US 12,339,978 B2
Network interface with data protection
Kapil Sood, Portland, OR (US); and Patrick Connor, Beaverton, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Feb. 2, 2021, as Appl. No. 17/165,769.
Prior Publication US 2021/0157935 A1, May 27, 2021
Int. Cl. G06F 21/60 (2013.01); G06F 12/1009 (2016.01); G06F 12/14 (2006.01); G06F 21/53 (2013.01); G06F 21/71 (2013.01)
CPC G06F 21/606 (2013.01) [G06F 12/1009 (2013.01); G06F 12/1408 (2013.01); G06F 21/53 (2013.01); G06F 21/602 (2013.01); G06F 21/71 (2013.01)] 15 Claims
OG exemplary drawing
 
1. A method, comprising:
for an ingressed network packet:
determining, at a network interface controller (NIC), a destination virtual environment (VE) for the network packet, wherein the NIC comprises a network interface, packet processing circuitry, and a direct memory access (DMA) circuitry and the destination VE comprises a trusted environment (TE),
determining, at the NIC, a peripheral bus encryption scheme of a peripheral bus connecting the NIC to a memory,
encrypting, at the NIC, the network packet in accordance with the determined peripheral bus encryption scheme,
encrypting, at the NIC, the network packet in accordance with an encryption scheme utilized in the TE, and
the NIC copying the encrypted network packet to a memory address associated with the TE.