Mechanism for facilitating encryption-free integrity protection of storage data at computing systems
First Claim
1. A method comprising:
- receiving a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device, wherein the read task includes reading the first data block;
accessing a first reference cryptographic code at a first metadata cache associated with the first data block, wherein accessing includes determining whether the first reference cryptographic code is associated with the first metadata cache being part of a plurality of integrity metadata data blocks, the first reference cryptographic code including an existing hash-based message authentication code (HMAC);
calculating a first new cryptographic code relating to the first data block, the first new cryptographic code including a new HMAC;
comparing the first new cryptographic code with the first reference cryptographic code;
accepting the read request if the first new cryptographic code matches the first reference cryptographic code, wherein accepting includes facilitating the read task;
denying the read request if the first new cryptographic code mismatches the first reference cryptographic code, wherein denying includes issuing an error message in response to the read request, wherein if a data block containing the first reference cryptographic code is missing from the first metadata cache, the read request is submitted to facilitate the read task to read the missing data block.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism is described for facilitating encryption-free integrity protection of storage data at computing systems according to one embodiment. A method of embodiments of the invention includes receiving a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device. The read task may include reading the first data block. The method may further include accessing a first reference cryptographic code at a first metadata cache associated with the first data block, calculating a first new cryptographic code relating to the first data block, comparing the first new cryptographic code with the first reference cryptographic code, and accepting the read request if the first new cryptographic code matches the first reference cryptographic code. The accepting may further include facilitating the read task.
-
Citations
22 Claims
-
1. A method comprising:
-
receiving a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device, wherein the read task includes reading the first data block; accessing a first reference cryptographic code at a first metadata cache associated with the first data block, wherein accessing includes determining whether the first reference cryptographic code is associated with the first metadata cache being part of a plurality of integrity metadata data blocks, the first reference cryptographic code including an existing hash-based message authentication code (HMAC); calculating a first new cryptographic code relating to the first data block, the first new cryptographic code including a new HMAC; comparing the first new cryptographic code with the first reference cryptographic code; accepting the read request if the first new cryptographic code matches the first reference cryptographic code, wherein accepting includes facilitating the read task; denying the read request if the first new cryptographic code mismatches the first reference cryptographic code, wherein denying includes issuing an error message in response to the read request, wherein if a data block containing the first reference cryptographic code is missing from the first metadata cache, the read request is submitted to facilitate the read task to read the missing data block. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
first logic, at least a portion of which is implemented as hardware, to receive a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device, wherein the read task includes reading the first data block; second logic, at least a portion of which is implemented as hardware, to access a first reference cryptographic code at a first metadata cache associated with the first data block, wherein accessing includes determining whether the first reference cryptographic code is associated with the first metadata cache being part of a plurality of integrity metadata data blocks, the first reference cryptographic code including an existing hash-based message authentication code (HMAC); third logic, at least a portion of which is implemented as hardware, to calculate a first new cryptographic code relating to the first data block, the first new cryptographic code including a new HMAC; fourth logic, at least a portion of which is implemented as hardware, to compare the first new cryptographic code with the first reference cryptographic code; fifth logic, at least a portion of which is implemented as hardware, to accept the read request if the first new cryptographic code matches the first reference cryptographic code, wherein accepting includes facilitating the read task; wherein the fifth logic, at least a portion of which is implemented as hardware, is further to deny the read request if the first new cryptographic code mismatches the first reference cryptographic code, wherein denying includes issuing an error message in response to the read request, wherein if a data block containing the first reference cryptographic code is missing from the first metadata cache, the read request is submitted to facilitate the read task to read the missing data block. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a computing device having a memory to store instructions, and a processing device to execute the instructions, the computing device further having a mechanism to; receive a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device, wherein the read task includes reading the first data block; access a first reference cryptographic code at a first metadata cache associated with the first data block, wherein accessing includes determining whether the first reference cryptographic code is associated with the first metadata cache being part of a plurality of integrity metadata data blocks, the first reference cryptographic code including an existing hash-based message authentication code (HMAC); calculate a first new cryptographic code relating to the first data block, the first new cryptographic code including a new HMAC; compare the first new cryptographic code with the first reference cryptographic code; accept the read request if the first new cryptographic code matches the first reference cryptographic code, wherein accepting includes facilitating the read task; and deny the read request if the first new cryptographic code mismatches the first reference cryptographic code, wherein denying includes issuing an error message in response to the read request, wherein if a data block containing the first reference cryptographic code is missing from the first metadata cache, the read request is submitted to facilitate the read task to read the missing data block. - View Dependent Claims (14, 15, 16)
-
-
17. At least one non-transitory machine-readable storage medium comprising a plurality of instructions that in response to being executed on a computing device, causes the computing device to carry out a method according to one or more operations comprising:
-
receive a read request, from a software application at a computing device, to perform a read task relating to a first data block of data stored at a storage device coupled to the computing device, wherein the read task includes reading the first data block; access a first reference cryptographic code at a first metadata cache associated with the first data block, wherein accessing includes determining whether the first reference cryptographic code is associated with the first metadata cache being part of a plurality of integrity metadata data blocks, the first reference cryptographic code including an existing hash-based message authentication code (HMAC); calculate a first new cryptographic code relating to the first data block, the first new cryptographic code including a new HMAC; compare the first new cryptographic code with the first reference cryptographic code; accept the read request if the first new cryptographic code matches the first reference cryptographic code, wherein accepting includes facilitating the read task; and deny the read request if the first new cryptographic code mismatches the first reference cryptographic code, wherein denying includes issuing an error message in response to the read request, wherein if a data block containing the first reference cryptographic code is missing from the first metadata cache, the read request is submitted to facilitate the read task to read the missing data block. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification