利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

75 条记录 (耗时 0.044 秒)

    Method and system for memory protection and security using credentials
    3.
    发明授权
    Method and system for memory protection and security using credentials 失效
    用于内存保护和安全使用凭证的方法和系统

    公开(公告)号:US07757280B2

    公开(公告)日:2010-07-13

    申请号:US11333066

    申请日:2006-01-17

    申请人: Michael Backes Shmuel Ben-Yehuda Jan Leonhard Camenisch Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III Michael Waidner

    发明人: Michael Backes Shmuel Ben-Yehuda Jan Leonhard Camenisch Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III Michael Waidner

    IPC分类号: G06F21/00 H04L12/14

    CPC分类号: G06F12/1433 G06F12/1441 G06F12/1466

    摘要: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.

    摘要翻译: 提供了一种用于保护存储器的计算机实现的方法。 该方法包括响应于从消费者接收的用于从IO设备到存储器的数据交易的直接存储器访问(DMA)请求,该请求包括IO命令和能力(CAP),生成加密签名的能力(CAPB ),从CAP和CAPB形成证书,将凭证附加到IO命令,根据凭证和IO命令配置IO设备,将数据从IO设备发送到存储器,并且在允许执行DMA之前, 认证证书是有效的,还包括从认证实体和CAP(包括在CAPB中)的可用密钥中重新生成CAPB,并验证以加密签名能力描述的存储器区域信息是否与被请求的区域相同 最初创建,并且加密签名的功能包含IO命令。

    Enhanced Direct Memory Access
    7.
    发明申请
    Enhanced Direct Memory Access 有权
    增强的直接内存访问

    公开(公告)号:US20090276571A1

    公开(公告)日:2009-11-05

    申请号:US12111968

    申请日:2008-04-30

    申请人: Alan Frederic Benner Shmuel Ben-Yehuda Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    发明人: Alan Frederic Benner Shmuel Ben-Yehuda Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    IPC分类号: G06F9/30 G06F12/00

    CPC分类号: G06F9/3851 G06F9/3824 G06F12/0877 G06F12/0891

    摘要: A method for facilitating direct memory access in a computing system in response to a request to transfer data is provided. The method comprises selecting a thread for transferring the data, wherein the thread executes on a processing core within the computing system; providing the thread with the request, wherein the request comprises information for carrying out a data transfer; and transferring the data according to the request. The method may further comprise: coordinating the request with a memory management unit, such that virtual addresses may be used to transfer data; invalidating a cache line associated with the source address or flushing a cache line associated with the destination address, if requested. Multiple threads can be selected to transfer data based on their proximity to the destination address.

    摘要翻译: 提供了一种用于响应于传送数据的请求而促进计算系统中的直接存储器访问的方法。 该方法包括选择用于传送数据的线程,其中线程在计算系统内的处理核上执行; 向所述线程提供所述请求,其中所述请求包括用于执行数据传送的信息; 并根据请求传送数据。 该方法还可以包括:将请求与存储器管理单元协调,使得可以使用虚拟地址来传送数据; 如果请求,则使与源地址相关联的高速缓存行无效或者刷新与目的地地址相关联的高速缓存行。 可以选择多个线程以根据其到目的地地址的接近度传输数据。

    Enhanced direct memory access
    8.
    发明授权
    Enhanced direct memory access 有权
    增强的直接内存访问

    公开(公告)号:US08949569B2

    公开(公告)日:2015-02-03

    申请号:US12111968

    申请日:2008-04-30

    申请人: Alan Frederic Benner Shmuel Ben-Yehuda Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    发明人: Alan Frederic Benner Shmuel Ben-Yehuda Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    IPC分类号: G06F9/26 G06F9/38 G06F12/08

    CPC分类号: G06F9/3851 G06F9/3824 G06F12/0877 G06F12/0891

    摘要: A method for facilitating direct memory access in a computing system in response to a request to transfer data is provided. The method comprises selecting a thread for transferring the data, wherein the thread executes on a processing core within the computing system; providing the thread with the request, wherein the request comprises information for carrying out a data transfer; and transferring the data according to the request. The method may further comprise: coordinating the request with a memory management unit, such that virtual addresses may be used to transfer data; invalidating a cache line associated with the source address or flushing a cache line associated with the destination address, if requested. Multiple threads can be selected to transfer data based on their proximity to the destination address.

    摘要翻译: 提供了一种用于响应于传送数据的请求而促进计算系统中的直接存储器访问的方法。 该方法包括选择用于传送数据的线程,其中线程在计算系统内的处理核上执行; 向所述线程提供所述请求,其中所述请求包括用于执行数据传送的信息; 并根据请求传送数据。 该方法还可以包括:将请求与存储器管理单元协调,使得可以使用虚拟地址来传送数据; 如果请求,则使与源地址相关联的高速缓存行无效或者刷新与目的地地址相关联的高速缓存行。 可以选择多个线程以根据其到目的地地址的接近度传输数据。

    Method and system for protection and security of IO devices using credentials
    9.
    发明授权
    Method and system for protection and security of IO devices using credentials 有权
    使用凭证的IO设备的保护和安全的方法和系统

    公开(公告)号:US07925801B2

    公开(公告)日:2011-04-12

    申请号:US11333716

    申请日:2006-01-17

    申请人: Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    发明人: Ton Engbersen Zorik Machulsky Julian Satran Leah Shalev Ilan Shimony Thomas Basil Smith, III

    IPC分类号: G06F3/00 G06F5/00

    CPC分类号: G06F21/85 G06Q20/3821

    摘要: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.

    摘要翻译: 提供了使用凭证的IO设备的保护和安全性的方法和系统。 该系统可以包括至少一个消费者,被安排为从IO设备发起IO请求,并且IO请求可以包括IO能力分配和附加参数。 该系统还可以包括IO资源管理器(IORM),其被配置为将IO能力分配和包括在所述IO请求中的附加参数转换成消费者或一组消费者的一组能力令牌以产生保护的全局密钥 能力标记,并进一步安排管理IO设备。 该系统还可以包括被配置为向IO设备传送和接收IO请求的信道组件。

    System, method and computer program product for inviting other virtual machine to access a memory space allocated to a virtual machine
    10.
    发明授权
    System, method and computer program product for inviting other virtual machine to access a memory space allocated to a virtual machine 有权
    用于邀请其他虚拟机访问分配给虚拟机的内存空间的系统,方法和计算机程序产品

    公开(公告)号:US08898665B2

    公开(公告)日:2014-11-25

    申请号:US13407782

    申请日:2012-02-29

    申请人: Shmuel Ben-Yehuda Zorik Machulsky Julian Satran Edward J. Seminaro Leah Shalev Ilan Shimony

    发明人: Shmuel Ben-Yehuda Zorik Machulsky Julian Satran Edward J. Seminaro Leah Shalev Ilan Shimony

    IPC分类号: G06F9/52 H04L9/32 G06F9/455

    CPC分类号: G06F9/45558 G06F2009/45583

    摘要: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.

    摘要翻译: 一种用于访问分配给虚拟机的存储器空间的方法,所述方法包括:从所述虚拟机接收请求以为另一虚拟机生成与分配给所述虚拟机的某个存储空间相关联的存储凭证; 响应于该请求生成加密签名的证书; 将密码签名的凭证发送到另一个虚拟机; 从所述另一虚拟机接收访问所述特定存储器空间内的至少一个存储器条目的访问请求; 以及如果所述访问请求符合所述存储凭证,则访问所述至少一个存储器条目。