Patents by Inventor Vadim Sukhomlinov
Vadim Sukhomlinov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240333514Abstract: A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.Type: ApplicationFiled: June 10, 2024Publication date: October 3, 2024Inventors: Vadim Sukhomlinov, Alberto Martin, Andrey Pronin
-
Patent number: 12045308Abstract: Detailed are embodiments related to bit matrix multiplication in a processor. For example, in some embodiments a processor comprising: decode circuitry to decode an instruction have fields for an opcode, an identifier of a first source bit matrix, an identifier of a second source bit matrix, an identifier of a destination bit matrix, and an immediate; and execution circuitry to execute the decoded instruction to perform a multiplication of a matrix of S-bit elements of the identified first source bit matrix with S-bit elements of the identified second source bit matrix, wherein the multiplication and accumulation operations are selected by the operation selector and store a result of the matrix multiplication into the identified destination bit matrix, wherein S indicates a plural bit size is described.Type: GrantFiled: December 16, 2022Date of Patent: July 23, 2024Assignee: Intel CorporationInventors: Dmitry Y. Babokin, Kshitij A. Doshi, Vadim Sukhomlinov
-
Patent number: 12041174Abstract: A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.Type: GrantFiled: December 13, 2022Date of Patent: July 16, 2024Assignee: Google LLCInventors: Vadim Sukhomlinov, Alberto Martin, Andrey Pronin
-
Patent number: 11922220Abstract: Embodiments of systems, apparatuses and methods provide enhanced function as a service (FaaS) to users, e.g., computer developers and cloud service providers (CSPs). A computing system configured to provide such enhanced FaaS service include one or more controls architectural subsystems, software and orchestration subsystems, network and storage subsystems, and security subsystems. The computing system executes functions in response to events triggered by the users in an execution environment provided by the architectural subsystems, which represent an abstraction of execution management and shield the users from the burden of managing the execution. The software and orchestration subsystems allocate computing resources for the function execution by intelligently spinning up and down containers for function code with decreased instantiation latency and increased execution scalability while maintaining secured execution.Type: GrantFiled: April 16, 2019Date of Patent: March 5, 2024Assignee: Intel CorporationInventors: Mohammad R. Haghighat, Kshitij Doshi, Andrew J. Herdrich, Anup Mohan, Ravishankar R. Iyer, Mingqiu Sun, Krishna Bhuyan, Teck Joo Goh, Mohan J. Kumar, Michael Prinke, Michael Lemay, Leeor Peled, Jr-Shian Tsai, David M. Durham, Jeffrey D. Chamberlain, Vadim A. Sukhomlinov, Eric J. Dahlen, Sara Baghsorkhi, Harshad Sane, Areg Melik-Adamyan, Ravi Sahita, Dmitry Yurievich Babokin, Ian M. Steiner, Alexander Bachmutsky, Anil Rao, Mingwei Zhang, Nilesh K. Jain, Amin Firoozshahian, Baiju V. Patel, Wenyong Huang, Yeluri Raghuram
-
Patent number: 11748178Abstract: Examples described herein relate to requesting execution of a workload by a next function with data transport overhead tailored based on memory sharing capability with the next function. In some examples, data transport overhead is one or more of: sending a memory address pointer, virtual memory address pointer or sending data to the next function. In some examples, the memory sharing capability with the next function is based on one or more of: whether the next function shares an enclave with a sender function, the next function shares physical memory domain with a sender function, or the next function shares virtual memory domain with a sender function. In some examples, selection of the next function from among multiple instances of the next function based on one or more of: sharing of memory domain, throughput performance, latency, cost, load balancing, or service legal agreement (SLA) requirements.Type: GrantFiled: March 31, 2020Date of Patent: September 5, 2023Assignee: Intel CorporationInventors: Alexander Bachmutsky, Raghu Kondapalli, Francesc Guim Bernat, Vadim Sukhomlinov
-
Publication number: 20230251915Abstract: A computing apparatus, including: a hardware computing platform; and logic to operate on the hardware computing platform, configured to: receive a microservice instance registration for a microservice accelerator, wherein the registration includes a microservice that the microservice accelerator is configured to provide, and a microservice connection capability indicating an ability of the microservice instance to communicate directly with other instances of the same or a different microservice; and log the registration in a microservice registration database.Type: ApplicationFiled: March 27, 2023Publication date: August 10, 2023Applicant: Intel CorporationInventors: Vadim Sukhomlinov, Kshitij A. Doshi
-
Publication number: 20230195835Abstract: Detailed are embodiments related to bit matrix multiplication in a processor. For example, in some embodiments a processor comprising: decode circuitry to decode an instruction have fields for an opcode, an identifier of a first source bit matrix, an identifier of a second source bit matrix, an identifier of a destination bit matrix, and an immediate; and execution circuitry to execute the decoded instruction to perform a multiplication of a matrix of S-bit elements of the identified first source bit matrix with S-bit elements of the identified second source bit matrix, wherein the multiplication and accumulation operations are selected by the operation selector and store a result of the matrix multiplication into the identified destination bit matrix, wherein S indicates a plural bit size is described.Type: ApplicationFiled: December 16, 2022Publication date: June 22, 2023Inventors: Dmitry Y. Babokin, Kshitij A. Doshi, Vadim Sukhomlinov
