Secure multiprotocol interface

Abstract

A network interface for secure multiprotocol data communication includes a doorbell circuit, a processor, memory, and a bridge circuit. The doorbell circuit responds to physical I/O addresses of the host that are mapped by a memory management unit by a registration process. An application program seeking to use a multiprotocol channel must register the virtual address of host memory where data for communication is or will be stored and register the virtual address of a page of I/O addresses. Access to the doorbell functions and to the host memory via the memory management unit are therefore denied when the requesting process identifier does not successfully compare with the process identifier for the process that performed the registrations. A password may be stored in the network interface in association with a multiprotocol channel identifier and stored in association with the virtual to physical map used for communication. The network interface may abandon a requested or implied data communication function when passwords do not successfully compare. Methods for multiprotocol communication performed by an application program may include one or more of the steps of (a) establishing a multiprotocol channel where physical I/O addresses of a network controller are secured; (b) registering host memory for use with a multiprotocol channel where physical memory addresses are secured; (c) describing blocks of host memory with reference to a memory handle; and (d) accomplishing data communication of a described block of host memory via an established channel where the data and controls of the channel are secured and the data and controls of other channels are secured. Security is provided against both erroneous operations and operations intentionally effected by rouge processes.