Kevin Devey ,  Changzheng Wei

IPC: G06F12/084 ,  G06F12/1072

Abstract: Technologies for demoting cache lines to a shared cache include a compute device with at least one processor having multiple cores, a cache memory with a core-local cache and a shared cache, and a cache line demote device. A processor core of a processor of the compute device is configured to retrieve at least a portion of data of a received network packet and move the data into one or more core-local cache lines of the core-local cache. The processor core is further configured to perform a processing operation on the data and transmit a cache line demotion command to the cache line demote device subsequent to having completed the processing operation. The cache line demote device is configured to perform a cache line demotion operation to demote the data from the core-local cache lines to shared cache lines of the shared cache. Other embodiments are described herein.

公开(公告)号：US11703933B2

公开(公告)日：2023-07-18

申请号：US16747202

申请日：2020-01-20

Applicant: Intel Corporation

Inventor： Liang Ma ,  Weigang Li ,  Madhusudana Raghupatruni ,  Hongjun Ni ,  Xuekun Hu ,  Changzheng Wei ,  Chris MacNamara ,  John J. Browne

IPC: G06F9/54 ,  G06F1/324 ,  G06F21/60 ,  G06F21/53

CPC classification number: G06F1/324 ,  G06F9/544 ,  G06F21/53 ,  G06F21/606 ,  G06F2221/032

Abstract: Examples described herein provide for a first core to map a measurement of packet processing activity and operating parameters so that a second core can access the measurement of packet processing activity and potentially modify an operating parameter of the first core. The second core can modify operating parameters of the first core based on the measurement of packet processing activity. The first and second cores can be provisioned on start-up with a common key. The first and second cores can use the common key to encrypt or decrypt measurement of packet processing activity and operating parameters that are shared between the first and second cores. Accordingly, operating parameters of the first core can be modified by a different core while providing for secure modification of operating parameters.

公开(公告)号：US11687375B2

公开(公告)日：2023-06-27

申请号：US17724764

申请日：2022-04-20

Applicant: Intel Corporation

Inventor： Ned Smith ,  Changzheng Wei ,  Songwu Shen ,  Ziye Yang ,  Junyuan Wang ,  Weigang Li ,  Wenqian Yu

IPC: G06F9/50 ,  G06F21/76 ,  G06F21/60

CPC classification number: G06F9/5044 ,  G06F9/505 ,  G06F21/76 ,  G06F21/602 ,  G06F2209/509 ,  Y02D10/00

Abstract: Technologies for hybrid field-programmable gate array (FPGA) application-specific integrated circuit (ASIC) code acceleration are described. In one example, the computing device includes a FPGA comprising: algorithm circuitry to: perform one or more algorithm tasks of an algorithm, wherein the algorithm to perform a service request that is offloaded to the FPGA; and determine a primitive task associated with an algorithm task of the one or more algorithm tasks; primitive offload circuitry to encapsulate the primitive task in a buffer of the FPGA, wherein the buffer is accessible by an ASIC of the computing device; and result circuitry to return one or more results of the service request responsive to performance of the primitive task by the ASIC.

公开(公告)号：US11494520B2

公开(公告)日：2022-11-08

申请号：US16614236

申请日：2017-06-16

Applicant: Intel Corporation

Inventor： Changzheng Wei ,  Weigang Li ,  Cunming Liang

IPC: G06F21/78 ,  G06F21/44 ,  H04L9/08 ,  G06F21/76

Abstract: An embodiment of an electronic processing system may include a processor, persistent storage media communicatively coupled to the processor, a reconfigurable device communicatively coupled to the processor over a physically isolated trusted communication channel, a secure provisioner communicatively coupled to the processor and the reconfigurable device to provision a secure storage area and to securely store a remotely generated bitstream security key in the provisioned secure storage area, and a device configurer to configure the reconfigurable device with a remotely generated bitstream and the remotely generated bitstream security key. Other embodiments are disclosed and claimed.

