Remote-key based memory buffer access control mechanism
First Claim
1. A system comprising:
- a local node comprising a local memory and at least one coprocessor coupled with the local memory, each coprocessor comprising a register;
a plurality of base secrets, wherein each of the plurality of base secrets is associated with a base secret index, wherein each register is configured to store the plurality of base secrets based on the base secret index;
at least one primary processor configured to execute software instructions that cause the at least one primary processor to change a selected base secret in the registers based on a selected base secret index associated with the selected base secret;
wherein a selected coprocessor selected from the at least one coprocessor is configured to;
receive a first remote key comprising a first base secret index and first validation data generated based on a first base secret, wherein the first remote key is received from a first node requesting access to the local memory;
obtain a validation base secret stored in the register of the selected coprocessor based on the first base secret index;
perform hardware validation on the first validation data based on the validation base secret, wherein hardware validation fails when the base secret associated with the first base secret index has been changed in the register of the selected coprocessor;
grant the first node access to the local memory after successful hardware validation on the first validation data.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method implementing revocable secure remote keys is disclosed. A plurality of indexed base secrets is stored in a register of a coprocessor of a local node coupled with a local memory. When it is determined that a selected base secret expired, the base secret stored in the register based on the base secret index is changed, thereby invalidating remote keys generated based on the expired base secret. A remote key with validation data and a base secret index is received from a node requesting access to the local memory. A validation base secret is obtained from the register based on the base secret index. The coprocessor performs hardware validation on the validation data based on the validation base secret. Hardware validation fails if the base secret associated with the base secret index has been changed in the register of the selected coprocessor.
-
Citations
32 Claims
-
1. A system comprising:
-
a local node comprising a local memory and at least one coprocessor coupled with the local memory, each coprocessor comprising a register; a plurality of base secrets, wherein each of the plurality of base secrets is associated with a base secret index, wherein each register is configured to store the plurality of base secrets based on the base secret index; at least one primary processor configured to execute software instructions that cause the at least one primary processor to change a selected base secret in the registers based on a selected base secret index associated with the selected base secret; wherein a selected coprocessor selected from the at least one coprocessor is configured to; receive a first remote key comprising a first base secret index and first validation data generated based on a first base secret, wherein the first remote key is received from a first node requesting access to the local memory; obtain a validation base secret stored in the register of the selected coprocessor based on the first base secret index; perform hardware validation on the first validation data based on the validation base secret, wherein hardware validation fails when the base secret associated with the first base secret index has been changed in the register of the selected coprocessor; grant the first node access to the local memory after successful hardware validation on the first validation data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a first node comprising a first local memory and a first plurality of coprocessors coupled with the first local memory, each of the first plurality of coprocessors comprising a register; a first plurality of base secrets associated with the first node, wherein each of the first plurality of base secrets is indexed by a first plurality of base secret indexes, wherein each register of the first plurality of coprocessors is configured to store the first plurality of base secrets based on the first plurality of base secret indexes; a second node comprising a second local memory and a second plurality of coprocessors coupled with the second local memory, each of the second plurality of coprocessors comprising a register; wherein the first node further comprises at least one primary processor configured to execute software instructions that cause the at least one primary processor to change an expired base secret in the registers of the first plurality of coprocessors based on a selected base secret index associated with the expired base secret; wherein a selected first node coprocessor selected from the first plurality of coprocessors is configured to; generate a first remote key comprising a first base secret index and validation data, wherein the validation data is generated based on a first base secret stored in the register of the selected coprocessor based on the first base secret index; transmit the first remote key to the second node to grant the second node access to the first local memory, wherein the second node is authorized to access a portion of the first local memory associated with the first remote key as long as the first base secret remains unchanged; receive the first remote key and a command requiring access to the first local memory from the second node; obtain a validation base secret stored in the register of the selected first node coprocessor based on the first base secret index; perform hardware validation of the first remote key based on the validation base secret, wherein hardware validation fails when the base secret associated with the first base secret index has been changed in the register of the selected first node coprocessor; wherein the selected first node coprocessor is configured to execute the command from the second node after successful hardware validation of the first remote key. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
storing, in each register of at least one coprocessor of a local node, a plurality of base secrets, wherein each of the plurality of base secrets is associated with a base secret index, wherein each register is configured to store the plurality of base secrets based on the base secret index; wherein the local node comprises at least one primary processor, a local memory and the at least one coprocessor, wherein each coprocessor of the at least one coprocessor is coupled with the local memory and comprises a register; performing, by a selected coprocessor selected from the at least one coprocessor; receiving a first remote key comprising a first base secret index and first validation data generated based on a first base secret, wherein the first remote key is received from a first node requesting access to the local memory; obtaining a validation base secret stored in the register of the selected coprocessor based on the first base secret index; performing hardware validation on the first validation data based on the validation base secret, wherein hardware validation fails when the base secret associated with the first base secret index has been changed in the register of the selected coprocessor; granting the first node access to the local memory after successful hardware validation on the first validation data, wherein the at least one primary processor is configured to execute software instructions that cause the at least one primary processor to perform changing a selected base secret in a register of the selected coprocessor based on a selected base secret index associated with the selected base secret; wherein the method is performed by one or more computing devices. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification