公开(公告)号：WO2022133875A1

公开(公告)日：2022-06-30

申请号：PCT/CN2020/138904

申请日：2020-12-24

Applicant: INTEL CORPORATION ,  MA, Liang ,  YU, Ping ,  ZHANG, Fan ,  LI, Weigang ,  ZENG, Xin ,  YE, Xiaolong

Inventor： MA, Liang ,  YU, Ping ,  ZHANG, Fan ,  LI, Weigang ,  ZENG, Xin ,  YE, Xiaolong

IPC: H04L29/06 ,  H04W76/10 ,  H04W76/30

Abstract: Various systems and methods for implementing protocol state aware power management are described herein. A network interface device for implementing protocol state aware power management includes circuitry to provide a direct memory access interface; medium access control (MAC) circuitry to interface with a network; and control circuitry to: classify packets received at the MAC circuitry as packets used to open network connections or packets used to close network connections; maintain statistics of packets used to open network connections and packets used to close network connections; calculate a power hint based on the statistics of packets used to open connections and packets used to close network connections; and write a receive descriptor to a host memory using the direct memory access interface, the receive descriptor including a power hint field with the power hint, the power hint used by a host processor to scale processor power based on the power hint.

公开(公告)号：WO2022198619A1

公开(公告)日：2022-09-29

申请号：PCT/CN2021/083178

申请日：2021-03-26

Applicant: INTEL CORPORATION ,  GUO, Kaijie ,  WANG, Junyuan ,  LUKOSHKOV, Maksim ,  LI, Weigang ,  ZENG, Xin

Inventor： GUO, Kaijie ,  WANG, Junyuan ,  LUKOSHKOV, Maksim ,  LI, Weigang ,  ZENG, Xin

IPC: G06F12/00

Abstract: An apparatus and method to implement shared virtual memory in a trust zone. For example, one embodiment of a processor comprises: a plurality of cores; a memory controller coupled to the plurality of cores to establish a first private memory region in a system memory using a first key associated with a first trust domain of a first guest; an input/output memory management unit (IOMMU) coupled to the memory controller, the IOMMU to receive a memory access request by an input/output (IO) device, the memory access request comprising a first address space identifier and a guest virtual address (GVA), the IOMMU to access an entry in a first translation table using at least the first address space identifier to determine that the memory access request is directed to the first private memory region which is not directly accessible to the IOMMU, the IOMMU to generate an address translation request associated with the memory access request, wherein based on the address translation request, a virtual machine monitor (VMM) running on one or more of the plurality of cores is to initiate a secure transaction sequence with trust domain manager to cause a secure entry into the first trust domain to translate the GVA to a physical address based on the address space identifier, the IOMMU to receive the physical address from the VMM and to use the physical address to perform the requested memory access on behalf of the IO device.

公开(公告)号：WO2020000391A1

公开(公告)日：2020-01-02

申请号：PCT/CN2018/093737

申请日：2018-06-29

Applicant: INTEL CORPORATION ,  WEI, Changzheng ,  YANG, Ziye ,  WANG, Junyuan ,  LIANG, Cunming ,  HOU, Junhua ,  LI, Weigang ,  YU, Ping ,  YANG, Yi ,  LI, Baoqian ,  ZENG, Xin

Inventor： WEI, Changzheng ,  YANG, Ziye ,  WANG, Junyuan ,  LIANG, Cunming ,  HOU, Junhua ,  LI, Weigang ,  YU, Ping ,  YANG, Yi ,  LI, Baoqian ,  ZENG, Xin

IPC: H04L29/06

Abstract: Embodiments include apparatuses, methods, and systems including one or more servers and one or more storage devices, coupled with each other, to provide virtual storage service to store a file and meta data of the file for a client computing device. The file and the meta data of the file may be encrypted by the client computing device before providing to the virtual storage service. The file may be encrypted with a secret key of the client computing device, and the meta data of the file may be encrypted with a shared session key between the client computing device and the virtual storage service. The encrypted file may be stored in the one or more storage devices, and the encrypted meta data of the file may be stored in one or more secured areas of the one or more servers. Other embodiments may also be described and claimed.

公开(公告)号：WO2018120017A1

公开(公告)日：2018-07-05

申请号：PCT/CN2016/113494

申请日：2016-12-30

Applicant: INTEL CORPORATION ,  LI, Weigang ,  ZHOU, Danny, Yigang ,  WEI, Changzheng

Inventor： LI, Weigang ,  ZHOU, Danny, Yigang ,  WEI, Changzheng

IPC: H04L9/08

CPC classification number: H04L9/0866 ,  H04L9/0822 ,  H04L9/0897 ,  H04L2209/60

Abstract: An apparatus (800) for a key exchange to establish a secure connection in a network function virtualization environment. The apparatus (800) exchanges an encrypted session key (410) between virtual network functions (VNF-A, VNF-B, VNF-C) executed by respective virtual machines (160-1 to 160-N) to establish the secure connection over a network connection, and uses a hardware security module (150) coupled with a processor (110) that supports at least one of the respective virtual machines (160-1 to 160-N). The hardware security module (150) facilitates encryption and decryption of the exchanged encrypted session key (410) via use of a virtual network function fingerprint (210, 220) for at least one of the virtual network functions(VNF-A, VNF-B, VNF-C).

公开(公告)号：WO2017137802A1

公开(公告)日：2017-08-17

申请号：PCT/IB2016/050682

申请日：2016-02-09

Applicant: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) ,  CHEN, Xixian ,  LAI, Xiaoming ,  LI, Weigang ,  YU, Dongsheng

Inventor： CHEN, Xixian ,  LAI, Xiaoming ,  LI, Weigang ,  YU, Dongsheng

IPC: H04W76/04

CPC classification number: H04L5/001 ,  H04L5/0058 ,  H04L5/0098 ,  H04W36/00 ,  H04W76/15

Abstract: Techniques are disclosed to manage the component cell configuration of a mobile terminal in a wireless communication network, the component cell configuration comprising at least one downlink component cell and at least one uplink component cell. The techniques may comprise, at a radio network controller, monitoring at least one network performance metric and determining that the at least one network performance metric is not in compliance with at least one corresponding network performance threshold. The techniques may also comprise modifying the component cell configuration of the mobile terminal, in response to determining that the at least one network performance metric is not in compliance with the at least one corresponding network performance threshold, such as to bring the at least one network performance metric in compliance with the at least one corresponding network performance threshold, and configuring the mobile terminal with the modified component cell configuration.

Abstract translation: 公开了用于管理无线通信网络中的移动终端的组件小区配置的技术，该组件小区配置包括至少一个下行链路分量小区和至少一个上行链路分量小区。 该技术可以包括在无线电网络控制器处监测至少一个网络性能度量并且确定该至少一个网络性能度量不符合至少一个相应的网络性能阈值。 所述技术还可以包括响应于确定所述至少一个网络性能度量不符合所述至少一个对应的网络性能阈值而修改所述移动终端的组件小区配置，以便使所述至少一个网络 遵照所述至少一个对应的网络性能阈值来确定性能度量，并且使用所述修改的组件单元配置来配置所述移动终端。

公开(公告)号：WO2020000401A1

公开(公告)日：2020-01-02

申请号：PCT/CN2018/093764

申请日：2018-06-29

Applicant: INTEL CORPORATION ,  LI, Weigang ,  WEI, Changzheng ,  BARRY, John ,  TAHHAN, Maryam ,  SVENNEBRING, Jonas Alexander ,  MCDONNELL, Niall D. ,  LECKEY, Alexander ,  FLEMING, Patrick ,  MACNAMARA, Christopher ,  BROWNE, John Joseph

Inventor： LI, Weigang ,  WEI, Changzheng ,  BARRY, John ,  TAHHAN, Maryam ,  SVENNEBRING, Jonas Alexander ,  MCDONNELL, Niall D. ,  LECKEY, Alexander ,  FLEMING, Patrick ,  MACNAMARA, Christopher ,  BROWNE, John Joseph

IPC: G06F3/06

Abstract: There is disclosed a computing apparatus, including: a memory; a memory encryption controller to encrypt at least a region of the memory; and a network interface to communicatively couple the computing apparatus to a remote host; wherein the memory encryption controller is configured to send an encrypted packet decryptable via an encryption key directly from the memory to the remote host via the network interface, bypassing a network protocol stack.

公开(公告)号：WO2018176238A1

公开(公告)日：2018-10-04

申请号：PCT/CN2017/078472

申请日：2017-03-28

Applicant: INTEL CORPORATION ,  SMITH, Ned, M. ,  WEI, Changzheng ,  SHEN, Songwu ,  YANG, Ziye ,  WANG, Junyuan ,  LI, Weigang ,  YU, Wenqian

Inventor： SMITH, Ned, M. ,  WEI, Changzheng ,  SHEN, Songwu ,  YANG, Ziye ,  WANG, Junyuan ,  LI, Weigang ,  YU, Wenqian

IPC: G06F9/50

CPC classification number: G06F9/5044 ,  G06F2209/509

Abstract: Technologies for hybrid acceleration of code include a computing device (100) having a processor (120), a field-programmable gate array (FPGA) (130), and an application-specific integrated circuit (ASIC) (132). The computing device (100) offloads a service request, such as a cryptographic request or a packet processing request, to the FPGA (130). The FPGA (130) performs one or more algorithmic tasks of an algorithm to perform the service request. The FPGA (130) determines one or more primitive tasks associated with an algorithm task and encapsulates each primitive task in a buffer that is accessible by the ASIC (132). The ASIC (132) performs the primitive tasks in response to encapsulation in the buffer, and the FPGA (130) returns results of the algorithm. The primitive operations may include cryptographic primitives such as modular exponentiation, modular multiplicative inverse, and modular multiplication. The results may be returned to the processor (120) or a network interface controller of the computing device (100).

公开(公告)号：WO2022198548A1

公开(公告)日：2022-09-29

申请号：PCT/CN2021/082908

申请日：2021-03-25

Applicant: INTEL CORPORATION ,  GUO, Kaijie ,  RAJ, Ashok ,  SMITH, Ned ,  LI, Weigang ,  WANG, Junyuan ,  ZENG, Xin ,  WILL, Brian ,  FAN, Zijuan ,  KOUNAVIS, Michael E. ,  XIE, Qianjun ,  WANG, Yuan ,  HUO, Yao

Inventor： GUO, Kaijie ,  RAJ, Ashok ,  SMITH, Ned ,  LI, Weigang ,  WANG, Junyuan ,  ZENG, Xin ,  WILL, Brian ,  FAN, Zijuan ,  KOUNAVIS, Michael E. ,  XIE, Qianjun ,  WANG, Yuan ,  HUO, Yao

IPC: G06F13/00

Abstract: An embodiment of an integrated circuit may comprise memory to store respective resource control descriptors in correspondence with respective identifiers, and an input/output (IO) memory management unit (IOMMU) communicatively coupled to the memory, the IOMMU including circuitry to determine resource control information for an IO transaction based on a resource control descriptor stored in the memory that corresponds to an identifier associated with the IO transaction, and control utilization of one or more resources of the IOMMU based on the determined resource control information. Other embodiments are disclosed and claimed.

公开(公告)号：WO2022133841A1

公开(公告)日：2022-06-30

申请号：PCT/CN2020/138775

申请日：2020-12-24

Applicant: INTEL CORPORATION ,  GUO, Kaijie ,  LI, Weigang ,  WANG, Junyuan ,  CUI, Bo ,  DAS, Mithilesh K. ,  WARDHAN, Amit K. ,  FAN, Zijuan ,  JI, Maojun ,  XIE, Qianjun ,  CHU, Tingqiang

Inventor： GUO, Kaijie ,  LI, Weigang ,  WANG, Junyuan ,  CUI, Bo ,  DAS, Mithilesh K. ,  WARDHAN, Amit K. ,  FAN, Zijuan ,  JI, Maojun ,  XIE, Qianjun ,  CHU, Tingqiang

IPC: G06F12/10

Abstract: Apparatus and method for performing address pre-translation to enhance direct memory access by hardware subsystems is described herein. An apparatus embodiment includes a processor to execute an enqueue instruction to submit, to a hardware subsystem, a job descriptor describing a job to be performed. The job descriptor includes virtual addresses of memory locations in which data required to perform the job are stored. An input-output memory management unit (IOMMU) is to obtain the address translations for the virtual addresses responsive to a pre-translation request from the processor. The address translations is obtained by the IOMMU prior to receiving a memory access request from the hardware subsystem. The IOMMU is to retrieve the data from the memory location using the address translations and to provide the retrieved data to the hardware subsystem to fulfill the request.

公开(公告)号：WO2019183980A1

公开(公告)日：2019-10-03

申请号：PCT/CN2018/081485

申请日：2018-03-31

Applicant: INTEL CORPORATION ,  WEI, Changzheng ,  LI, Weigang ,  ZHOU, Danny T. ,  WANG, Junyuan ,  TADEPALLI, Hari K. ,  PATEL, Rashmin N.

Inventor： WEI, Changzheng ,  LI, Weigang ,  ZHOU, Danny T. ,  WANG, Junyuan ,  TADEPALLI, Hari K. ,  PATEL, Rashmin N.

IPC: H04L29/06

Abstract: Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.