Patents by Inventor Feng Huo
Feng Huo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240143847Abstract: A method, system, and computer program product are disclosed for securely orchestrating containers in a container orchestration environment. The containers comprise confidential containers running in a trusted execution environment (TEE) and standard containers running in the container orchestration environment. The containers are securely orchestrated without modifying the containers, container runtimes, and platforms, protecting sensitive data and code of the containers by restricting access to containers.Type: ApplicationFiled: November 1, 2022Publication date: May 2, 2024Inventors: Tatsushi INAGAKI, Yohei UEDA, Moriyoshi OHARA, Petr NOVOTNY, James Robert MAGOWAN, Martin William John COCKS, Qi Feng HUO
-
Publication number: 20240143373Abstract: Virtual machine management is provided. A virtual machine is started automatically based on a custom resource definition of the virtual machine in response to the receiving the custom resource definition of the virtual machine. A container is generated to run an application workload in the virtual machine based on a container configuration file in response to the virtual machine starting. The application workload is deployed on the container automatically based on a container image corresponding to the container. The application workload is run on the container automatically in accordance with a definition of the application workload.Type: ApplicationFiled: November 2, 2022Publication date: May 2, 2024Inventors: Yuan Yuan Wang, Qi Feng Huo, Da Li Liu, Lei Li, Yan Song Liu
-
Patent number: 11928503Abstract: Embodiments are directed to deploying a workload on the best/highest performance node. Nodes configured to accommodate a request for a workload are selected. Information is collected on each of the selected nodes and the workload. Predicted response times expected for the workload running on each of the selected nodes are determined. The workload is deployed on a node of the selected nodes, the node having a corresponding predicted response time for the workload, the workload being deployed on the node based at least in part on the corresponding predicted response time.Type: GrantFiled: June 22, 2021Date of Patent: March 12, 2024Assignee: International Business Machines CorporationInventors: Qi Feng Huo, Yuan Yuan Wang, Da Li Liu, Lei Li, Yan Song Liu
-
Publication number: 20240072997Abstract: User data security is provided. Encrypted user data are identified in a virtual machine. A private key of a public/private cryptographic key pair corresponding to a user is retrieved. The encrypted user data is decrypted within the virtual machine utilizing the private key corresponding to the user to form decrypted user data. The encrypted user data are replaced in the virtual machine with the decrypted user data. The decrypted user data is processed in the virtual machine to perform a service in a cloud environment.Type: ApplicationFiled: August 29, 2022Publication date: February 29, 2024Inventors: Qi Feng Huo, Yuan Yuan Wang, Da Li Liu, Yan Song Liu, Lei Li
-
Patent number: 11893257Abstract: A system may include a memory and a processor in communication with the memory configured to perform operations. The may operations include obtaining transaction logs in blocks from nodes of a data storage system. The operations may include, for each transaction log, splitting the transaction log into log entries, grouping log entries into groups associated with a same data source, and writing the log entries of the groups to empty blocks such that log entries from different groups do not share a same block. The operations may include identifying a same sequence of log entries from the written transaction logs and uploading first blocks of a first transaction log, including the same sequence of log entries, to an object-based storage without uploading second blocks of a second transaction log including the same sequence of log entries to the object-based storage.Type: GrantFiled: June 15, 2022Date of Patent: February 6, 2024Assignee: International Business Machines CorporationInventors: Peng Hui Jiang, FengLi Wang, Qi Feng Huo, Jun Su, Hong Qing Zhou, Yan Lin Ren, Li Zhang, Ling Ling Sh Hu
-
Publication number: 20240012666Abstract: An approach for protecting container image and runtime data from host access may be presented. Container systems have allowed for more efficient utilization of computing resources, removing the requirement of a hypervisor, and packaging all necessary dependencies within an application. Preventing host access to container image and runtime data can be advantageous for a multitude of reasons. The approach herein may include, flattening a plurality of root file system of a one or more container images into a single layer. The approach may also include generating a container base image for each of the one or more flattened root file system. The approach may include encrypting each of the generated container base images with the flattened root file system.Type: ApplicationFiled: July 6, 2022Publication date: January 11, 2024Inventors: Wen Yi Gao, Qi Feng Huo, Si Bo Niu, Sen Wang, Dan Li
-
Publication number: 20230409224Abstract: A system may include a memory and a processor in communication with the memory configured to perform operations. The may operations include obtaining transaction logs in blocks from nodes of a data storage system. The operations may include, for each transaction log, splitting the transaction log into log entries, grouping log entries into groups associated with a same data source, and writing the log entries of the groups to empty blocks such that log entries from different groups do not share a same block. The operations may include identifying a same sequence of log entries from the written transaction logs and uploading first blocks of a first transaction log, including the same sequence of log entries, to an object-based storage without uploading second blocks of a second transaction log including the same sequence of log entries to the object-based storage.Type: ApplicationFiled: June 15, 2022Publication date: December 21, 2023Inventors: Peng Hui Jiang, FengLi Wang, Qi Feng Huo, Jun Su, Hong Qing Zhou, Yan Lin Ren, Li Zhang, Ling Ling SH Hu
-
Publication number: 20230412537Abstract: Cognitive determination of whether a message is suitable for sending over a data communications network can include extracting tokens from the message prior to transmitting the message. One or more intended recipients of the message can be determined from the tokens. A machine learning classification model corresponding to the one or more recipients of the message can be selected. The machine learning classification model can be constructed based on tokens extracted from prior messages, which are combined to create a plurality of documents for training the machine learning classification model. The one or more tokens extracted from the message can be classified using the machine learning classification model. An alert message can be generated in response to determining based on the classifying that the message is unsuited for sending.Type: ApplicationFiled: August 30, 2023Publication date: December 21, 2023Inventors: Dong Jun Zong, Da Li Liu, Qi Feng Huo, Yue Wang, Jing Xing, Jian Fang Zhang
-
Patent number: 11784948Abstract: Cognitive determination of whether a message is suitable for sending over a data communications network can include extracting tokens from the message prior to transmitting the message. One or more intended recipients of the message can be determined from the tokens. A machine learning classification model corresponding to the one or more recipients of the message can be selected. The machine learning classification model can be constructed based on tokens extracted from prior messages, which are combined to create a plurality of documents for training the machine learning classification model. The one or more tokens extracted from the message can be classified using the machine learning classification model. An alert message can be generated in response to determining based on the classifying that the message is unsuited for sending.Type: GrantFiled: January 29, 2020Date of Patent: October 10, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Dong Jun Zong, Da Li Liu, Qi Feng Huo, Yue Wang, Jing Xing, Jian Fang Zhang
-
Publication number: 20230297719Abstract: A computer-implemented method to limit access to sensitive information by filtering log files. The method includes deploying a first pod on a node of a cloud computing system, where the first pod includes a first container configured to run an application. The method also includes generating a first log file for the first container, where the first log file includes a set of actions performed by the application for a period of time. The method further includes filtering, by a filter, the first log file wherein the filter is configured to remove a type of sensitive data from the first log file. The method includes exporting, in response to the filtering, the first log file to the node. Advantageously, this can prevent various parties from accessing sensitive data that is contained in log files.Type: ApplicationFiled: March 21, 2022Publication date: September 21, 2023Inventors: Da Li Liu, Qi Feng Huo, Lei Li, YUAN YUAN WANG, Yan Song Liu
-
Publication number: 20230254147Abstract: In an approach, a processor receives, at an edge node, a message from an IoT device associated with the edge node, the message being embedded with at least one non-fungible token (NFT) and each of the at least one NFT representing a corresponding authorization associated with the IoT device. A processor retrieves, at the edge node, the at least one NFT from the received message. A processor validates, at the edge node, the received message based on the retrieved at least one NFT. A processor, responsive to validating the received message, forwards, by the edge node, the received message to a center node associated with the edge node.Type: ApplicationFiled: February 7, 2022Publication date: August 10, 2023Inventors: Qi Feng Huo, Xiang Dong Hu, Yan Lin Ren, Hong Qing Zhou, Peng Hui Jiang, Ling Ling SH Hu, Zhang Li
-
Publication number: 20230082851Abstract: A system may include a memory and a processor in communication with the memory. The processor may be configured to perform operations that include generating a key pair and encrypting a data credential with a public key to make a data credential secret. The operations may further include storing the data credential secret in a cluster on a host and deploying a workload on the cluster. The operations may also include establishing an empty bundle in the host and generating a pod trusted execution environment.Type: ApplicationFiled: September 10, 2021Publication date: March 16, 2023Inventors: Da Li Liu, Qi Feng Huo, YUAN YUAN WANG, Lei Li, Yan Song Liu
-
Publication number: 20230071714Abstract: Embodiments are directed to a container storage system in remote pods. A worker node virtual machine determines that a volume is available for attachment to the worker node virtual machine. An intermediary software of the worker node virtual machine causes a pod container storage interface to attach the volume to a pod virtual machine. In response to attaching the volume to the pod virtual machine, the intermediary software of the worker node virtual machine causes the pod container storage interface to mount the volume to the pod virtual machine such that the volume is available for use by the pod virtual machine.Type: ApplicationFiled: September 7, 2021Publication date: March 9, 2023Inventors: Qi Feng Huo, Da Li Liu, YUAN YUAN WANG, Lei Li, Yan Song Liu
-
Publication number: 20230070224Abstract: Embodiments are directed to using remote pods. An intermediary software is instantiated in a worker node virtual machine and is used to cause a pod virtual machine to be created, the pod virtual machine being remote from the worker node virtual machine. An overlay network is established between the intermediary software in the worker node virtual machine and a pod space in the pod virtual machine. The overlay network is used to cause containers to be created in the pod virtual machine, where the worker node virtual machine is configured to use the overlay network to manage communications with the pod virtual machine.Type: ApplicationFiled: September 7, 2021Publication date: March 9, 2023Inventors: Qi Feng Huo, XIAOJING LIU, Dan Qing Huang, Lei Li, Da Li Liu, YUAN YUAN WANG, Yan Song Liu
-
Patent number: 11579830Abstract: Embodiments generally enable a mobile device to display a window of a remote desktop on a mobile device with a native layout. In some embodiments, a method includes receiving a remote desktop display request from a mobile client device, wherein the remote desktop display request includes display information of the mobile client device. The method further includes generating a copy of a window process of a remote desktop computer. The method further includes generating a virtual display based at least in part on the copy of the window process of the remote desktop computer and on the display information of the mobile client device. The method further includes sending virtual display information to the mobile client device based at least in part on the virtual display.Type: GrantFiled: October 31, 2018Date of Patent: February 14, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Dong Jun Zong, Da Li Liu, Yue Wang, Jing Xing, Jian Fang Zhang, Qi Feng Huo
-
Publication number: 20230032363Abstract: In a method for encryption of sensitive data, an encrypted user private key is received in a Trusted Execution Environment (TEE) in a worker node in a container management system, the encrypted user private key being an encrypted version of a user private key for decrypting a message from a user in the container management system. The user private key is obtained in the TEE, and the encrypted user private key being decrypted into the user private key with a provider private key that is received from an encryption manager for managing the container management system. With these embodiments, the user private key may be transmitted to the worker node safely, such that the worker node may use the user private key to decrypt messages from the user. Therefore, the security level of the container management system may be increased.Type: ApplicationFiled: July 27, 2021Publication date: February 2, 2023Inventors: Qi Feng Huo, Yan Song Liu, Da Li Liu, Lei Li, YUAN YUAN WANG
-
Publication number: 20220405112Abstract: Aspects include providing isolation between a plurality of containers in a pod that are each executing on a different virtual machine (VM) on a host computer. Providing the isolation includes converting a data packet into a serial format for communicating with the host computer. The converted data packet is sent to a router executing on the host computer. The router determines a destination container in the plurality of containers based at least in part on content of the converted data packet and routes the converted data packet to the destination container.Type: ApplicationFiled: June 21, 2021Publication date: December 22, 2022Inventors: Qi Feng Huo, WEN YI GAO, Si Bo Niu, Sen Wang
-
Publication number: 20220405127Abstract: Embodiments are directed to deploying a workload on the best/highest performance node. Nodes configured to accommodate a request for a workload are selected. Information is collected on each of the selected nodes and the workload. Predicted response times expected for the workload running on each of the selected nodes are determined. The workload is deployed on a node of the selected nodes, the node having a corresponding predicted response time for the workload, the workload being deployed on the node based at least in part on the corresponding predicted response time.Type: ApplicationFiled: June 22, 2021Publication date: December 22, 2022Inventors: Qi Feng Huo, YUAN YUAN WANG, Da Li Liu, Lei Li, Yan Song Liu
-
Patent number: 11366683Abstract: A process deployment controller creates an updated image for an intermediary engine in order to execute one or more applications on a host infrastructure. The process deployment controller generates a partial image by executing source code from a template repository. The partial image provides a structure used to create an intermediary engine used with a container, which includes an application, as well as binaries and libraries required to execute the application in an infrastructure via the intermediary engine. The process deployment controller transmits an identifier of the infrastructure to a component registry; receives a component description of the infrastructure from the component registry; and uses the component description to create an updated image of the partial image. The process deployment controller, upon receiving a request for the application to run on the infrastructure, utilizes the updated image and intermediary engine to execute the application on the infrastructure.Type: GrantFiled: January 3, 2020Date of Patent: June 21, 2022Assignee: International Business Machines CorporationInventors: Yuan Yuan Wang, Qi Feng Huo, Da Li Liu, Cdl Lei Li, Yan Song Liu, Tian Xiaoyi, Shu Chao Wan
-
Publication number: 20220180221Abstract: A method includes predicting, using a machine learning model and based on a received set of user interactions on keywords appearing in a presentation, a knowledge background of the user indicating the user's degree of understanding of the presentation. The method also includes generating, based on the predicted knowledge background, a message comprising a description of a keyword in the presentation and coordinates where the description is to be positioned in the presentation and communicating the message to a device of the user.Type: ApplicationFiled: December 3, 2020Publication date: June 9, 2022Inventors: Qi Feng HUO, Jing Yan MA, Rui Li XU, Da Li LIU, Yuan Yuan WANG, Yan Song LIU, Lei LI