-
Patent number: 11645127Abstract: A computing apparatus, including: a hardware computing platform; and logic to operate on the hardware computing platform, configured to: receive a microservice instance registration for a microservice accelerator, wherein the registration includes a microservice that the microservice accelerator is configured to provide, and a microservice connection capability indicating an ability of the microservice instance to communicate directly with other instances of the same or a different microservice; and log the registration in a microservice registration database.Type: GrantFiled: July 18, 2022Date of Patent: May 9, 2023Assignee: Intel CorporationInventors: Vadim Sukhomlinov, Kshitij A. Doshi
-
Patent number: 11646980Abstract: Technologies for packet forwarding under ingress queue overflow conditions includes a computing device configured to receive a network packet from another computing device, determine whether a global packet buffer of the NIC is full, and determine, in response to a determination that the global packet buffer is full, whether to forward all the global packet buffer entries. The computing device is additionally configured to compare, in response to a determination not to forward all the global packet buffer entries, a selection filter to one or more characteristics of the received network packet and forward, in response to a determination that the selection filter matches the one or more characteristics of the received network packet, the received network packet to a predefined output. Other embodiments are described herein.Type: GrantFiled: March 30, 2018Date of Patent: May 9, 2023Assignee: Intel CorporationInventors: Andrey Chilikin, Vadim Sukhomlinov
-
Patent number: 11640305Abstract: Examples are described that relate to waking up or invoking a function such as a processor-executed application or a hardware device. The application or a hardware device can specify which sources can cause wake-ups and which sources are not to cause wake-ups. A device or processor-executed software can monitor reads from or writes to a region of memory and cause the application or a hardware device to wake-up unless the wake-up is specified as inhibited. The updated region of memory can be precisely specified to allow a pinpoint retrieval of updated content instead of scanning a memory range for changes. In some cases, a write to a region of memory can include various parameters that are to be used by the woken-up application or a hardware device. Parameters can include a source of a wake-up, a timer to cap execution time, or any other information.Type: GrantFiled: July 26, 2019Date of Patent: May 2, 2023Assignee: Intel CorporationInventors: Alexander Bachmutsky, Kshitij A. Doshi, Raghu Kondapalli, Vadim Sukhomlinov
-
Publication number: 20230106348Abstract: A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.Type: ApplicationFiled: December 13, 2022Publication date: April 6, 2023Inventors: Vadim Sukhomlinov, Alberto Martin, Andrey Pronin
-
Patent number: 11568022Abstract: Detailed are embodiments related to bit matrix multiplication in a processor. For example, in some embodiments a processor comprising: decode circuitry to decode an instruction have fields for an opcode, an identifier of a first source bit matrix, an identifier of a second source bit matrix, an identifier of a destination bit matrix, and an immediate; and execution circuitry to execute the decoded instruction to perform a multiplication of a matrix of S-bit elements of the identified first source bit matrix with S-bit elements of the identified second source bit matrix, wherein the multiplication and accumulation operations are selected by the operation selector and store a result of the matrix multiplication into the identified destination bit matrix, wherein S indicates a plural bit size is described.Type: GrantFiled: January 22, 2021Date of Patent: January 31, 2023Assignee: Intel CorporationInventors: Dmitry Y. Babokin, Kshitij A. Doshi, Vadim Sukhomlinov
-
Patent number: 11562063Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.Type: GrantFiled: December 7, 2020Date of Patent: January 24, 2023Assignee: Intel CorporationInventors: Michael Lemay, David M. Durham, Michael E. Kounavis, Barry E. Huntley, Vedvyas Shanbhogue, Jason W. Brandt, Josh Triplett, Gilbert Neiger, Karanvir Grewal, Baiju Patel, Ye Zhuang, Jr-Shian Tsai, Vadim Sukhomlinov, Ravi Sahita, Mingwei Zhang, James C. Farwell, Amitabh Das, Krishna Bhuyan
-
Patent number: 11552798Abstract: A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.Type: GrantFiled: July 30, 2019Date of Patent: January 10, 2023Assignee: Waymo LLCInventors: Vadim Sukhomlinov, Alberto Martin, Andrey Pronin
-
Publication number: 20220350679Abstract: A computing apparatus, including: a hardware computing platform; and logic to operate on the hardware computing platform, configured to: receive a microservice instance registration for a microservice accelerator, wherein the registration includes a microservice that the microservice accelerator is configured to provide, and a microservice connection capability indicating an ability of the microservice instance to communicate directly with other instances of the same or a different microservice; and log the registration in a microservice registration database.Type: ApplicationFiled: July 18, 2022Publication date: November 3, 2022Applicant: Intel CorporationInventors: Vadim Sukhomlinov, Kshitij A. Doshi
