Admissions control of a device
First Claim
Patent Images
1. A method comprising:
- detecting, by a control device, a first device in a communication fabric that supports memory semantic operations between the first device and a second device, wherein the first device is one component of a larger group of components forming a larger device, the first device being selected from a group of components consisting of;
an individual memory device, an individual graphics controller;
an individual accelerator, an individual I/O component;
an individual ingress interface;
an individual egress interface;
an individual digital signal processor, and an individual switch; and
performing, by the control device, an admissions control process with the first device to determine whether the first device is authorized to communicate over the communication fabric, wherein the admissions control process comprises retrieving a certificate from an address within an address space at the first device.
2 Assignments
0 Petitions
Accused Products
Abstract
A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.
-
Citations
23 Claims
-
1. A method comprising:
-
detecting, by a control device, a first device in a communication fabric that supports memory semantic operations between the first device and a second device, wherein the first device is one component of a larger group of components forming a larger device, the first device being selected from a group of components consisting of;
an individual memory device, an individual graphics controller;
an individual accelerator, an individual I/O component;
an individual ingress interface;
an individual egress interface;
an individual digital signal processor, and an individual switch; andperforming, by the control device, an admissions control process with the first device to determine whether the first device is authorized to communicate over the communication fabric, wherein the admissions control process comprises retrieving a certificate from an address within an address space at the first device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A control device comprising:
at least one hardware processor to; determine whether a first device supports a security feature, wherein the first device is one component of a group of components forming a larger device, the first device being selected from a group of components consisting of;
an individual memory device, an individual graphics controller, an individual accelerator;
an individual I/O component;
an individual ingress interface;
an individual egress interface;
an individual digital signal processor; and
an individual switch;in response to determining that the first device supports the security feature, perform admissions control to determine whether the first device is authorized to communicate over a communication fabric that supports memory semantic operations, and send a key to the first device to implement the security feature; and in response to determining that the first device does not support the security feature, configure a gateway to act as a proxy for the first device to implement the security feature such that the gateway generates a hash-based device authenticating security value and inserts the hash-based device authenticating security value into a security header of a packet received from the first device. - View Dependent Claims (12, 13, 14, 15)
-
16. An article comprising at least one non-transitory machine-readable storage medium storing instructions that upon execution cause a gateway to:
-
in response to an admissions control process authorizing a first device to communicate over a communication fabric that supports memory semantic operations, implement a security feature on behalf of the first device, wherein the security feature includes generating a device authenticating hash-based security value and inserting the hash-based device authenticating security value into a security header of a packet received from the first device, wherein the first device is an individual component of a group of components forming a larger a device selected from a group of components consisting of;
an individual memory device, an individual graphics controller;
an individual accelerator;
an individual I/O component;
an individual ingress interface;
an individual egress interface;
an individual digital signal processor, and an individual switch; andperform policy enforcement comprising at least one selected from among;
inserting or modifying an access key in a packet on behalf of the first device to access a resource over the communication fabric, changing a component identifier in the packet for communication involving the first device, and restricting transaction types that are allowed for the first device.
-
-
17. A method comprising:
-
receiving, with the gateway, a transaction packet from a first device in a communication fabric, wherein the first device is one component of a group of components forming a larger device, the first device being selected from a group of components consisting of;
an individual memory device, an individual graphics controller;
an individual accelerator;
an individual I/O component;
an individual ingress interface;
an individual egress interface;
an individual digital signal processor; and
an individual switch;adding, with the gateway, a security header to the transaction packet; receiving, with a gateway, a transaction integrity key from a control device; generating, with the gateway, a hash-based device authenticating security value; inserting the hash-based device authenticating security value into the security header of the transaction packet; and forwarding the transaction packet for transmission to a second device in the communication fabric. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification