Address validation using signatures

US 10,326,763 B2
Filed: 07/10/2018
Issued: 06/18/2019
Est. Priority Date: 05/20/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising a data processing apparatus, and a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:

receiving, from a data retrieval device, a response to a request to access a memory location, the response including data responsive to a memory access request, one or more device identifiers including a destination device identifier for a requesting device that sent the memory access request, and one or more signatures that each correspond to one of the one or more device identifiers including a signature for the requesting device;

in response to receiving the response, determining whether to provide the data responsive to the memory access request to the requesting device using the one or more signatures and the one or more device identifiers; and

in response to determining to provide the data responsive to the memory access request to the requesting device, sending the data responsive to the memory access request to the requesting device;

wherein;

the response comprises the destination device identifier, a source device identifier for the data retrieval device, a first signature for the requesting device, and a second signature for the data retrieval device; and

determining whether to provide the data responsive to the memory access request to the requesting device is performed using the destination device identifier, the source device identifier, the first signature, and the second signature.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating signed addresses. One of the methods includes receiving, by a component from a device, a plurality of first requests, each first request for a physical address and including a virtual address, determining, by the component, a first physical address using the virtual address, generating a first signature for the first physical address, and providing, to the device, a response that includes the first signature, receiving, from the device, a plurality of second requests, each second request for access to a second physical address and including a second signature, determining, by the component for each of the plurality of second requests, whether the second physical address is valid using the second signature, and for each second request for which the second physical address is determined to be valid, servicing the corresponding second request.

13 Citations

17 Claims

1. A system comprising a data processing apparatus, and a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
- receiving, from a data retrieval device, a response to a request to access a memory location, the response including data responsive to a memory access request, one or more device identifiers including a destination device identifier for a requesting device that sent the memory access request, and one or more signatures that each correspond to one of the one or more device identifiers including a signature for the requesting device;
  
  in response to receiving the response, determining whether to provide the data responsive to the memory access request to the requesting device using the one or more signatures and the one or more device identifiers; and
  
  in response to determining to provide the data responsive to the memory access request to the requesting device, sending the data responsive to the memory access request to the requesting device;
  
  wherein;
  
  the response comprises the destination device identifier, a source device identifier for the data retrieval device, a first signature for the requesting device, and a second signature for the data retrieval device; and
  
  determining whether to provide the data responsive to the memory access request to the requesting device is performed using the destination device identifier, the source device identifier, the first signature, and the second signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, the operations comprising:
    - receiving, from the requesting device, the memory access request; and
      
      in response to receiving the memory access request, sending, to the data retrieval device, a request for data responsive to the memory access request, wherein receiving the response is responsive to sending, to the data retrieval device, the request for data responsive to the memory access request.
  - 3. The system of claim 2, wherein:
    - the memory access request includes a memory address that identifies the data responsive to the memory access request;
      
      the request includes the memory address; and
      
      determining whether to provide the data responsive to the memory access request to the requesting device comprises determining whether to provide the data responsive to the memory access request to the requesting device using the memory address.
  - 4. The system of claim 1, wherein:
    - determining whether to provide the data responsive to the memory access request to the requesting device comprises;
      
      determining a first reference signature for the requesting device using the destination device identifier;
      
      determining a second reference signature for the data retrieval device using the source device identifier;
      
      comparing the first reference signature with the first signature for the requesting device;
      
      comparing the second reference signature with the second signature for the data retrieval device; and
      
      determining, using a result of the comparisons, whether the reference signatures are the same as the corresponding signatures from the one or more signatures; and
      
      sending the data responsive to the memory access request to the requesting device is responsive to determining that the reference signatures are the same as the corresponding signatures from the one or more signatures.
  - 5. The system of claim 1, wherein determining whether to provide the data responsive to the memory access request to the requesting device using the one or more signatures and the destination device identifier comprises:
    - for each of the one or more device identifiers included in the response;
      
      determining a reference signature using the device identifier; and
      
      comparing the reference signature with a corresponding signature from the one or more signatures included in the response; and
      
      determining whether to provide the data responsive to the memory access request to the requesting device based on a result of the comparison of the one or more reference signatures with the corresponding signatures from the one or more signatures.
  - 6. The system of claim 5, wherein sending the data responsive to the memory access request to the requesting device is performed in response to determining that each of the one or more reference signatures is the same as the corresponding signature from the one or more signatures.
  - 7. The system of claim 5, the operations comprising:
    - determining to discard second data responsive to a second memory access request when at least one reference signature is different than a corresponding signature from one or more second signatures included in a second response that includes second data responsive to the second memory access request.

8. A computer-implemented method comprising:
- receiving, from a data retrieval device, a response to a request to access a memory location, the response including data responsive to a memory access request, one or more device identifiers including a destination device identifier for a requesting device that sent the memory access request, and one or more signatures that each correspond to one of the one or more device identifiers including a signature for the requesting device;
  
  in response to receiving the response, determining whether to provide the data responsive to the memory access request to the requesting device using the one or more signatures and the one or more device identifiers; and
  
  in response to determining to provide the data responsive to the memory access request to the requesting device, sending the data responsive to the memory access request to the requesting device;
  
  wherein;
  
  the response comprises the destination device identifier, a source device identifier for the data retrieval device, a first signature for the requesting device, and a second signature for the data retrieval device; and
  
  determining whether to provide the data responsive to the memory access request to the requesting device is performed using the destination device identifier, the source device identifier, the first signature, and the second signature.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, comprising:
    - receiving, from the requesting device, the memory access request; and
      
      in response to receiving the memory access request, sending, to the data retrieval device, a request for data responsive to the memory access request, wherein receiving the response is responsive to sending, to the data retrieval device, the request for data responsive to the memory access request.
  - 10. The method of claim 9, wherein:
    - the memory access request includes a memory address that identifies the data responsive to the memory access request;
      
      the request includes the memory address; and
      
      determining whether to provide the data responsive to the memory access request to the requesting device comprises determining whether to provide the data responsive to the memory access request to the requesting device using the memory address.
  - 11. The method of claim 8, wherein:
    - determining whether to provide the data responsive to the memory access request to the requesting device comprises;
      
      determining a first reference signature for the requesting device using the destination device identifier;
      
      determining a second reference signature for the data retrieval device using the source device identifier;
      
      comparing the first reference signature with the first signature for the requesting device;
      
      comparing the second reference signature with the second signature for the data retrieval device; and
      
      determining, using a result of the comparisons, whether the reference signatures are the same as the corresponding signatures from the one or more signatures; and
      
      sending the data responsive to the memory access request to the requesting device is responsive to determining that the reference signatures are the same as the corresponding signatures from the one or more signatures.
  - 12. The method of claim 8, wherein determining whether to provide the data responsive to the memory access request to the requesting device using the one or more signatures and the destination device identifier comprises:
    - for each of the one or more device identifiers included in the response;
      
      determining a reference signature using the device identifier; and
      
      comparing the reference signature with a corresponding signature from the one or more signatures included in the response; and
      
      determining whether to provide the data responsive to the memory access request to the requesting device based on a result of the comparison of the one or more reference signatures with the corresponding signatures from the one or more signatures.
  - 13. The method of claim 12, wherein sending the data responsive to the memory access request to the requesting device is performed in response to determining that each of the one or more reference signatures is the same as the corresponding signature from the one or more signatures.
  - 14. The method of claim 12, comprising:
    - determining to discard second data responsive to a second memory access request when at least one reference signature is different than a corresponding signature from one or more second signatures included in a second response that includes second data responsive to the second memory access request.

15. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
- receiving, from a data retrieval device, a response to a request to access a memory location, the response including data responsive to a memory access request, one or more device identifiers including a destination device identifier for a requesting device that sent the memory access request, and one or more signatures that each correspond to one of the one or more device identifiers including a signature for the requesting device;
  
  in response to receiving the response, determining whether to provide the data responsive to the memory access request to the requesting device using the one or more signatures and the one or more device identifiers; and
  
  in response to determining to provide the data responsive to the memory access request to the requesting device, sending the data responsive to the memory access request to the requesting device;
  
  wherein;
  
  the response comprises the destination device identifier, a source device identifier for the data retrieval device, a first signature for the requesting device, and a second signature for the data retrieval device; and
  
  determining whether to provide the data responsive to the memory access request to the requesting device is performed using the destination device identifier, the source device identifier, the first signature, and the second signature.
- View Dependent Claims (16, 17)
- - 16. The computer readable storage medium of claim 15, the operations comprising:
    - receiving, from the requesting device, the memory access request; and
      
      in response to receiving the memory access request, sending, to the data retrieval device, a request for data responsive to the memory access request, wherein receiving the response is responsive to sending, to the data retrieval device, the request for data responsive to the memory access request.
  - 17. The computer readable storage medium of claim 16, wherein:
    - the memory access request includes a memory address that identifies the data responsive to the memory access request;
      
      the request includes the memory address; and
      
      determining whether to provide the data responsive to the memory access request to the requesting device comprises determining whether to provide the data responsive to the memory access request to the requesting device using the memory address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Serebrin, Benjamin C.
Primary Examiner(s)
Abedin, Shanto
Assistant Examiner(s)
Stoica, Adrian

Application Number

US16/031,525
Publication Number

US 20180324181A1
Time in Patent Office

343 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/1081   for peripheral access to ma...

G06F 12/1408   by using cryptography for d...

G06F 12/1475   in a virtual system, e.g. w...

G06F 21/79   in semiconductor storage me...

G06F 2212/1052   Security improvement

H04L 63/062   for key distribution, e.g. ...

H04L 63/0876   based on the identity of th...

H04L 63/164   at the network layer

H04L 9/3247   involving digital signatures

Address validation using signatures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Address validation using signatures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links