-
Patent number: 11483245Abstract: Technologies for filtering network traffic on ingress include a network interface controller (NIC) configured to parse a header of a network packet received by the NIC to extract data from a plurality of header fields of the header. The NIC is additionally configured to determine an input set based on the field vector, retrieve a matching list from a plurality of matching lists, and compare the input set to each of the plurality of rules to identify a matching rule of the plurality of rules that matches a corresponding portion of the input set. The NIC is further configured to perform an action on the network packet based on an actionable instruction associated with the one of the plurality of rules that matches the corresponding portion of the input set. Other embodiments are described herein.Type: GrantFiled: September 13, 2018Date of Patent: October 25, 2022Assignee: Intel CorporationInventors: Andrey Chilikin, Ronen Aharon Hyatt, Vadim Sukhomlinov
-
Patent number: 11467888Abstract: A computing apparatus, including: a hardware computing platform; and logic to operate on the hardware computing platform, configured to: receive a microservice instance registration for a microservice accelerator, wherein the registration includes a microservice that the microservice accelerator is configured to provide, and a microservice connection capability indicating an ability of the microservice instance to communicate directly with other instances of the same or a different microservice; and log the registration in a microservice registration database.Type: GrantFiled: December 4, 2020Date of Patent: October 11, 2022Assignee: Intel CorporationInventors: Vadim Sukhomlinov, Kshitij A. Doshi
-
Publication number: 20220294885Abstract: Technologies for network packet processing between cloud and telecommunications networks includes a network computing device which includes two application layer packet translators (ALPTs). The first ALPT is configured to receive a network packet from a computing device in a telecommunications network, identify a virtual network function (VNF) instance, and perform an application layer encapsulation of at least a portion of data of the received network packet as a parameter of a remote procedure call (RPC) associated with the identified VNF instance. The first ALPT is additionally configured to invoke the identified VNF instance using an API call corresponding to the RPC that includes the RPC parameter and the VNF instance is configured to transmit an RPC call response to the second ALPT. The second ALPT is configured to generate a new network packet as a function of the RPC call response and transmit the new network packet to another computing device in a cloud network.Type: ApplicationFiled: June 1, 2022Publication date: September 15, 2022Inventors: Vadim Sukhomlinov, Kshitij Doshi, Areg MELIK-ADAMYAN
-
Patent number: 11388272Abstract: Technologies for network packet processing between cloud and telecommunications networks includes a network computing device which includes two application layer packet translators (ALPTs). The first ALPT is configured to receive a network packet from a computing device in a telecommunications network, identify a virtual network function (VNF) instance, and perform an application layer encapsulation of at least a portion of data of the received network packet as a parameter of a remote procedure call (RPC) associated with the identified VNF instance. The first ALPT is additionally configured to invoke the identified VNF instance using an API call corresponding to the RPC that includes the RPC parameter and the VNF instance is configured to transmit an RPC call response to the second ALPT. The second ALPT is configured to generate a new network packet as a function of the RPC call response and transmit the new network packet to another computing device in a cloud network.Type: GrantFiled: March 30, 2018Date of Patent: July 12, 2022Assignee: Intel CorporationInventors: Vadim Sukhomlinov, Kshitij Doshi, Areg Melik-Adamyan
-
Patent number: 11354240Abstract: The present disclosure is directed to systems and methods that include cache operation storage circuitry that selectively enables/disables the Cache Line Flush (CLFLUSH) operation. The cache operation storage circuitry may also selectively replace the CLFLUSH operation with one or more replacement operations that provide similar functionality but beneficially and advantageously prevent an attacker from placing processor cache circuitry in a known state during a timing-based, side channel attack such as Spectre or Meltdown. The cache operation storage circuitry includes model specific registers (MSRs) that contain information used to determine whether to enable/disable CLFLUSH functionality. The cache operation storage circuitry may include model specific registers (MSRs) that contain information used to select appropriate replacement operations such as Cache Line Demote (CLDEMOTE) and/or Cache Line Write Back (CLWB) to selectively replace CLFLUSH operations.Type: GrantFiled: June 22, 2020Date of Patent: June 7, 2022Assignee: Intel CorporationInventors: Vadim Sukhomlinov, Kshitij Doshi