公开(公告)号：US20210326182A1

公开(公告)日：2021-10-21

申请号：US17220763

申请日：2021-04-01

Applicant: Intel Corporation

Inventor： Ned M. Smith ,  Changzheng Wei ,  Songwu Shen ,  Ziye Yang ,  Junyuan Wang ,  Weigang Li ,  Wenqian Yu

IPC: G06F9/50 ,  G06F21/76

Abstract: Technologies for hybrid acceleration of code include a computing device (100) having a processor (120), a field-programmable gate array (FPGA) (130), and an application-specific integrated circuit (ASIC) (132). The computing device (100) offloads a service request, such as a cryptographic request or a packet processing request, to the FPGA (130). The FPGA (130) performs one or more algorithmic tasks of an algorithm to perform the service request. The FPGA (130) determines one or more primitive tasks associated with an algorithm task and encapsulates each primitive task in a buffer that is accessible by the ASIC (132). The ASIC (132) performs the primitive tasks in response to encapsulation in the buffer, and the FPGA (130) returns results of the algorithm. The primitive operations may include cryptographic primitives such as modular exponentiation, modular multiplicative inverse, and modular multiplication. The results may be returned to the processor (120) or a network interface controller of the computing device (100).

公开(公告)号：US11025627B2

公开(公告)日：2021-06-01

申请号：US15865984

申请日：2018-01-09

Applicant: Intel Corporation

Inventor： Weigang Li ,  Ned M. Smith ,  Changzheng Wei

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/32 ,  H04W12/06 ,  H04W12/08 ,  H04W12/00

Abstract: Various systems and methods of scalable and secure resource isolation and sharing for Internet of Things (IoT) networks, are described. Techniques for requesting inter-domain resource access and enabling resource sharing with use of an inter domain token are also described. In an example, communications in an IoT network to establish connectivity between a first device in a first domain and a second device in a second domain may include: receiving, from the first device at a collaboration cloud service, a request to access a resource of the second device; requesting and receiving, from an authorization provider, an inter-domain authorization token; and requesting, from the second device, access to the resource using the inter-domain authorization token; communications from the first device to access the second device are then performed between the first device and the second device based on a session key obtained with the inter-domain authorization token.

公开(公告)号：US10970119B2

公开(公告)日：2021-04-06

申请号：US15755216

申请日：2017-03-28

Applicant: INTEL CORPORATION

Inventor： Ned M. Smith ,  Changzheng Wei ,  Songwu Shen ,  Ziye Yang ,  Junyuan Wang ,  Weigang Li ,  Wenqian Yu

IPC: G06F9/50 ,  G06F21/76 ,  G06F21/60

Abstract: Technologies for hybrid acceleration of code include a computing device (100) having a processor (120), a field-programmable gate array (FPGA) (130), and an application-specific integrated circuit (ASIC) (132). The computing device (100) offloads a service request, such as a cryptographic request or a packet processing request, to the FPGA (130). The FPGA (130) performs one or more algorithmic tasks of an algorithm to perform the service request. The FPGA (130) determines one or more primitive tasks associated with an algorithm task and encapsulates each primitive task in a buffer that is accessible by the ASIC (132). The ASIC (132) performs the primitive tasks in response to encapsulation in the buffer, and the FPGA (130) returns results of the algorithm. The primitive operations may include cryptographic primitives such as modular exponentiation, modular multiplicative inverse, and modular multiplication. The results may be returned to the processor (120) or a network interface controller of the computing device (100).

公开(公告)号：US11805116B2

公开(公告)日：2023-10-31

申请号：US16957628

申请日：2018-03-31

Applicant: INTEL CORPORATION

Inventor： Changzheng Wei ,  Weigang Li ,  Danny Y. Zhou ,  Junyuan Wang ,  Hari K. Tadepalli ,  Rashmin N. Patel

IPC: H04W12/04 ,  H04W12/06 ,  H04L9/40 ,  H04W12/00 ,  H04L9/32 ,  G06F21/72

CPC classification number: H04L63/0823 ,  H04L9/3242 ,  H04L63/12 ,  H04W12/009 ,  H04L2463/062

Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.