Process-to-process secure data movement in network functions virtualization infrastructures

Assignee

• Intel Corporation · US

Inventors

• Bo Cui · Shanghai, CN
• Cunming Liang · Shanghai, CN
• Jr-Shian Tsai · Beaverton, US
• Ping Yu · Castaic, US
• Xiaobing Qian · Changning City, CN
• Xuekun Hu · Shanghai, CN
• Lin Luo · Sugar Land, US
• Shravan Nagraj · Bengaluru, IN
• Xiaowen Zhang · Jiaocheng District, CN
• Mesut A. Ergin · Portland, US
• Tsung-Yuan C. Tai · Portland, US
• Andrew J. Herdrich · Hillsboro, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2107
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In some examples, for process-to-process communication, such as in function linking, a virtual channel can be provisioned to provide virtual machine to virtual machine communications. In response to a transmit request from a source virtual machine, the virtual channel can cause a data copy from a source buffer associated with the source virtual machine without decryption or encryption. The virtual channel provisions a key identifier for the copied data. The destination virtual machine can receive an indication data is available and can cause the data to be decrypted using a key accessed using the key identifier and source address of the copied data. In addition, the data can be encrypted using a second, different key for storage in a destination buffer associated with the destination virtual machine. In some examples, the key identifier and source address is managed by the virtual channel and is not visible to virtual machine or hypervisor.