Translating a host data storage command into multiple disk commands
US-2018335975-A1 · Nov 22, 2018 · US
Combined integrity protection, encryption and authentication
US10691619B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10691619-B1 |
| Application number | US-201715787625-A |
| Country | US |
| Kind code | B1 |
| Filing date | Oct 18, 2017 |
| Priority date | Oct 18, 2017 |
| Publication date | Jun 23, 2020 |
| Grant date | Jun 23, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Network protocols generally implement integrity protection, encryption and authentication as separate validation steps. Since each validation step contributes encoding and processing overhead associated with individual packet transfers over the network, such network protocols can make inefficient use of limited packet space. Systems and methods according to the present disclosure combine integrity protection, encryption and authentication into a single validation step thereby making efficient use of limited packet space.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: transmitting, by an initiator network interface, a Remote Memory Access (RMA) read request message, to a target network interface, in response to a request initiated by one of a plurality of host computers electrically connected to the initiator network interface, wherein: the target network interface can access one of a plurality of registered memory regions of each of a plurality of host computers electrically connected to the target network interface, each of the plurality of registered memory regions is within a physical memory of one of the plurality of host computers connected to the target network interface, each of the plurality of registered memory regions corresponds to a memory region allocated to one of a plurality of applications executing on a corresponding one of the host computers connected to the target network interface, each of a first plurality of region access keys stored on the initiator network interface corresponds to one of the plurality of registered memory regions, the RMA read request message includes a RMA operation, an identifier of one of the registered memory regions, an identifier of a memory location within the identified registered memory region and host memory access request information generated based on at least the region access key corresponding to the identified registered memory region, the region access key stored on the initiator network interface corresponding to the registered memory region identified in the RMA read request can be used by any of the plurality of host computers connected to the initiator network interface to request data from the registered memory region, the RMA read request message is configured to contain information to allow the target network interface to evaluate the authority of the source of the RMA read request message to access the identified registered memory region; and receiving, at the initiator network interface, in response to the transmitted RMA read request, at least one RMA response communication, transmitted by the target network interface, including data retrieved from the identified memory location within the identified registered memory region. 2. The method of claim 1 , wherein each of the plurality of hosts connected to the initiator network interface is electrically connected to the initiator network interface by a serial computer expansion bus and each of the plurality of hosts connected to the target network interface is electrically connected to the target network interface by a serial computer expansion bus. 3. The method of claim 1 , further comprising: encrypting one or more portions of the RMA read request message using a cryptographic key formed using at least the host memory access request information; and including a result of the encryption as authentication data in the RMA read request message. 4. The method of claim 3 further comprising: determining, by the initiator network interface, whether any of the first plurality of region access keys stored on the initiator network interface corresponds to the identified registered memory region; and in response to determining that none of the first plurality of region access keys stored on the initiator network interface correspond to the identified registered memory region, requesting, by the initiator network interface from the host computer that initiated the request, a corresponding region access key for the identified registered memory region. 5. The method of claim 1 , wherein the received at least one RMA response communication includes a response data offset relative to the identified memory location within the identified registered memory region. 6. The method of claim 1 , wherein the at least one RMA response communication includes one or more encrypted portions, the at least one RMA response communication includes authentication data and the method further comprises: evaluating the one or more encrypted portions of the RMA response communication using a cryptographic key formed using at least the region key corresponding to the identified registered memory region and the response byte offset included in the RMA response communication; comparing a result of the evaluation to the authentication data included in the RMA response communication; in response to the comparison validating the authentication data, successfully decrypting the encrypted one or more portions of the RMA response communication; and in response to the comparison not validating the authentication data, discarding the RMA response communication. 7. The method of claim 1 , wherein the first plurality of registered memory region access keys stored on the initiator network interface correspond to a subset of the plurality of registered memory regions of the one or more hosts connected to the target network interface. 8. The method of claim 1 , wherein: the initiator network interface can access one of a plurality of registered memory regions of at least one of the plurality of host computers connected to the initiator network interface, each of the plurality of registered memory regions is within a physical memory of one of the plurality of host computers electrically connected to the initiator network interface, each of the plurality of registered memory regions is allocated to one of a plurality of applications executing on a corresponding one of the host computers, a second plurality of registered memory region access keys are stored on the initiator network interface, and each of the second plurality of registered memory region access keys corresponds to one of the plurality of registered memory regions of each of the plurality of host computers connected to the initiator network interface. 9. The method of claim 1 , wherein information related to the transmitted RMA read request message is stored on the initiator network interface. 10. The method of claim 9 , wherein in response to the transmitted RMA read request message timing out, the method further comprises: modifying the information related to the transmitted RMA read request message stored on the initiator network interface. 11. The method of claim 9 , wherein the transmitted RMA read request message is timed out after a pre-set amount of time elapses after the RMA read request is transmitted and before the initiator network receives a complete RMA response. 12. The method of claim 9 further comprising: writing the retrieved data included in the received RMA response communication if the information related to the transmitted RMA read request message that is stored on the initiator network interface does not indicate that the transmitted RMA read request message has timed out. 13. A system comprising: an initiator network interface comprising: one or more processors configured to: transmit, by the initiator network interface, a Remote Memory Access (RMA) read request message, to a target network interface, in response to a request initiated by one of a plurality of host computers electrically connected to the initiator network interface, wherein: the target network interface can access one of a plurality of registered memory regions of each of a plurality of host computers electrically connected to the target network interface, each of the plurality of registered memory regions is within a physical memory of one of the plurality of host computers connected to the target network interface, each of the plurality of registered memory regions corresponds to a memory region allocated to one of a plurality of applications executing on a corresponding one of the host computers connected to the target network in
Assignees
Inventors
Classifications
Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS] · CPC title
in relation to access · CPC title
Command handling arrangements, e.g. command buffers, queues, command scheduling · CPC title
by securing the transmission between two devices or processes · CPC title
Program or device authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10691619B1 cover?
- Network protocols generally implement integrity protection, encryption and authentication as separate validation steps. Since each validation step contributes encoding and processing overhead associated with individual packet transfers over the network, such network protocols can make inefficient use of limited packet space. Systems and methods according to the present disclosure combine integr…
- Who is the assignee on this patent?
- Google Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0894. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 23 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).