Address validation using signatures

US 10,027,666 B2
Filed: 07/27/2017
Issued: 07/17/2018
Est. Priority Date: 05/20/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a component from a device, a request that includes a physical address and an error-detecting code value and that requests access to a memory location identified by the physical address;

in response to receiving the request, generating, by the component, a signature for the physical address using the physical address, wherein the request does not include the signature and the error-detecting code value was previously generated using the signature;

in response to generating the signature, generating a second error-detecting code value using the request and the signature;

in response to generating the second error-detecting code value, determining whether the second error-detecting code value is the same value as the error-detecting code value by comparing the second error-detecting code value with the error-detecting code value; and

in response to determining that the second error-detecting code value is the same value as the error-detecting code value, servicing, by the component, the request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating signed addresses. One of the methods includes receiving, by a component from a device, a plurality of first requests, each first request for a physical address and including a virtual address, determining, by the component, a first physical address using the virtual address, generating a first signature for the first physical address, and providing, to the device, a response that includes the first signature, receiving, from the device, a plurality of second requests, each second request for access to a second physical address and including a second signature, determining, by the component for each of the plurality of second requests, whether the second physical address is valid using the second signature, and for each second request for which the second physical address is determined to be valid, servicing the corresponding second request.

15 Citations

View as Search Results

23 Claims

1. A computer-implemented method comprising:
- receiving, by a component from a device, a request that includes a physical address and an error-detecting code value and that requests access to a memory location identified by the physical address;
  
  in response to receiving the request, generating, by the component, a signature for the physical address using the physical address, wherein the request does not include the signature and the error-detecting code value was previously generated using the signature;
  
  in response to generating the signature, generating a second error-detecting code value using the request and the signature;
  
  in response to generating the second error-detecting code value, determining whether the second error-detecting code value is the same value as the error-detecting code value by comparing the second error-detecting code value with the error-detecting code value; and
  
  in response to determining that the second error-detecting code value is the same value as the error-detecting code value, servicing, by the component, the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein generating the second error-detecting code value using the request and the signature comprises:
    - determining a secret value for the device using an identifier for the device;
      
      generating a hash value using the physical address and the secret value; and
      
      generating the signature using at least a portion of the hash value.
  - 3. The method of claim 1, wherein servicing the request comprises forwarding the request to a second component.
  - 4. The method of claim 3, comprising updating settings data in the request to indicate that the request does not include a checksum prior to forwarding the request to the second component.
  - 5. The method of claim 3, comprising:
    - receiving, from the second component, a response; and
      
      providing, to the device, at least a portion of the response.
  - 6. The method of claim 1, wherein generating, by the component, the signature for the physical address in response to receiving the request comprises:
    - in response to receiving the request, determining whether the request includes a virtual address; and
      
      generating the signature for the physical address using the physical address is responsive to determining that the request does not include a virtual address.
  - 7. The method of claim 1, wherein receiving, by the component from the device, the request comprises receiving, by a memory management unit from a device connected to a motherboard that includes the memory management unit, the request.
  - 8. The method of claim 7, wherein receiving, by the memory management unit from the device, the request comprises receiving, by the memory management unit from a peripheral device connected to the motherboard that includes the memory management unit, the request.

9. A system comprising a data processing apparatus, and a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
- receiving, from a device, a request that includes a physical address and an error-detecting code value and that requests access to a memory location identified by the physical address;
  
  in response to receiving the request, generating a signature for the physical address using the physical address, wherein the request does not include the signature and the error-detecting code value was previously generated using the signature;
  
  in response to generating the signature, generating a second error-detecting code value using the request and the signature;
  
  in response to generating the second error-detecting code value, determining whether the second error-detecting code value is the same value as the error-detecting code value by comparing the second error-detecting code value with the error-detecting code value; and
  
  in response to determining that the second error-detecting code value is the same value as the error-detecting code value, servicing the request.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein generating the second error-detecting code value using the request and the signature comprises:
    - determining a secret value for the device using an identifier for the device;
      
      generating a hash value using the physical address and the secret value; and
      
      generating the signature using at least a portion of the hash value.
  - 11. The system of claim 9, wherein servicing the request comprises forwarding the request to a component.
  - 12. The system of claim 11, the operations comprising updating settings data in the request to indicate that the request does not include a checksum prior to forwarding the request to the component.
  - 13. The system of claim 11, the operations comprising:
    - receiving, from the component, a response; and
      
      providing, to the device, at least a portion of the response.
  - 14. The system of claim 9, wherein generating the signature for the physical address in response to receiving the request comprises:
    - in response to receiving the request, determining whether the request includes a virtual address; and
      
      generating the signature for the physical address using the physical address is responsive to determining that the request does not include a virtual address.
  - 15. The system of claim 9, wherein:
    - the data processing apparatus comprises a memory management unit; and
      
      receiving, from the device, the request comprises receiving, from a device connected to a motherboard that includes the memory management unit, the request.
  - 16. The system of claim 15, wherein receiving, from the device, the request comprises receiving, from a peripheral device connected to the motherboard that includes the memory management unit, the request.

17. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
- receiving, from a device, a request that includes a physical address, an error-detecting code value, and settings data that indicates that the request does not include a checksum and that requests access to a memory location identified by the physical address;
  
  in response to receiving the request, determining a signature for the physical address wherein the request does not include the signature and the error-detecting code value was previously generated using the signature;
  
  in response to determining the signature, generating a second error-detecting code value using the request and the signature;
  
  in response to generating the second error-detecting code value, determining whether the second error-detecting code value is the same value as the error-detecting code value by comparing the second error-detecting code value with the error-detecting code value; and
  
  in response to determining that the second error-detecting code value is the same value as the error-detecting code value, servicing the request.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer readable storage medium of claim 17, wherein generating the second error-detecting code value using the request and the signature comprises:
    - determining a secret value for the device using an identifier for the device;
      
      generating a hash value using the physical address and the secret value; and
      
      generating the signature using at least a portion of the hash value.
  - 19. The computer readable storage medium of claim 17, wherein servicing the request comprises forwarding the request to a component.
  - 20. The computer readable storage medium of claim 19, the operations comprising:
    - receiving, from the component, a response; and
      
      providing, to the device, at least a portion of the response.
  - 21. The computer readable storage medium of claim 17, wherein determining the signature for the physical address in response to receiving the request comprises:
    - in response to receiving the request, determining whether the request includes a virtual address; and
      
      generating the signature for the physical address using the physical address is responsive to determining that the request does not include a virtual address.
  - 22. The computer readable storage medium of claim 17, wherein:
    - the data processing apparatus comprises a memory management unit; and
      
      receiving, from the device, the request comprises receiving, from a device connected to a motherboard that includes the memory management unit, the request.
  - 23. The computer readable storage medium of claim 22, wherein receiving, from the device, the request comprises receiving, from a peripheral device connected to the motherboard that includes the memory management unit, the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Serebrin, Benjamin C.
Primary Examiner(s)
Parsons, Theodore C.
Assistant Examiner(s)
Stoica, Adrian

Application Number

US15/661,632
Publication Number

US 20170339145A1
Time in Patent Office

355 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1081   for peripheral access to ma...

G06F 12/1408   by using cryptography for d...

G06F 12/1475   in a virtual system, e.g. w...

G06F 21/79   in semiconductor storage me...

G06F 2212/1052   Security improvement

H04L 63/062   for key distribution, e.g. ...

H04L 63/0876   based on the identity of th...

H04L 63/164   at the network layer

H04L 9/3247   involving digital signatures

Address validation using signatures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Address validation using signatures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others