Virtualized network interface for remote direct memory access over converged ethernet
First Claim
1. A method for generating an opaque data comprising a stream identifier, which identifies memory region and access controls permitted to be accessed by data fields of a packet containing the stream identifier, the packet being formatted in accordance with remote direct memory access over converged Ethernet, comprising:
- encrypting at least a part of the stream identifier with a first secret random data to provide an encrypted stream identifier;
generating a digest by applying a cryptographic hash to the at least the part of the stream identifier; and
combining the encrypted stream identifier with the digest to generate the opaque data, wherein the opaque data comprises a remote key (R-Key) in accordance with Infiniband specification.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and a system embodying the method for generating an opaque data comprising a stream identifier, comprising encrypting at least part of a stream identifier with a first secret random data to provide an encrypted stream identifier; generating a digest by applying a cryptographic hash to at least the at least the part of the stream identifier; and combining the encrypted stream identifier with the digest, is disclosed Additionally, a method and a system embodying the method for reconstructing a stream identifier from the opaque data indicating permission to access a region of a storage at an entity that generated the opaque data is disclosed.
14 Citations
23 Claims
-
1. A method for generating an opaque data comprising a stream identifier, which identifies memory region and access controls permitted to be accessed by data fields of a packet containing the stream identifier, the packet being formatted in accordance with remote direct memory access over converged Ethernet, comprising:
-
encrypting at least a part of the stream identifier with a first secret random data to provide an encrypted stream identifier; generating a digest by applying a cryptographic hash to the at least the part of the stream identifier; and combining the encrypted stream identifier with the digest to generate the opaque data, wherein the opaque data comprises a remote key (R-Key) in accordance with Infiniband specification. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for generating an opaque data comprising a stream identifier, which identifies memory region and access controls permitted to be accessed by data fields of a packet containing the stream identifier, the packet being formatted in accordance with remote direct memory access over converged Ethernet, comprising:
-
an entity configured to encrypt at least a part of the stream identifier with a first secret random data to provide an encrypted stream identifier, to generate a digest by applying a cryptographic hash to the at least the part of the stream identifier, and to combine the encrypted stream identifier with the digest to generate the opaque data, wherein the opaque data comprises a remote key (R-Key) in accordance with specification implementing Infiniband specification. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method for reconstructing a stream identifier, which identifies memory region and access controls permitted to be accessed by data fields of a packet containing the stream identifier, the packet being formatted in accordance with remote direct memory access over converged Ethernet, comprising:
-
receiving an opaque data at an entity that generated the opaque data, wherein the opaque data comprises a remote key (R-Key) in accordance with Infiniband specification; separating the opaque data into an encrypted stream identifier and a first digest; decrypting the encrypted stream identifier with a first secret random data to provide a decrypted stream identifier; and verifying the decrypted stream identifier using the first digest. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. An apparatus for reconstructing a stream identifier, which identifies memory region and access controls permitted to be accessed by data fields of a packet containing the stream identifier, the packet being formatted in accordance with remote direct memory access over converged Ethernet, comprising:
-
a virtual interface network card configured to receive an opaque data at an entity that generated the opaque data, wherein the opaque data comprises a remote key (R-Key) in accordance with Infiniband specification; to separate the opaque data into an encrypted stream identifier and a first digest; to decrypt the encrypted stream identifier with a first secret random data to provide a decrypted stream identifier; and to verify the decrypted stream identifier using the first digest. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification