Abstract: Methods and systems are provided for verifying use of encryption keys. A request for verification information may be sent by a network element (e.g., server), with the request comprising combination of one or more identifiers, the combination associated with a particular I/O operation. The request may be sent to another element, which may be a centralized encryption management element (e.g., management server). In response to the request, key use verification information generated for the particular I/O operation may be received, and may be used thereafter in validating a corresponding encryption key, which may be used during data encryption or decryption, based on the received key use verification information and locally generated verification information associated with the particular I/O operation. The one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: Restoring retired transaction identifiers (TID) associated with Direct Memory Access (DMA) commands without waiting for all DMA traffic to terminate is disclosed. A scoreboard is used to track retired TIDs and selectively restore retired TIDs on the fly. DMA engines fetch a TID, and use it to tag every DMA request. If the request is completed, the TID can be recycled to be used to tag a subsequent request. However, if a request is not completed, the TID is retired. Retired TIDs can be restored without having to wait for DMA traffic to end. Any retired TID value may be mapped to a bit location inside a scoreboard. All processors in the system may have access to read and clear the scoreboard. Clearing the TID scoreboard may trigger a DMA engine to restore the TID mapped to that location, and the TID may be used again.

Abstract: Restoring retired transaction identifiers (TID) associated with Direct Memory Access (DMA) commands without waiting for all DMA traffic to terminate is disclosed. A scoreboard is used to track retired TIDs and selectively restore retired TIDs on the fly. DMA engines fetch a TID, and use it to tag every DMA request. If the request is completed, the TID can be recycled to be used to tag a subsequent request. However, if a request is not completed, the TID is retired. Retired TIDs can be restored without having to wait for DMA traffic to end. Any retired TID value may be mapped to a bit location inside a scoreboard. All processors in the system may have access to read and clear the scoreboard. Clearing the TID scoreboard may trigger a DMA engine to restore the TID mapped to that location, and the TID may be used again.

Abstract: Methods and systems are provided for verifying use of encryption keys. A request for verification information may be sent by a network element (e.g., server), with the request comprising combination of one or more identifiers, the combination associated with a particular I/O operation. The request may be sent to another element, which may be a centralized encryption management element (e.g., management server). In response to the request, key use verification information generated for the particular I/O operation may be received, and may be used thereafter in validating a corresponding encryption key, which may be used during data encryption or decryption, based on the received key use verification information and locally generated verification information associated with the particular I/O operation. The one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: A method for sending encrypted data in response to a request for an I/O operation. The method includes the steps of requesting a data encryption key, the request including one or more identifiers unique to the I/O operation; receiving a data encryption key attached with a first key use fingerprint, independently generating a second key use fingerprint in response to the one or more identifiers; comparing the first and the second key use fingerprints; and if the first key use fingerprint matches the second key use fingerprint, using the data encryption key to encrypt the data to be sent. In one embodiment, the one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: Restoring retired transaction identifiers (TID) associated with Direct Memory Access (DMA) commands without waiting for all DMA traffic to terminate is disclosed. A scoreboard is used to track retired TIDs and selectively restore retired TIDs on the fly. DMA engines fetch a TID, and use it to tag every DMA request. If the request is completed, the TID can be recycled to be used to tag a subsequent request. However, if a request is not completed, the TID is retired. Retired TIDs can be restored without having to wait for DMA traffic to end. Any retired TID value may be mapped to a bit location inside a scoreboard. All processors in the system may have access to read and clear the scoreboard. Clearing the TID scoreboard may trigger a DMA engine to restore the TID mapped to that location, and the TID may be used again.

Abstract: Restoring retired transaction identifiers (TID) associated with Direct Memory Access (DMA) commands without waiting for all DMA traffic to terminate is disclosed. A scoreboard is used to track retired TIDs and selectively restore retired TIDs on the fly. DMA engines fetch a TID, and use it to tag every DMA request. If the request is completed, the TID can be recycled to be used to tag a subsequent request. However, if a request is not completed, the TID is retired. Retired TIDs can be restored without having to wait for DMA traffic to end. Any retired TID value may be mapped to a bit location inside a scoreboard. All processors in the system may have access to read and clear the scoreboard. Clearing the TID scoreboard may trigger a DMA engine to restore the TID mapped to that location, and the TID may be used again.

Abstract: A method for sending encrypted data in response to a request for an I/O operation. The method includes the steps of requesting a data encryption key, the request including one or more identifiers unique to the I/O operation; receiving a data encryption key attached with a first key use fingerprint, independently generating a second key use fingerprint in response to the one or more identifiers; comparing the first and the second key use fingerprints; and if the first key use fingerprint matches the second key use fingerprint, using the data encryption key to encrypt the data to be sent. In one embodiment, the one or more identifiers include at least one of a target identifier, a LUN identifier, and a LBA range identifier.

Abstract: A network arbitration scheme is disclosed that manages device access fairness by selectively and dynamically increasing a requestor queue's likelihood of being serviced. A requestor queue increases its service priority by duplicating a request entry onto a set of priority rings maintained by arbitration hardware in a host bus adapter. Duplication occurs when (1) a requestor's queue fill count (the number of descriptors stored in the queue) exceeds a watermark level or (2) a requestor's queue timer times out. In the case of time-out, the requester in the lower priority ring will duplicate itself in the higher priority ring. Because the arbitration hardware services requesters using a round robin selection scheme, the likelihood of a requestor queue being serviced increases as the number of its duplicate request entries on a priority ring increases. Upon being serviced, the requester is able to perform the requested action.

Abstract: The present invention is related to the checking of encryption. Embodiments of the present invention are based on the discovery that sufficiently high reliability may be established without checking every encryption block. Instead, embodiments of the present invention provide that data being encrypted may be sampled at certain rate (which may be constant or varying) and only the sampled data may be checked. In general, embodiments of the present inventions are applicable to a fast encryption circuit that may encrypt an entire stream of incoming data into a stream of encrypted data and one or more slower (or slow) encryption circuit and/or one or more slow decryption circuit that operate(s) only on selected samples of the incoming or encrypted data in order to check the encryption of the fast circuit. Thus, encryption can be verified without incurring the costs of exhaustively checking all encrypted data.

Abstract: Restoring retired transaction identifiers (TID) associated with Direct Memory Access (DMA) commands without waiting for all DMA traffic to terminate is disclosed. A scoreboard is used to track retired TIDs and selectively restore retired TIDs on the fly. DMA engines fetch a TID, and use it to tag every DMA request. If the request is completed, the TID can be recycled to be used to tag a subsequent request. However, if a request is not completed, the TID is retired. Retired TIDs can be restored without having to wait for DMA traffic to end. Any retired TID value may be mapped to a bit location inside a scoreboard. All processors in the system may have access to read and clear the scoreboard. Clearing the TID scoreboard may trigger a DMA engine to restore the TID mapped to that location, and the TID may be used again.

Abstract: A method and system for allowing a host device (e.g., server) to perform programmed direct accesses to peripheral memory (e.g., flash) located on a peripheral device (e.g., HBA), without the assistance of a microprocessor located on the peripheral device. In a preferred embodiment, new host registers are implemented within controller circuitry of the peripheral device, the host registers being configured to be recognized by host software executed by host. The host device reads and writes to the host registers, which causes appropriate controller hardware to access the peripheral nonvolatile memory accordingly. By creating and implementing the new host registers, an enhanced controller is created that allows a host device to directly access peripheral memory, without peripheral processor assistance.