Patents by Inventor Boris Pismenny
Boris Pismenny has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11418454Abstract: Apparatus including a first interface to a host processor, a second interface to transmit and receive data packets having headers and payloads, to and from a packet communication network, a memory holding context information regarding a flow of the data and assigning serial numbers to the data packets in the flow, according to a session-layer protocol, and processing circuitry between the first and second interfaces and having acceleration logic, to decode the data records according to the session-layer protocol, using and updating the context information based on the serial numbers and the data records of the received packets, and processing circuitry writing the decoded data records through the first interface to a host memory. The acceleration logic, upon receiving in a given flow a data packet containing a serial number that is out of order, reconstructs the context information and applies that context information in decoding data records in subsequent data packets in the flow.Type: GrantFiled: March 18, 2021Date of Patent: August 16, 2022Assignee: MELLANOX TECHNOLOGIES, LTD.Inventors: Boris Pismenny, Liran Liss, Ilya Lesokhin, Haggai Eran, Adi Menachem
-
Publication number: 20220021629Abstract: A network node includes a network adapter and a host. The network adapter is coupled to a communication network. The host includes a processor running a client process and a communication stack, and is configured to receive packets from the communication network, and classify the received packets into respective flows that are associated with respective chunks in a receive buffer, to distribute payloads of the received packets among the chunks so that payloads of packets classified to a given flow are stored in a given chunk assigned to the given flow, and to notify the communication stack of the payloads in the given chunk, for transferring the payloads in the given chunk to the client process.Type: ApplicationFiled: July 19, 2020Publication date: January 20, 2022Inventors: Gal Yefet, Avi Urman, Gil Kremer, Lior Narkis, Boris Pismenny
-
Publication number: 20210203479Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.Type: ApplicationFiled: March 11, 2021Publication date: July 1, 2021Inventors: Boris PISMENNY, Liran LISS, Ilya LESOKHIN
-
Publication number: 20210203610Abstract: Apparatus including a first interface to a host processor, a second interface to transmit and receive data packets having headers and payloads, to and from a packet communication network, a memory holding context information regarding a flow of the data and assigning serial numbers to the data packets in the flow, according to a session-layer protocol, and processing circuitry between the first and second interfaces and having acceleration logic, to decode the data records according to the session-layer protocol, using and updating the context information based on the serial numbers and the data records of the received packets, and processing circuitry writing the decoded data records through the first interface to a host memory. The acceleration logic, upon receiving in a given flow a data packet containing a serial number that is out of order, reconstructs the context information and applies that context information in decoding data records in subsequent data packets in the flow.Type: ApplicationFiled: March 18, 2021Publication date: July 1, 2021Inventors: Boris Pismenny, Liran Liss, Ilya Lesokhin, Haggai Eran, Adi Menachem
-
Publication number: 20210152675Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium. The network interface layer is configured to: A) receive a plurality of user datagram protocol (UDP) message segments from the physical network connection; B) coalesce the plurality of UDP message segments into a coalesced UDP message; and C) send the coalesced UDP message to an application layer external to the system. Related apparatus and methods are also provided.Type: ApplicationFiled: January 27, 2021Publication date: May 20, 2021Inventors: Boris Pismenny, Liran Liss, Yossi Kuperman, Roee Moyal
-
Patent number: 11005771Abstract: Packet processing apparatus includes a first interface coupled to a host processor and a second interface configured to transmit and receive data packets to and from a packet communication network. A memory holds context information with respect to one or more flows of the data packets conveyed between the host processor and the network in accordance with a reliable transport protocol and with respect to encoding, in accordance with a session-layer protocol, of data records that are conveyed in the payloads of the data packets in the one or more flows. Processing circuitry, coupled between the first and second interfaces, transmits and receives the data packets and includes acceleration logic, which encodes and decodes the data records in accordance with the session-layer protocol using the context information while updating the context information in accordance with the serial numbers and the data records of the transmitted data packets.Type: GrantFiled: October 15, 2018Date of Patent: May 11, 2021Assignee: MELLANOX TECHNOLOGIES, LTD.Inventors: Boris Pismenny, Liran Liss, Ilya Lesokhin, Haggai Eran, Adi Menachem
-
Publication number: 20210111996Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.Type: ApplicationFiled: December 1, 2020Publication date: April 15, 2021Inventors: Boris Pismenny, Miriam Menes, Idan Burstein, Liran Liss, Noam Bloch, Ariel Shahar
-
Patent number: 10979212Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.Type: GrantFiled: April 5, 2018Date of Patent: April 13, 2021Assignee: Mellanox Technologies, Ltd.Inventors: Boris Pismenny, Liran Liss, Ilya Lesokhin
-
Patent number: 10958627Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.Type: GrantFiled: April 27, 2020Date of Patent: March 23, 2021Assignee: MELLANOX TECHNOLOGIES, LTD.Inventors: Adi Menachem, Liran Liss, Boris Pismenny
-
Patent number: 10938965Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium, wherein the network interface layer is configured to: A) receive a user datagram protocol (UDP) message for sending, the UDP message having a length L, and a desired maximum network message size (MSS), B) segment the UDP message in accordance with the MSS into a plurality of message segments, each message segment having a size no greater than MSS, and adjust information in each of the plurality of message segments, and C) send the plurality of message segments via the physical network connection to a networking medium. Related apparatus and methods are also provided.Type: GrantFiled: June 17, 2019Date of Patent: March 2, 2021Assignee: MELLANOX TECHNOLOGIES, LTD.Inventors: Boris Pismenny, Liran Liss, Yossi Kuperman, Roee Moyal
-
Publication number: 20200259803Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.Type: ApplicationFiled: April 27, 2020Publication date: August 13, 2020Inventors: Adi Menachem, Liran Liss, Boris Pismenny
-
Patent number: 10708240Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.Type: GrantFiled: December 14, 2017Date of Patent: July 7, 2020Assignee: MELLANOX TECHNOLOGIES, LTD.Inventors: Adi Menachem, Liran Liss, Boris Pismenny
-
Publication number: 20190387079Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium, wherein the network interface layer is configured to: A) receive a user datagram protocol (UDP) message for sending, the UDP message having a length L, and a desired maximum network message size (MSS), B) segment the UDP message in accordance with the MSS into a plurality of message segments, each message segment having a size no greater than MSS, and adjust information in each of the plurality of message segments, and C) send the plurality of message segments via the physical network connection to a networking medium. Related apparatus and methods are also provided.Type: ApplicationFiled: June 17, 2019Publication date: December 19, 2019Inventors: Boris Pismenny, Liran Liss, Yossi Kuperman, Roee Moyal
-
Publication number: 20190190892Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.Type: ApplicationFiled: December 14, 2017Publication date: June 20, 2019Inventors: Adi Menachem, Liran Liss, Boris Pismenny
-
Publication number: 20190123891Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.Type: ApplicationFiled: April 5, 2018Publication date: April 25, 2019Inventors: Boris PISMENNY, Liran LISS, Ilya LESOKHIN
-
Publication number: 20190116127Abstract: Packet processing apparatus includes a first interface coupled to a host processor and a second interface configured to transmit and receive data packets to and from a packet communication network. A memory holds context information with respect to one or more flows of the data packets conveyed between the host processor and the network in accordance with a reliable transport protocol and with respect to encoding, in accordance with a session-layer protocol, of data records that are conveyed in the payloads of the data packets in the one or more flows. Processing circuitry, coupled between the first and second interfaces, transmits and receives the data packets and includes acceleration logic, which encodes and decodes the data records in accordance with the session-layer protocol using the context information while updating the context information in accordance with the serial numbers and the data records of the transmitted data packets.Type: ApplicationFiled: October 15, 2018Publication date: April 18, 2019Inventors: Boris Pismenny, Liran Liss, Ilya Lesokhin, Haggai Eran, Adi Menachem