Third-party access object management method and system for open interconnection

By collecting and credibly processing multi-source telemetry data to generate credible telemetry profiles, conducting health assessments, and generating governance strategies, the system solves the problems of health awareness and automatic governance of third-party access objects in the Lingqu Open Interconnection System, thereby improving governance efficiency and system reliability.

CN122339857APending Publication Date: 2026-07-03SHANGHAI FANGYI WANQIANG MICROELECTRONICS CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANGHAI FANGYI WANQIANG MICROELECTRONICS CO LTD
Filing Date
2026-06-05
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

In the Lingqu Open Interconnection System, the operating status of third-party access objects exhibits strong dynamism and uncertainty, lacking a dedicated mechanism at the boundary of input/output interconnection chips for health recognition and automatic governance.

Method used

Multi-source telemetry data from input/output interconnect chips is collected, trusted data is generated through trust processing, a trusted telemetry profile is created, a health assessment is performed, and governance strategies are generated based on the assessment results and applied to the communication path to execute governance actions, including access restriction, semantic degradation, service rate limiting, and fault isolation.

Benefits of technology

It enables continuous, refined, and differentiated governance of third-party access objects, improves the efficiency of open interconnection governance and the reliability of system operation, and eliminates the reliance on scattered local counters and fragmented monitoring.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122339857A_ABST
    Figure CN122339857A_ABST
Patent Text Reader

Abstract

This invention provides a governance method and system for third-party access objects in the Lingqu Open Interconnection system, belonging to the field of open interconnection technology. The method includes: collecting multi-source telemetry data from third-party access objects connected to the I / O interconnection chip; performing trustworthy processing to generate a trusted telemetry profile; conducting a health assessment based on the profile; mapping the health assessment results to generate corresponding matching governance strategies, and applying them to the communication path between the third-party access object and the Lingqu Open Interconnection system to execute corresponding governance actions. Beneficial effects: By establishing a unified runtime trusted telemetry framework for third-party access objects in the Lingqu Open Interconnection system, an object-level operational view is formed, eliminating reliance on fragmented monitoring; comprehensive object-level health assessment results are formed by integrating multi-dimensional telemetry information, which are mapped to matching governance strategies to execute corresponding governance actions, thus constructing a direct closed-loop linkage mechanism from telemetry results to governance actions, improving governance efficiency and operational reliability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of open interconnection technology, and in particular to a method and system for governing third-party access objects for Lingqu open interconnection. Background Technology

[0002] As the Unified Bus (UB) open interconnection system gradually shifts from a closed and controlled internal interconnection to open access for third-party access objects such as third-party chips, third-party modules, etc., the responsibilities of the input / output (IO) interconnection chips located at the third-party access boundary are no longer limited to link establishment, forwarding, and basic path isolation. They need to further assume system responsibilities for runtime governance, service maintenance, and risk control within the Unified Bus unified protocol domain. After completing trusted authentication, capability declaration, resource authorization, and configuration management, third-party access objects will continuously participate in the entire lifecycle of operations within the Unified Bus interconnection domain, including data transmission and reception, shared resource access, message interaction, doorbell or interrupt interaction, and queue and descriptor updates.

[0003] Third-party access objects come from heterogeneous sources, have significant implementation differences, and operate in complex environments, exhibiting highly dynamic and uncertain operational states. The Lingqu standard provides basic management entry points such as configuration space, resource space, enumeration management, configuration management, and event reporting, and distinguishes the permission boundaries between different management entities, such as the Lingqu Fabric Manager (UBFM) and users. The UBFM has global system-level management permissions, while users only have application-level management permissions within their allocated resource scope. However, during the continuous operation of third-party access objects, a dedicated mechanism at the I / O interconnect chip boundary is still lacking to establish object-level health awareness and automatically drive governance actions based on these standard entry points and real-time operational status. Summary of the Invention

[0004] To address the above technical problems, this invention provides a third-party access object governance method for Lingqu Open Interconnection; on the other hand, it also provides a third-party access object governance system for Lingqu Open Interconnection.

[0005] The technical problem solved by this invention can be achieved by the following technical solution: a governance method for third-party access objects in the Lingqu Open Interconnection system, applied to the input / output interconnection chip in the Lingqu Open Interconnection system, comprising: step S1, collecting multi-source telemetry data of third-party access objects accessing the input / output interconnection chip, performing trust processing on the multi-source telemetry data, and generating a trustworthy telemetry profile of the third-party access object; step S2, performing a health assessment on the third-party access object based on the trustworthy telemetry profile, and obtaining a health assessment result; step S3, performing policy mapping based on the health assessment result, generating a corresponding matching governance policy, and applying the governance policy to the communication path between the third-party access object and the Lingqu Open Interconnection system to execute corresponding governance actions.

[0006] The third-party access object governance method for Lingqu Open Interconnection described in this invention includes multi-source telemetry data, which includes one or more combinations of link-type telemetry information, transaction-type telemetry information, flow control-type telemetry information, protocol-type telemetry information, resource-type telemetry information, thermal power consumption-type telemetry information, and management and identity consistency-type telemetry information. Each type of telemetry information is associated with a time dimension identifier and an object dimension identifier.

[0007] The third-party access object governance method for Lingqu Open Interconnection described in this invention includes a step S1 process for trustworthy processing of the multi-source telemetry data, comprising at least one of the following operations: performing time alignment processing on the multi-source telemetry data according to a preset multi-scale observation period to form a multi-scale observation sequence; performing object attribution verification based on the object dimension identifier associated with the multi-source telemetry data; performing noise filtering and outlier suppression on the multi-source telemetry data; determining confidence weights based on the source channels of the multi-source telemetry data and performing trustworthiness weighting processing based on the confidence weights; performing dimensional normalization processing on the multi-source telemetry data to generate normalized risk values, wherein the normalized risk value for each telemetry item is calculated based on the current observation value, baseline value, and risk upper limit value; and performing baseline offset correction on the multi-source telemetry data.

[0008] The third-party access object governance method for Lingqu Open Interconnection described in this invention includes the following steps in step S2: Step S21, weighting the normalized risk values ​​of telemetry items corresponding to various types of telemetry information in the multi-source telemetry data to obtain health sub-scores for each telemetry category; Step S22, weighting the health sub-scores for each telemetry category and the trusted telemetry profile to obtain a comprehensive health score; Step S23, determining a health level identifier based on the comprehensive health score; Step S24, determining a trend status identifier based on the trusted telemetry profile; The health assessment result includes one or more combinations of the comprehensive health score, health sub-scores based on different telemetry categories, health level identifiers, and trend status identifiers.

[0009] The governance method for third-party access objects for Lingqu Open Interconnection described in this invention, in step S2, introduces a hierarchical stabilization mechanism during health assessment. This hierarchical stabilization mechanism includes at least one of the following: when the health assessment result meets preset abnormal conditions, an abnormal state is triggered; the preset abnormal conditions include at least one of the following: a comprehensive health score lower than a preset threshold for the corresponding level, one or more health sub-scores showing continuous degradation, a trend state identified as a continuously deteriorating state, or a recurring fluctuation state; a multi-scale observation sequence is used to jointly observe and analyze the state of the third-party access object; if an abnormal state occurs in a single-scale observation sequence but not in other scale observation sequences, it is determined to be a transient disturbance state; if all multi-scale observation sequences show a continuous downward trend, the trend state is identified as a continuously deteriorating state; if the multi-scale observation sequence oscillates back and forth between adjacent health levels, the trend state is identified as a recurring fluctuation state; a level entry threshold and a level exit threshold are configured for each health level, wherein the level exit threshold for each health level is stricter than the level entry threshold, to form hysteresis control.

[0010] The third-party access object governance method for Lingqu Open Interconnection described in this invention includes, in step S3, a governance strategy comprising one or more combinations of permission contraction strategy, semantic degradation strategy, service rate limiting and service level protocol contraction strategy, shared resource protection strategy, fault isolation preparation strategy, and recovery and reentry strategy; wherein, the permission contraction strategy comprises one or more combinations of restricting the scope of resources accessible to objects, restricting transaction types, restricting concurrency depth, and restricting write permissions to shared resources; the semantic degradation strategy comprises one or more combinations of switching high-risk semantic operations to restricted semantics, prohibiting specific atomic operations, restricting doorbell or interrupted direct access, and having a proxy perform sensitive operations; the service rate limiting and service level protocol contraction strategy comprises reducing available bandwidth. The shared resource protection strategy includes one or more combinations of the following: increasing throttling, limiting priority, lowering the available recovery level, and switching to a restricted service template; the shared resource protection strategy includes one or more combinations of the following: freezing descriptor updates, limiting shared queue advancement, lowering shared credit quotas, isolating specific virtual channels, and suspending shared doorbell propagation; the fault isolation preparation strategy includes one or more combinations of the following: marking objects as pending isolation, retaining only management access, stopping new transactions from entering, and issuing collaborative instructions to unfinished transaction management modules; the recovery and re-entry strategy includes one or more combinations of the following: maintaining a recovery observation period, allowing partial function re-entry, restoring service levels in stages, delaying the release of sensitive operation permissions, and determining whether to enter the recovery release state by combining historical anomaly records and recovery observation results.

[0011] The third-party access object governance method for Lingqu Open Interconnect described in this invention, in step S3, applies the governance strategy to the communication path between the third-party access object and the Lingqu Open Interconnect system to perform corresponding governance actions, including at least one of the following: dynamically adjusting the access trust level of the third-party access object based on the health assessment results; restricting high-risk semantic types from entering the execution path, and switching operations allowed to be completed after boundary control to the boundary proxy mode controlled by the input / output interconnect chip; when the health level of the third-party access object is identified as dangerous or in an isolation pending state, triggering new transaction interception, managed scanning of incomplete transactions, and differentiated cleanup processing. When the third-party access object has a risk of spillover or resource pollution, the third-party access object is switched to a restricted fault domain or an isolation domain. When the health score of the third-party access object decreases but does not reach the preset isolation threshold, flexible governance actions are performed, including one or more combinations of bandwidth reduction, priority reduction, and recovery level reduction. When the thermal power consumption health sub-score of the third-party access object decreases to the preset deterioration threshold, hot path service degradation and mild recycling are triggered, including one or more combinations of limiting concurrency depth, reducing bandwidth, limiting high-power transaction types, reducing the frequency of shared resource writes, and latency-sensitive recovery actions.

[0012] The third-party access object governance method for Lingqu Open Interconnection described in this invention further includes, after step S3: monitoring the stress level of a shared resource domain shared by multiple third-party access objects and generating a resource domain-level risk value; determining, based on the resource domain-level risk value, whether the third-party access object has a spillover effect on the shared resource domain, and when it is determined that any third-party access object has a spillover effect on the shared resource domain, adding a resource domain penalty item to the comprehensive health score of the third-party access object.

[0013] The third-party access object governance method for Lingqu Open Interconnection described in this invention further includes, after step S3: converting the health assessment results and governance results of the third-party access object into an externally perceptible controlled service state. The service state includes one or more combinations of normal service state, slightly restricted service state, degraded service state, shared resource restricted state, isolation pending state, recovery observation state, phased reentry state, and recovery release state.

[0014] On the other hand, a third-party access object governance system for Lingqu Open Interconnect is also provided, applied to the input / output interconnect chip under the Lingqu Open Interconnect system, for implementing the third-party access object governance method for Lingqu Open Interconnect as described above, including: a profile generation module, used to collect multi-source telemetry data of third-party access objects accessing the input / output interconnect chip, perform trust processing on the multi-source telemetry data, and generate a trustworthy telemetry profile of the third-party access object; a health assessment module, connected to the profile generation module, used to perform a health assessment on the third-party access object based on the trustworthy telemetry profile, and obtain a health assessment result; a governance module, connected to the health assessment module, used to perform policy mapping based on the health assessment result, generate a corresponding matching governance policy, and apply the governance policy to the communication path between the third-party access object and the Lingqu Open Interconnect system to execute corresponding governance actions.

[0015] The advantages or beneficial effects of the technical solution of this invention are as follows: This invention collects multi-source telemetry data from third-party access objects connected to the input / output interconnection chip and performs trustworthy processing to generate a trustworthy telemetry profile, establishing a unified runtime trustworthy telemetry framework for third-party access objects in the Lingqu open interconnection. This enables the input / output interconnection chip to continuously aggregate multi-source operating status at boundary positions to form an object-level operating view, eliminating the reliance on scattered local counters and fragmented monitoring. Based on the trustworthy telemetry profile, object-level health assessment can be performed, which can integrate multi-dimensional telemetry information to form a comprehensive health assessment result. Compared with a single threshold and a single abnormal count triggering method, this improves the ability to detect abnormal operation. The system improves the accuracy of status identification; it also maps health assessment results to matching governance strategies and applies them to the communication path between third-party access objects and the Lingqu Open Interconnection System to execute corresponding governance actions, thus constructing a direct closed-loop linkage mechanism from telemetry results to governance actions. This enables open interconnection governance to break through the limitations of relying solely on alarms and manual judgment, improving the governance efficiency of third-party access objects and the operational reliability of the Lingqu Open Interconnection System. Furthermore, it can shift from the traditional passive post-disconnection reset to proactive pre-disconnection risk control, achieving continuous, refined, and differentiated governance of third-party access objects while ensuring the overall stability of the Lingqu interconnection domain and the security of shared resources. Attached Figure Description

[0016] Figure 1 This is a flowchart illustrating a preferred embodiment of the present invention for a third-party access object governance method for Lingqu Open Interconnection. Figure 2 This is a schematic diagram showing the deployment location of the third-party access object governance system for Lingqu Open Interconnection in a preferred embodiment of the present invention. Figure 3This is a structural block diagram of a third-party access object governance system for Lingqu Open Interconnection, as shown in a preferred embodiment of the present invention. Figure 4 This is a schematic diagram illustrating the health degradation linkage based on transaction tail delay, credit anomaly, and protocol violation in a preferred embodiment of the present invention. Figure 5 This is a schematic diagram of spillover risk identification and strategy contraction in a shared virtual channel / shared credit pool scenario, which is a preferred embodiment of the present invention. Figure 6 In a preferred embodiment of the present invention, a timing diagram is shown for the access object to enter recovery observation and re-enter in stages from a dangerous state. Detailed Implementation

[0017] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0018] It should be noted that, unless otherwise specified, the embodiments and features described in the present invention can be combined with each other.

[0019] The present invention will be further described below with reference to the accompanying drawings and specific embodiments, but this is not intended to limit the scope of the invention.

[0020] In a preferred embodiment of the present invention, based on the aforementioned problems existing in the prior art, a method for governing third-party access objects for UB (Unified Internet Protocol) open interconnection is provided, such as... Figure 1 and Figure 2As shown, the input / output interconnection chip 1 applied under the Lingqu Open Interconnection System 2 includes: Step S1, collecting multi-source telemetry data of a third-party access object 3 connected to the input / output interconnection chip 1, performing trustworthy processing on the multi-source telemetry data, and generating a trustworthy telemetry profile of the third-party access object 3; wherein, the multi-source telemetry data includes one or more combinations of link-type telemetry information, transaction-type telemetry information, flow control-type telemetry information, protocol-type telemetry information, resource-type telemetry information, thermal power consumption-type telemetry information, and management and identity consistency-type telemetry information, and each type of telemetry information is associated with a time dimension identifier and an object dimension identifier; wherein, the time dimension identifier includes, but is not limited to, sampling timestamp, duration information, and sampling window identifier; the object dimension identifier includes, but is not limited to, source object identifier, source port identifier, link identifier, resource domain identifier, service domain identifier, and the object's globally unique identifier (GUID), type, class code, version number, or other capability declaration information.

[0021] In this embodiment, as Figure 2 As shown, it also includes the Lingqu Interconnect Domain 21, which is used to accept transactions initiated by third-party access objects 3 and connect the main system / software 23, the shared resource domain 22 and other service domains.

[0022] This embodiment also includes a shared resource domain 22, which includes a shared Double Data Rate (DDR) memory, a shared High Bandwidth Memory (HBM), a shared buffer, a shared queue, a shared doorbell, a shared descriptor table, a shared status register, a shared Virtual Channel (VC), a shared credit pool, or other resources shared by multiple objects.

[0023] In this embodiment, the input / output interconnect chip 1 is deployed at the boundary of the third-party access Lingqu (UB) open interconnection, located between the third-party access object 3 and the Lingqu unified protocol domain. It includes a trusted telemetry, health scoring and policy linkage hub 11, which is used to realize functions such as multi-source telemetry acquisition, telemetry trusted processing, object-level health scoring, trend determination, policy linkage and service status output.

[0024] In this embodiment, the third-party access object 3 includes, but is not limited to, artificial intelligence (AI) accelerators, network accelerators, switching chips, storage controllers, board-level expansion modules, and other heterogeneous objects accessed via Lingqu-related interfaces. In one embodiment, a single third-party access object 3 accesses the input / output interconnect chip 1 to access the Lingqu open interconnect system 2; in another embodiment, two, three, or more third-party access objects 3 simultaneously access the input / output interconnect chip 1.

[0025] During the operation of third-party access object 3, input / output interconnect chip 1 continuously collects multi-source telemetry data related to each third-party access object 3. The multi-source telemetry data includes at least one or more of the following, and is continuously correlated around third-party access object 3, links, configuration management paths, and shared resource domain 22: Link-related telemetry information, including bit error count, retransmission count, link training fluctuation, lane mismatch, bandwidth degradation, link jitter, and number of repeated link recovery attempts for the link corresponding to third-party access object 3; Transaction-related telemetry information, including average completion latency, completion tail latency, number of timeouts, number of retries, out-of-order anomalies, queuing depth, and transaction suspension time; Flow control-related telemetry information, including credit occupancy time, credit recovery rate, virtual channel congestion level, flow control pause duration, and flow control backpressure frequency; Protocol-related telemetry information, including illegal reports... Telemetry information includes: message count, protocol field anomalies, semantic violation counts, reserved value usage, order constraint violation, and doorbell / queue update inconsistencies; resource-related telemetry information, including shared cache hit anomalies, shared queue blocking, descriptor consumption anomalies, shared double data rate (DDR) memory or shared high bandwidth memory (HBM) access failure rate, shared resource contention, and resource leakage indications; thermal power consumption-related telemetry information, including object temperature, hotspot migration, power consumption fluctuations, transient current changes, throttling counts, and thermal recovery counts; and management and identity consistency-related telemetry information, including heartbeat status, configuration space reachability, resource space access success rate, management access success rate, enumeration / configuration management success rate, event reporting latency, microcontroller status, firmware digest changes, consistency changes between the globally unique identifier (GUID), type, class code, or version number and the actual operating status, abnormal UB Protocol Identifier (UPI) matching status, abnormal management message validity, reset events, and recovery events.

[0026] Preferably, multi-source telemetry data is supplemented with sampling timestamps, duration information, and sampling window identifiers in the time dimension; at the same time, it is bound to the source object identifier, source port identifier, link identifier, resource domain identifier, service domain identifier, and the object's globally unique identifier (GUID), type, class code, version number, or other capability declaration information in the object dimension, so as to enable data traceability to the corresponding third-party access object 3, communication port, and resource domain.

[0027] Because different telemetry data sources have different refresh rates, confidence levels, and noise levels, in this embodiment, the input / output interconnect chip 1 performs credibility processing on multi-source telemetry data, including but not limited to: Time alignment processing: Based on a preset multi-scale observation period, the multi-source telemetry data is time-aligned to form a multi-scale observation sequence. In this embodiment, a three-scale observation sequence is preferably used. Through time alignment processing, telemetry data from different layers are unified into the same sliding time window or observation period, forming three types of scale observation sequences: short window, medium window, and long window. The short window is preferably used to identify transient spikes, the medium window is preferably used to identify continuous degradation, and the long window is preferably used to identify structural trends and restore stability.

[0028] Object attribution verification: Object attribution is verified based on the object dimension identifier associated with multi-source telemetry data. Specifically, based on object dimension identifiers such as source object identifier, port identifier, link identifier, resource domain identifier, and object capability declaration information, it is verified whether the telemetry data truly belongs to a specific third-party access object, a specific link, or a specific shared resource, thus avoiding cross-object contamination.

[0029] Noise filtering and outlier suppression: For short-term spikes, occasional sampling errors and isolated outliers in multi-source telemetry data, filtering, smoothing or peak clipping are performed; when the data is abnormal in the short window but does not continue in the middle window, it is identified as a transient disturbance rather than a continuous degradation.

[0030] Confidence weighting: Confidence weights are determined based on the source channels of multi-source telemetry data, and confidence weighting is performed based on these confidence weights. Specifically, different confidence weights are assigned to telemetry data from hardware counters, boundary state machines, control plane heartbeats, configuration / resource space access feedback, software summaries, or external management channels; the weights of hardware direct observation items and multi-source cross-validation items are preferably higher than those of single-path software reporting items.

[0031] Dimensional normalization: Multi-source telemetry data undergoes dimensional normalization processing to generate normalized risk values. The normalized risk value for each telemetry item is calculated based on the current observation value, baseline value, and risk ceiling value. Specifically, telemetry data with different dimensions, such as latency, counts, ratios, Boolean states, temperature, and power consumption, are converted into a unified risk value. Preferably, for each telemetry item, its normalized risk value is calculated: r i =Clamp[(C i -B i ) / (R Li -B i )] Where, r i C represents the normalized risk value of the i-th telemetry term; iB represents the current observation value of the i-th telemetry term; i R represents the baseline value of the i-th telemetry term; Li This represents the upper risk limit value of the i-th telemetry item; the Clamp function is used to restrict the value within a given interval. If the value is less than the minimum value of the given interval, the minimum value is returned; if the value is greater than the maximum value of the given interval, the maximum value is returned; if the value is within the given interval, the value is returned directly.

[0032] Baseline offset correction: Based on object category, access mode, historical stable state, capability description baseline, configuration / resource management path characteristics, or operating load baseline, the telemetry value is subjected to background subtraction or threshold adaptive adjustment.

[0033] After the above processing, a reliable telemetry profile of the third-party access object 3 is formed, providing an accurate and reliable data foundation for subsequent health scoring, trend determination, and strategy linkage, and avoiding misjudgment of health assessment and accidental triggering of governance actions due to quality problems of the original telemetry data.

[0034] Step S2: Perform a health assessment on the third-party access object 3 based on the trusted telemetry profile to obtain a health assessment result; further, step S2 includes: Step S21: Perform weighted processing on the normalized risk values ​​of the telemetry items corresponding to various types of telemetry information in the multi-source telemetry data to obtain health sub-scores for each telemetry category; Step S22: Perform weighted processing on the health sub-scores for each telemetry category and the trusted telemetry profile to obtain a comprehensive health score; Step S23: Determine the health level identifier based on the comprehensive health score; Step S24: Determine the trend status identifier based on the trusted telemetry profile; wherein, the above health assessment result includes one or more combinations of the comprehensive health score, health sub-scores based on different telemetry categories, health level identifiers, and trend status identifiers.

[0035] Specifically, for each third-party access object 3, based on the multi-source telemetry data of that object after trust processing, an object-level health score is calculated to obtain a health assessment result. The health assessment result includes at least one or more of the following forms: (1) Single comprehensive health score; (2) A multidimensional scoring vector consisting of link health sub-score, transaction health sub-score, protocol health sub-score, resource health sub-score, management path health sub-score, and thermal power consumption health sub-score; (3) Health level indicators, such as normal, mild deterioration, moderate deterioration, severe deterioration, danger, isolation pending, and recovery observation level; (4) Trend status indicators, such as stable, fluctuating upward, continuously deteriorating, under control and recovered, repeated shaking, etc.

[0036] For each type of health sub-score, the score is calculated based on the normalized risk value of the corresponding telemetry item according to a weighted rule. For example, the link health sub-score is obtained by weighting indicators such as bit error count, retransmission count, link training fluctuation, channel mismatch, bandwidth degradation, link jitter, and number of repeated link recovery attempts according to preset weights; the transaction health sub-score is obtained by weighting indicators such as completion tail latency inflation, timeout rate, hang time, and retry rate according to preset weights; the management path health sub-score is obtained by weighting indicators such as configuration space / resource space access success rate, management message validity anomalies, UPI matching status anomalies, and event reporting timeliness according to preset weights; and so on, to calculate the protocol health sub-score, resource health sub-score, and thermal power consumption health sub-score.

[0037] The comprehensive health score is generated by weighting various health sub-scores, combined with the current service level of the access object, the object-level trusted telemetry profile, and the resource domain-level risk.

[0038] Preferably, the comprehensive health score is calculated using the following formula: Overall health score = weighted sum of various health sub-scores - resource domain penalty - consistency deviation penalty; The weights and penalties for various health sub-scores can be configured according to the object category and service level.

[0039] Preferably, the absolute value of the anomaly count, the anomaly count growth rate, the duration of the anomaly, the degree of tail latency inflation, the degree of shared resource contention, the degree of deviation from the historical baseline, the comparison results with similar objects, the degree of deviation from the current service level agreement, configuration space / resource space access anomalies, and the degree of consistency deviation with the capability description or operational profile can all be used as input items for calculating various health sub-scores, and are not limited to a single formula. As long as multi-source telemetry data can be transformed into comparable object-level risk quantities, and further form health scores, health levels, and trend states, they all fall under the implementation of this invention.

[0040] To avoid frequent triggering of treatment actions due to short-term fluctuations, this invention introduces a graded stabilization mechanism based on the health score. Specifically, in step S2, a graded stabilization mechanism is introduced during the health assessment, and this mechanism includes at least one of the following: Definition of Abnormal State: An abnormal state is triggered when the health assessment result meets preset abnormal conditions. Preset abnormal conditions include at least one of the following: the overall health score is lower than the preset threshold for the corresponding level; one or more health sub-scores show a continuous deterioration trend; the trend state is identified as either a continuously worsening state or a recurring fluctuation state. An abnormal state is triggered when any of the above preset abnormal conditions are met.

[0041] Multi-window observation: A multi-scale observation sequence is used to jointly observe and analyze the status of the third-party access object 3. If an abnormal state appears only in a single-scale observation sequence and not in other scale observation sequences, it is determined to be a transient disturbance state. If all multi-scale observation sequences show a continuous downward trend, the trend state is identified as a continuous degradation state. If the multi-scale observation sequence oscillates back and forth between adjacent health levels, the trend state is identified as a repetitive jitter state. For example, short windows, medium windows, and long windows are used simultaneously to analyze the object status. Preferably, if the anomaly only appears in the short window and the medium and long windows do not show a continuous abnormality, it is determined to be a transient spike. If the short and medium windows show a continuous decline at the same time, and the trend slope of the long window continues to worsen, it is determined to be a continuous degradation state. If it oscillates repeatedly between adjacent levels within multiple observation periods, it is determined to be a repetitive jitter state.

[0042] Separate entry and exit thresholds for health levels: Separate entry and exit thresholds are configured for each health level, with the exit threshold being stricter than the entry threshold to create hysteresis control. For example, entry and exit thresholds are set for health levels such as normal, mild deterioration, moderate deterioration, severe deterioration, dangerous, isolation pending, and recovery observation. The exit threshold is preferably stricter than the entry threshold to create hysteresis control and prevent the health level from fluctuating repeatedly around adjacent thresholds.

[0043] Continuous triggering criteria: Higher-level governance actions are triggered only when various health sub-scores or comprehensive health scores are judged as abnormal scores, or when trend status indicators are judged as abnormal trends (such as fluctuating upward, continuous deterioration, repeated shaking) and exist continuously within a preset duration.

[0044] Recovery observation period: When the third-party access object 3 recovers from a low health level to a high health level, its full permissions will not be restored directly. Instead, it will enter a preset recovery observation period. Only when it remains stable within the preset recovery observation window and the key anomaly count does not increase again will it switch to the next recovery stage.

[0045] Additional spillover risk assessment: When the error count of the third-party access object 3 itself is not high, but it has a significant backpressure and spillover effect on the shared credit pool, shared virtual channel or shared queue, the risk level of the third-party access object 3 is increased.

[0046] Step S3: Based on the health assessment results, perform policy mapping to generate corresponding matching governance policies, and apply the governance policies to the communication path between the third-party access object 3 and the Lingqu Open Interconnection System 2 to execute the corresponding governance actions.

[0047] Specifically, in this embodiment, corresponding governance strategies are generated based on various health sub-scores, comprehensive health scores, health level identifiers and trend status identifiers, object-level trusted telemetry profiles, and configuration / resource management status in the health assessment results.

[0048] The strategy mapping in step S3 can be implemented using at least one of the following methods: table lookup, rule engine, hardware state machine, or microcontroller collaboration, to adapt to the response speed and flexibility requirements of different scenarios.

[0049] Taking the lookup table method as an example, a multi-dimensional mapping table is pre-built, using health level, trend status, object capability category, and service level as a composite index to directly map the corresponding set of default governance actions. For example, when the index item is "moderate degradation × continued deterioration × storage controller × silver service", the default action set output by the lookup table may include "limit concurrency depth to 50%", "reduce shared credit quota", and "switch to restricted service template".

[0050] Taking the rule engine approach as an example, this rule engine monitors in real time whether key health sub-scores in all health sub-scores have exceeded their limits, whether resource domain-level risk values ​​have increased, or whether management paths are abnormal. It overrides default governance actions when key health sub-scores exceed their limits, resource domain risks increase, or management paths become abnormal. For instance, if the lookup result indicates a policy of maintaining normal operation, but the rule engine detects that the protocol health sub-score has dropped to a preset danger threshold, it will forcibly override the default governance action, performing semantic degradation or isolating pending operations to improve agility in responding to sudden risks.

[0051] Taking the hardware state machine approach as an example, a fixed upgrade, downgrade, or rollback process is executed for health level indicators such as danger, isolation pending, and recovery observation. For instance, upon receiving an isolation pending instruction, the state machine automatically locks the new transaction entry point and triggers the unfinished transaction managed scan sequence. Subsequently, upon entering the recovery observation state, basic read and write permissions are gradually released according to a preset sequence, ensuring the deterministic timing and reliable execution of state transitions.

[0052] Furthermore, in step S3, the governance strategy includes one or more combinations of the following: permission contraction strategy, semantic degradation strategy, service rate limiting and service level agreement contraction strategy, shared resource protection strategy, fault isolation preparation strategy, and recovery and reentry strategy.

[0053] The specific strategies include: permission contraction strategies (such as restricting the scope of resources an object can access, restricting transaction types, restricting concurrency depth, and restricting write permissions to shared resources); semantic degradation strategies (such as switching high-risk semantic operations to restricted semantics, prohibiting specific atomic operations, restricting doorbell or interrupt direct access, and having a proxy execute sensitive operations); service rate limiting and service level agreement (SLA) contraction strategies (such as reducing available bandwidth, increasing throttling, limiting priority, reducing availability recovery level, and switching to a restricted service template); shared resource protection strategies (such as freezing descriptor updates, restricting shared queue advancement, reducing shared credit quotas, isolating specific virtual channels, and suspending shared doorbell propagation); fault isolation preparation strategies (such as marking objects as pending isolation, retaining only management access, stopping new transactions from entering, and issuing coordination instructions to unfinished transaction management modules); and recovery and re-entry strategies (such as maintaining a recovery observation period, allowing partial function re-entry, restoring service levels in stages, delaying the release of sensitive operation permissions, and determining whether to enter the recovery release state by combining historical anomaly records and recovery observation results).

[0054] Furthermore, this embodiment, based on the governance strategy obtained from the mapping, performs corresponding governance actions on the communication paths (including running paths and management paths) related to the third-party access object 3. Preferably, it includes at least one or more of the following linkage relationships: Linked with trusted access mechanism: The access trust level of third-party access object 3 is dynamically adjusted according to the health assessment results; for example, when the various health sub-scores and comprehensive health score of third-party access object 3 remain below the preset threshold for a preset time, its access status is adjusted from normal trust to restricted trust or observation trust.

[0055] In conjunction with the protocol semantic recognition, adjudication, and proxy execution mechanism: high-risk semantic types are restricted from entering the execution path, and operations that are allowed to be completed after boundary control are switched to the boundary proxy mode controlled by the input / output interconnect chip 1 for execution; for example, when the protocol health sub-score decreases, high-risk semantic types are restricted from entering the execution path, and some operations are switched to the boundary proxy mode; the "some operations" here refer to operations that are high-risk to be directly executed but are still allowed to be completed after boundary control, including but not limited to sensitive shared doorbell updates, high-risk atomic class operations, key advance actions of shared queues, write operations of restricted management paths, and sensitive control actions during the recovery observation phase.

[0056] Linked with the abnormal transaction hosting, proxy completion and recovery replay mechanism: When the health level of the third-party access object 3 is marked as dangerous or in an isolation pending state, new transaction interception, unfinished transaction hosting scan and differentiated closing processing are triggered; among them, the internal implementation of the hosting scan can be completed by the abnormal transaction hosting module 13, which is mainly responsible for the triggering conditions and linkage interface.

[0057] Linked with the virtual fault domain isolation mechanism: When there is a risk of spillover or resource contamination in the third-party access object 3, the third-party access object 3 will be switched to a restricted fault domain or an isolated domain; for example, when the risk of object spillover increases or the probability of shared resource contamination increases, the object will be switched to a restricted fault domain or an isolated domain; the specific hardware isolation mechanism for fault domain switching can be completed by the fault isolation module 14, which is mainly used to define the switching conditions, switching level and recovery conditions.

[0058] In conjunction with the Service Level Agreement (SLA) runtime degradation mechanism: When the health score of third-party access object 3 decreases but does not reach the preset isolation threshold, flexible governance actions are performed. These actions include one or more combinations of bandwidth reduction, priority reduction, and recovery level reduction. In conjunction with the thermal / power consumption-aware degradation and reentry mechanism: When the thermal / power consumption health sub-score of third-party access object 3 decreases to the preset deterioration threshold or the thermal / power consumption trend continues to worsen, hot path service degradation and mild recycling are triggered, rather than immediate global isolation. Hot path service degradation and mild recycling include one or more combinations of limiting concurrency depth, reducing bandwidth, limiting high-power transaction types, reducing the frequency of shared resource writes, and latency-sensitive recovery actions.

[0059] The governance method for third-party access objects 3 for Lingqu Open Interconnection of the present invention further includes step S22: monitoring the stress level of the shared resource domain 22 shared by multiple third-party access objects 3 and generating a resource domain-level risk value; determining whether the third-party access object 3 has a spillover effect on the shared resource domain 22 based on the resource domain-level risk value; and when it is determined that any third-party access object 3 has a spillover effect on the shared resource domain 22, adding a resource domain penalty item to the comprehensive health score of the third-party access object 3.

[0060] Specifically, in scenarios where multiple third-party access objects 3 share virtual channels, shared credit pools, shared buffers, shared queues, or shared double data rate (DDR) memory or shared high bandwidth memory (HBM), this invention preferably further establishes a resource domain-level health impact analysis. The analysis includes at least one or more of the following: identifying whether a single object occupies shared credit for a long period of time, causing an increase in completion tail latency for other objects; identifying whether a single object causes continuous congestion of the shared virtual channel and suppresses the normal traffic of other objects; identifying the risk of abnormal advancement of a single object on shared queues, shared descriptors, or shared doorbells; and identifying whether a single object's hotspots or power spikes affect the operational stability of neighboring objects.

[0061] Then, a resource domain-level risk value is constructed to measure the stress level of a specific shared resource domain 22 under the current window. The resource domain-level risk value can be calculated by weighting at least one or more indicators, including the shared credit occupancy ratio, virtual channel queue length, tail latency inflation, shared queue blocking duration, and the number of abnormal advances of shared resources.

[0062] When a single access object exhibits abnormal behavior, a resource domain-level risk value increases, and other access objects experience amplified latency, increased backpressure, or a higher access failure rate, the third-party access object 3 is deemed to have a significant spillover effect. In this case, a resource domain penalty term can be added to the comprehensive health score calculation formula of the access object to increase its risk level and correspondingly strengthen the linkage strategy.

[0063] When implementing resource limits, queue freezing, priority downgrading, or isolation preparatory actions, it is not required that they be executed simultaneously. Preferably, a single action or a combination of actions can be selected based on the spillover risk level, the importance of shared resources, the number of affected objects, and the predictability of recovery.

[0064] The governance method for third-party access object 3 for Lingqu Open Interconnection of the present invention further includes, after step S3: converting the health assessment results and governance results of the third-party access object 3 into a controllable service state that is perceptible to the outside world. The service state includes one or more combinations of normal service state, slightly restricted service state, degraded service state, shared resource restricted state, isolation pending state, recovery observation state, phased reentry state, and recovery release state.

[0065] Specifically, in this embodiment, the health status and governance results of the third-party access object 3 are converted into a controllable service status that is perceptible to the outside world, and the corresponding controllable service status is output to the main system / software 23, the shared resource domain 22 or the third-party access object 3.

[0066] The service status includes at least one or more of the following: normal service status, slightly restricted service status, degraded service status, shared resource restricted status, isolated pending status, recovery observation status, phased reentry status, and recovery release status.

[0067] Preferably, when the third-party access object 3 recovers from a low health score to a high health score, it does not immediately restore all capabilities, but recovers in stages in the order of retaining management access, restoring basic read and write, restoring general transactions, restoring high-risk semantic operations, and restoring full services; wherein, each recovery stage is set with preset recovery upgrade conditions, and when the preset recovery upgrade conditions are met, the next recovery stage is carried out, otherwise the current recovery stage is maintained or the previous recovery stage is rolled back.

[0068] Specifically, each recovery phase includes additional recovery upgrade conditions such as minimum stabilization time, maximum allowed anomaly count, maximum tail latency, shared resource occupancy limit, and configuration space / resource space reachability. When all upgrade conditions for the current phase are met, the system moves to the next phase; if a critical anomaly reappears or a continuous increase in anomalies occurs within the observation window, the current phase can be maintained or the system can revert to a lower recovery phase.

[0069] At each recovery stage, based on the object category, object capability profile, current service level, resource domain pressure, and historical anomaly records, configure which permissions to restore first and which permissions to restore later. However, it is preferable to follow the principle of restoring low-risk basic capabilities first, and then restoring high-risk sensitive capabilities.

[0070] In the next observation window, the above method is continuously executed to collect multi-source telemetry data, perform trust processing to form an object-level trustworthy telemetry profile, calculate various health sub-scores and comprehensive health scores, determine health levels and trend status, map governance strategies, and execute and output controlled service status in a coordinated manner to achieve closed-loop updates.

[0071] This invention provides a third-party access object 3 governance system for Lingqu Open Interconnect, applied to the input / output interconnect chip 1 under the Lingqu Open Interconnect architecture 2, for implementing the third-party access object 3 governance method for Lingqu Open Interconnect as described above, such as... Figure 3As shown, it includes: a profile generation module 4, comprising a telemetry acquisition unit 41, a trust processing unit 42, and an object profile and normalization unit 43, used to acquire multi-source telemetry data of a third-party access object 3 connected to the input / output interconnection chip 1, perform trust processing on the multi-source telemetry data, and generate a trustworthy telemetry profile of the third-party access object 3; a health assessment module 5, connected to the profile generation module 4, comprising a health score calculation unit 51 and a trend and level determination unit 52, used to perform a health assessment on the third-party access object 3 based on the trustworthy telemetry profile, and obtain a health assessment result; and a governance module 6, connected to the health assessment module 5, comprising a policy mapping unit 61 and a linkage execution unit 62, used to perform policy mapping based on the health assessment result, generate a corresponding matching governance policy, and apply the governance policy to the communication path between the third-party access object 3 and the Lingqu Open Interconnection System 2 to execute corresponding governance actions.

[0072] Furthermore, the system also includes: a service status output module 7 and a connection governance module 6, which are used to convert the health status and governance results of the third-party access object 3 into an externally perceptible controlled service status, and output the corresponding controlled service status to the main system / software 23, the shared resource domain 22 or the third-party access object 3.

[0073] Specifically, the system of the present invention is deployed on the boundary of the IO interconnect chip and is used to realize the closed-loop governance of trusted telemetry, health scoring and policy linkage for third-party access object 3 on the boundary of the IO interconnect chip in one or more third-party access scenarios open to Lingqu (UB), except for security authentication before access, capability constraints during access, semantic adjudication during operation and transaction cleanup and fault isolation after anomalies, so as to realize the runtime governance of third-party access object 3. This invention enables trusted acquisition of multi-source telemetry data and object-level modeling within a unified protocol domain. This results in a health score, which is then linked to permissions, semantics, services, resources, management access, isolation, and recovery strategies. It allows for continuous perception, trusted normalization, object-level modeling, health scoring, trend judgment, and hierarchical linkage of third-party access objects, the links they depend on, the access status of their open configuration / resource spaces, the shared resources they occupy, and the protocol and service characteristics exposed during their interaction with the system. This transforms governance during the open interconnection operation period from reactive post-event response to proactive control during risk evolution. Furthermore, it ensures that governance actions within the Lingqu unified protocol domain are dynamically adjusted to meet access, semantic, resource, and recovery boundaries.

[0074] This invention provides an input / output interconnect chip 1, which is equipped with the aforementioned governance system for third-party access objects 3 for Lingqu open interconnection. This system is used to implement the aforementioned governance method for third-party access objects 3 for Lingqu open interconnection. It is deployed between the third-party access object 3 and the Lingqu unified protocol domain to realize the trusted telemetry, health scoring and policy linkage closed-loop governance of the third-party access object 3.

[0075] Example 1: Health Degradation Linkage Scenarios Based on Transaction Tail Delay, Credit Anomalies, and Protocol Violations like Figure 4 As shown, third-party access object 3 connects to Lingqu Interconnect Domain 21 via input / output interconnect chip 1 and continuously initiates read / write transactions to the shared Double Data Rate (DDR) memory resources and the main system. In the initial stage of operation, the link error count and average transaction completion latency of the object are within the normal range. For example, during observation window W1, the tail latency is normal, the credit is normal, and the number of protocol violations is 0. However, after a period of time, telemetry found that the tail latency of the transaction completion of the object's related transactions continued to lengthen, the credit recovery rate decreased, and the virtual channel backpressure frequency gradually increased. For example, during observation window W2, the tail latency increased, the credit was high, and there were occasional protocol violations. Even during observation window W3, the tail latency continued to expand, the credit continued, and protocol violations occurred continuously.

[0076] Relevant telemetry data from the transaction layer, flow control layer, and link layer were time-aligned and object attribution was verified. A sliding window was used to confirm that the anomaly was not a single short-term jitter. Based on this, the transaction health sub-score and flow control health sub-score of the object were lowered, further determining that the object had progressed from normal to mild degradation and was evolving towards moderate degradation.

[0077] Based on the current rating results, service rate limiting and concurrency reduction strategies are generated. Then, governance actions are implemented on the target object to reduce concurrency depth, limit burst length, and lower priority, while retaining its basic access permissions. For example, when the health level is normal, action 1 is triggered: limit concurrency depth / burst length; when the health level is slightly degraded, action 2 is triggered: reduce bandwidth / lower priority; when the health level is moderately degraded, action 3 is triggered: semantic degradation / managed preparation / isolation preparation; when the health level is dangerous / isolated, action 4 is triggered: isolation.

[0078] This invention can perform flexible contraction in advance based on tail delay and credit anomaly before the object has completely failed, thus preventing the risk from escalating further.

[0079] Example 2: Permission Reduction Scenario Based on Protocol Violation and Semantic Risk In this embodiment, a third-party access object 3 repeatedly exhibited abnormalities in protocol fields, illegal use of reserved bits, shared doorbell update order that did not conform to the agreement, and abnormal management message validity during operation. The link remained online, and routine health checks did not determine that it was offline, but the violation counts in protocol telemetry and management path telemetry continued to increase in consecutive observation windows.

[0080] By correlating protocol violations with the object's capability description, historical stable state, configuration / resource space access characteristics, and current service level, it was found that the violations were mainly concentrated in high-risk semantic operation paths and sensitive management access paths. Therefore, the protocol health sub-score and management path health sub-score were downgraded, classifying it as moderately degraded.

[0081] The policy mapping does not directly trigger overall isolation. Instead, it first generates semantic degradation, permission contraction, and management access constraint policies: prohibiting direct initiation of specific atomic operations, restricting direct access to shared doorbells, restricting high-privilege writes to the configuration space, and switching some sensitive control operations to be executed by a boundary proxy. In this way, the system avoids abruptly breaking links while confining high-risk operations of vulnerable objects within controlled boundaries. This embodiment illustrates that the present invention can directly transform protocol risks and management path risks into semantic governance actions, thereby forming a natural linkage with the aforementioned semantic firewall 12.

[0082] Example 3: Spillover Risk Identification and Strategy Contraction in a Shared Virtual Channel and Shared Credit Pool Scenarios like Figure 5 As shown, two third-party access objects, namely access object A and access object B, share the same set of VCs and credit pools. Access object A itself did not immediately experience link outages or controller resets, but it consistently exhibited excessively long credit usage times, amplified transaction tail delays, and sudden traffic anomalies. Meanwhile, access object B, although behaving normally, experienced an increase in average latency and occasional timeouts.

[0083] The shared resource impact analysis identified that the anomaly of access object A had caused significant spillover effects on the shared credit pool and shared virtual channel. A resource domain-level penalty factor was introduced when calculating the score of access object A, raising its level from mild to moderate degradation; simultaneously, the resource domain status was marked as under pressure.

[0084] Accordingly, credit quota reduction, virtual channel priority downgrade, and queue burst restrictions are applied to access object A, while normal service is maintained for access object B. If access object A continues to deteriorate, it will be further moved to an isolated pending state. This embodiment illustrates that the present invention not only assesses the health of a single object itself, but also identifies the damage it causes to shared resources of other objects under the same input / output interconnect chip 1.

[0085] Example 4: Access object enters recovery observation from dangerous state and re-enters the scene in stages. like Figure 6 As shown, at time T0, a third-party board-level module experienced a thermal power spike and a control plane heartbeat anomaly, and was determined by the system to be in a dangerous state, with service rate limiting, shared resource protection, and isolation pending policies implemented. Subsequently, the object completed local recovery, the link stabilized again, the temperature and power consumption gradually decreased, and the heartbeat returned to normal.

[0086] After recovery, continuously monitor the object's bit errors, transaction tail delay, credit reclamation, protocol violation count, configuration space / resource space reachability, and temperature changes. Once it is confirmed that the object remains stable over multiple consecutive observation windows, at time T1, its status is downgraded from "dangerous" to "recovery observation." At time T2, during the recovery observation phase, only its basic read / write capabilities and limited bandwidth are restored; high-risk semantic operations, sensitive administrative access, and all shared resource permissions are not immediately restored.

[0087] If the object remains stable during the recovery observation period and there are no further abnormal increases in error counts or tail latency amplification, and configuration space / resource space access returns to normal, its status is gradually upgraded to phased reentrancy and recovery release. At time T3, general transactions, restricted doorbell capabilities, necessary management access, and higher priority services are restored in sequence. At time T4, a higher stability threshold is met, semantic degradation is lifted, and high-risk semantics are restored; until time T5, the restricted state is lifted, and service is fully restored.

[0088] The recovery strategy of this invention does not simply turn on all at once after a single recovery signal, but rather performs phased reentry based on continuous telemetry, health scoring, and continuous recovery of minimum stability duration, effectively reducing the risk of repeated jitter.

[0089] This invention is not limited to the embodiments described above. Multi-source telemetry can be implemented using hardware counters, boundary state machines, on-chip monitoring processors, management firmware, or multi-layer joint acquisition; health scoring can employ weighted rule models, segmented scoring models, level lookup table models, or dynamic scoring models combined with historical baselines; policy mapping can be implemented using pure hardware state machines or collaboratively by hardware and management microcontrollers; recovery observation and phased reentry can be configured with different thresholds based on object category, importance of shared resources, business continuity requirements, thermal design margin, and configuration / resource management path recovery conditions. Any technical solution that adopts the core idea of ​​this invention, namely, in the scenario of third-party access to Lingqu (UB) open interconnection, where the input / output interconnection chip 1 performs trusted processing on multi-source telemetry related to the third-party access object 3, performs object-level health scoring, and maps the scoring results to governance policy linkage execution, should fall within the protection scope of this invention.

[0090] Compared with the prior art, the present invention has the following significant effects: This invention establishes a unified runtime trusted telemetry framework for third-party access object 3, enabling the input / output interconnect chip 1 to continuously aggregate multi-source telemetry data such as links, transactions, protocols, resources, management paths, and thermal power consumption at the boundary location, forming an object-level runtime view, instead of relying on scattered local counters and fragmented monitoring.

[0091] This invention integrates multidimensional telemetry data to form health scores, health levels, and trend states, achieving object-level health scoring and trend identification. By introducing a hierarchical stabilization mechanism, compared to single thresholds and single abnormal count triggers, this invention can significantly improve the identification accuracy of sub-health, continuous deterioration, and sudden deterioration.

[0092] This invention, through the mapping of health assessment results and governance strategies, can directly drive actions such as permission contraction, semantic degradation, service rate limiting, shared resource protection, management access constraints, and isolation preparation. This enables open interconnection governance to move beyond alarms and manual judgment, achieving a direct closed-loop linkage from telemetry results to governance actions.

[0093] This invention incorporates object-level health scores and resource domain-level spillover effects into the judgment, enabling early suppression before a single third-party access object 3 can drag down shared virtual channels, shared credit pools, or shared queues, thereby reducing the risk of cascading degradation and improving risk control capabilities in shared resource coupling scenarios.

[0094] This invention achieves controlled recovery through continuous telemetry and health scoring, and can incorporate the recovery status of configuration space / resource space accessibility into the release conditions, making the recovery process after object recovery smoother and safer. It is not a simple isolation followed by overall release, but supports recovery observation, phased reentry and strategy recovery.

[0095] This invention, located at the central hub of the runtime governance chain for third-party access to Lingqu Open Interconnection, can connect forward to capability profiling, object management status, and semantic governance, and drive backward to transaction hosting, fault orchestration, service degradation, lifecycle proxy, and recovery reentry, forming a complete access governance closed loop with secure access, semantic firewall, abnormal transaction hosting, fault isolation, and service level protocol degradation.

[0096] The above are merely preferred embodiments of the present invention and are not intended to limit the implementation methods and protection scope of the present invention. Those skilled in the art should recognize that any equivalent substitutions and obvious changes made using the content of this specification and illustrations should be included within the protection scope of the present invention.

Claims

1. A third-party access object governance method for Lingqu Open Interconnect, applied to input / output interconnect chips in the Lingqu Open Interconnect system, characterized in that, include: Step S1: Collect multi-source telemetry data from third-party access objects connected to the input / output interconnection chip, perform trust processing on the multi-source telemetry data, and generate a trustworthy telemetry profile of the third-party access object. Step S2: Perform a health assessment on the third-party access object based on the trusted telemetry profile to obtain a health assessment result; Step S3: Perform policy mapping based on the health assessment result to generate a corresponding matching governance policy, and apply the governance policy to the communication path between the third-party access object and the Lingqu Open Interconnection System to execute the corresponding governance action.

2. The third-party access object governance method for Lingqu Open Interconnection according to claim 1, characterized in that, The multi-source telemetry data includes one or more combinations of link-related telemetry information, transaction-related telemetry information, flow control-related telemetry information, protocol-related telemetry information, resource-related telemetry information, thermal power consumption-related telemetry information, and management and identity consistency-related telemetry information. Each type of telemetry information is associated with a time dimension identifier and an object dimension identifier.

3. The third-party access object governance method for Lingqu Open Interconnection according to claim 1, characterized in that, In step S1, the multi-source telemetry data is made reliable, including at least one of the following operations: according to a preset multi-scale observation period, the multi-source telemetry data is time-aligned to form a multi-scale observation sequence; and object attribution is verified according to the object dimension identifier associated with the multi-source telemetry data. The multi-source telemetry data is subjected to noise filtering and outlier suppression; confidence weights are determined based on the source channels of the multi-source telemetry data, and confidence weighting is performed based on the confidence weights; The multi-source telemetry data is subjected to dimensional normalization processing to generate normalized risk values, wherein the normalized risk value of each telemetry item is calculated and generated based on the current observation value, the baseline value, and the risk upper limit value; Baseline offset correction is performed on the multi-source telemetry data.

4. The third-party access object governance method for Lingqu Open Interconnection according to claim 1, characterized in that, Step S2 includes: Step S21, weighting the normalized risk values ​​of telemetry items corresponding to various types of telemetry information in the multi-source telemetry data to obtain health sub-scores for each telemetry category; Step S22, weighting the health sub-scores for each telemetry category and the credible telemetry profile to obtain a comprehensive health score; Step S23, determining a health level identifier based on the comprehensive health score; Step S24, determining a trend status identifier based on the credible telemetry profile; The health assessment result includes one or more combinations of the comprehensive health score, health sub-scores based on different telemetry categories, health level identifiers, and trend status identifiers.

5. The third-party access object governance method for Lingqu Open Interconnection according to claim 4, characterized in that, In step S2, a graded stabilization mechanism is introduced during the health assessment. This mechanism includes at least one of the following: when the health assessment result meets preset abnormal conditions, an abnormal state is triggered; the preset abnormal conditions include at least one of the following: a comprehensive health score below a preset threshold for the corresponding level, one or more health sub-scores showing continuous degradation, a trend state identified as a continuously deteriorating state, or a recurring fluctuation state; a multi-scale observation sequence is used to jointly observe and analyze the state of the third-party access object; if an abnormal state occurs in a single-scale observation sequence but not in other scale observation sequences, it is determined to be a transient disturbance state; if all multi-scale observation sequences show a continuous downward trend, the trend state is identified as a continuously deteriorating state; if the multi-scale observation sequence oscillates between adjacent health levels, the trend state is identified as a recurring fluctuation state. Each health level is configured with an entry threshold and an exit threshold, with the exit threshold being stricter than the entry threshold to form hysteresis control.

6. The third-party access object governance method for Lingqu Open Interconnection according to claim 1, characterized in that, In step S3, the governance strategy includes one or more combinations of the following: permission contraction strategy, semantic degradation strategy, service rate limiting and service level protocol contraction strategy, shared resource protection strategy, fault isolation preparation strategy, and recovery and reentry strategy; wherein, the permission contraction strategy includes one or more combinations of restricting the scope of resources that an object can access, restricting transaction types, restricting concurrency depth, and restricting write permissions to shared resources; the semantic degradation strategy includes one or more combinations of switching high-risk semantic operations to restricted semantics, prohibiting specific atomic operations, restricting doorbell or interrupted direct access, and having a proxy perform sensitive operations; the service rate limiting and service level protocol contraction strategy includes reducing available bandwidth, increasing throttling, limiting priority, and reducing... The recovery strategy includes one or more combinations of low availability recovery level and switching to a restricted service template; the shared resource protection strategy includes one or more combinations of freezing descriptor updates, restricting shared queue advancement, reducing shared credit quotas, isolating specific virtual channels, and suspending shared doorbell propagation; the fault isolation preparation strategy includes one or more combinations of marking objects as pending isolation, retaining only management access, stopping new transactions from entering, and issuing collaborative instructions to unfinished transaction management modules; the recovery and re-entry strategy includes one or more combinations of maintaining a recovery observation period, allowing partial function re-entry, restoring service levels in stages, delaying the release of sensitive operation permissions, and determining whether to enter the recovery release state by combining historical anomaly records and recovery observation results.

7. The third-party access object governance method for Lingqu Open Interconnection according to claim 6, characterized in that, In step S3, applying the governance strategy to the communication path between the third-party access object and the Lingqu Open Interconnection System to perform corresponding governance actions includes at least one of the following: dynamically adjusting the access trust level of the third-party access object based on the health assessment results; High-risk semantic types are restricted from entering the execution path, and operations allowed to be completed after boundary control are switched to the boundary proxy mode controlled by the input / output interconnect chip for execution; when the health level of the third-party access object is marked as dangerous or in an isolation pending state, new transaction interception, managed scanning of incomplete transactions, and differentiated cleanup processing are triggered; when the third-party access object has spillover risk or resource pollution, the third-party access object is switched to a restricted fault domain or isolation domain; when the health score of the third-party access object decreases but does not reach the preset isolation threshold, flexible governance actions are performed, including one or more combinations of bandwidth reduction, priority reduction, and recovery level reduction; when the thermal power health sub-score of the third-party access object decreases to the preset deterioration threshold, hot path service degradation and mild recycling are triggered, including one or more combinations of limiting concurrency depth, reducing bandwidth, limiting high-power transaction types, reducing the frequency of shared resource writes, and latency-sensitive recovery actions.

8. The third-party access object governance method for Lingqu Open Interconnection according to claim 4, characterized in that, Step S22 further includes: monitoring the stress level of a shared resource domain shared by multiple third-party access objects and generating a resource domain-level risk value; determining whether the third-party access object has a spillover effect on the shared resource domain based on the resource domain-level risk value; and when it is determined that any third-party access object has a spillover effect on the shared resource domain, adding a resource domain penalty item to the comprehensive health score of the third-party access object.

9. The third-party access object governance method for Lingqu Open Interconnection according to claim 1, characterized in that, Step S3 is followed by: converting the health assessment results and governance results of the third-party access object into a controllable service state that is perceptible to the outside world. The service state includes one or more combinations of normal service state, slightly restricted service state, degraded service state, shared resource restricted state, isolation pending state, recovery observation state, phased reentry state, and recovery release state.

10. A third-party access object governance system for Lingqu Open Interconnect, applied to input / output interconnect chips in the Lingqu Open Interconnect system, used to implement the third-party access object governance method for Lingqu Open Interconnect as described in any one of claims 1-9, characterized in that, include: The profile generation module is used to collect multi-source telemetry data of third-party access objects connected to the input-output interconnection chip, perform trust processing on the multi-source telemetry data, and generate a trustworthy telemetry profile of the third-party access object. A health assessment module, connected to the profile generation module, is used to perform a health assessment on the third-party access object based on the trusted telemetry profile and obtain a health assessment result. A governance module, connected to the health assessment module, is used to perform policy mapping based on the health assessment result, generate a corresponding matching governance policy, and apply the governance policy to the communication path between the third-party access object and the Lingqu Open Interconnection System to execute corresponding governance actions.