-
公开(公告)号:US20240086337A1
公开(公告)日:2024-03-14
申请号:US18513197
申请日:2023-11-17
发明人: Lucien J. Bissey
CPC分类号: G06F12/1408 , G06F3/0623 , G06F3/0647 , G06F3/0652 , G06F3/0659 , G06F3/0679 , G06F21/602 , H04L9/0643 , G06F2212/1052 , G06F2212/2022
摘要: Methods, apparatuses, and systems related to data management and security in a memory device are described. Data may be stored in a memory system, and as part of an operation to move data from one region to another in the memory system, the data may be validated using one or more hash functions. For example, a memory device may compute a hash value of some stored data, and use the hash value to validate another version of that stored data in the process of writing the other version stored data to a region of the memory system. The memory device may store another hash that is generated from the hash of the stored data and a record of transactions such that transactions are identifiable; the sequence of transactions within the memory system may also be identifiable. Hashes of transactions may be stored throughout the memory system or among memory systems.
-
公开(公告)号:US11921645B2
公开(公告)日:2024-03-05
申请号:US17946762
申请日:2022-09-16
申请人: Intel Corporation
CPC分类号: G06F12/1408 , G06F12/0835 , G06F12/1466 , G06F13/28 , G06F21/602 , G06F21/78 , G06F21/85 , G06F2212/1052 , G06F2212/402
摘要: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).
-
公开(公告)号:US20240070091A1
公开(公告)日:2024-02-29
申请号:US17822847
申请日:2022-08-29
申请人: Intel Corporation
IPC分类号: G06F12/14
CPC分类号: G06F12/1441 , G06F12/1408 , G06F12/1458
摘要: An apparatus comprises a hardware processor to program a memory table for a trusted domain with a first device identifier associated with a device, a guest physical address (GPA) range associated with the device, and a guest physical address offset, receive a memory access request from the device, the memory access request comprising a second device identifier and a guest physical address, and validate the memory access request using the memory table.
-
公开(公告)号:US20240070089A1
公开(公告)日:2024-02-29
申请号:US18351986
申请日:2023-07-13
发明人: Lance W. Dover
CPC分类号: G06F12/1408 , H04L9/3242 , G06F2212/1052
摘要: Methods, systems, and devices for a measurement command for memory systems are described. A memory system and a host system may support a measure command to calculate a cryptographic value of data stored in a region of the memory system. In some cases, a region indicated by the measure command may correspond to a protected region of the memory system. In such cases, the measure command may include a cryptographic signature from the host system. Upon receiving the measure command, the memory system may perform a hashing operation on the data to generate the cryptographic value. In some cases, the memory system may transmit the digest to the host. Additionally or alternatively, the memory system may extend the digest into a register indicated by the command. Further, the measure command may be used to generate a key pair associated with the memory system.
-
公开(公告)号:US20240061943A1
公开(公告)日:2024-02-22
申请号:US18499133
申请日:2023-10-31
申请人: Intel Corporation
IPC分类号: G06F21/60 , G06F12/0897 , G06F9/30 , G06F9/48 , G06F21/72 , H04L9/06 , G06F12/06 , G06F12/0875 , G06F21/79 , G06F9/455 , G06F12/0811 , G06F21/12 , H04L9/08 , G06F12/14 , G06F9/32 , G06F9/50 , G06F12/02 , H04L9/14 , G06F21/62
CPC分类号: G06F21/602 , G06F12/0897 , G06F9/30101 , G06F9/30178 , G06F9/48 , G06F21/72 , H04L9/0637 , G06F12/0646 , G06F12/0875 , G06F21/79 , G06F9/45558 , G06F12/0811 , G06F21/12 , H04L9/0861 , G06F12/1408 , G06F12/1466 , G06F9/321 , G06F9/5016 , G06F12/0207 , H04L9/0869 , H04L9/14 , G06F9/30043 , H04L9/0822 , H04L9/0894 , G06F12/1458 , G06F21/6227 , H04L2209/125 , G06F2212/1052 , G06F2009/45587
摘要: Technologies disclosed herein provide cryptographic computing. An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits derived, at least in part, from the encoded pointer.
-
公开(公告)号:US11907559B1
公开(公告)日:2024-02-20
申请号:US17883651
申请日:2022-08-09
发明人: Itay Admon , Uri Kaluzhny , Nir Tasher
CPC分类号: G06F3/0644 , G06F3/0622 , G06F11/1044 , G06F3/0679
摘要: A memory device includes a memory, a secure-access circuit, a plain-access circuit, and protection hardware. The memory includes at least a secure-storage partition assigned a first address range and a plain-storage partition assigned a second address range, disjoint from the first address range. The secure-access circuit is configured to access the secure-storage partition by generating addresses in the first address range. The plain-access circuit is configured to access the plain-storage partition by generating addresses in the second address range. The protection hardware is configured to prevent the plain-access circuit from accessing the first address range assigned to the secure-storage partition.
-
公开(公告)号:US20240054080A1
公开(公告)日:2024-02-15
申请号:US17886981
申请日:2022-08-12
申请人: Intel Corporation
发明人: Michael LeMay , David M. Durham
IPC分类号: G06F12/14
CPC分类号: G06F12/1458 , G06F12/1408 , G06F12/1433
摘要: A processor core requests a cacheline to be loaded from a memory in a memory access request; and a cache determines a speculated color value for the memory access request, receives a data granule of the cacheline from the memory, and decrypts data of the data granule using the speculated color value.
-
公开(公告)号:US11899595B2
公开(公告)日:2024-02-13
申请号:US17929650
申请日:2022-09-02
CPC分类号: G06F12/1466 , G06F3/067 , G06F3/0608 , G06F3/0619 , G06F3/0622 , G06F3/0652 , G06F3/0671 , G06F3/0673 , G06F11/1435 , G06F11/1453 , G06F16/162 , G06F16/1873 , G06F16/2329 , G06F2201/80 , G06F2201/84 , G06F2212/1052
摘要: Systems and methods for providing object versioning in a storage system may support the logical deletion of stored objects. In response to a delete operation specifying both a user key and a version identifier, the storage system may permanently delete the specified version of an object having the specified key. In response to a delete operation specifying a user key, but not a version identifier, the storage system may create a delete marker object that does not contain object data, and may generate a new version identifier for the delete marker. The delete marker may be stored as the latest object version of the user key, and may be addressable in the storage system using a composite key comprising the user key and the new version identifier. Subsequent attempts to retrieve the user key without specifying a version identifier may return an error, although the object was not actually deleted.
-
公开(公告)号:US20240045812A1
公开(公告)日:2024-02-08
申请号:US18489204
申请日:2023-10-18
发明人: Stephen Hanna
IPC分类号: G06F12/14 , G06F11/10 , G06F21/79 , H04L9/08 , G06F12/02 , G11C16/14 , G06F21/60 , H03M13/11
CPC分类号: G06F12/1408 , G06F11/1004 , G06F21/79 , H04L9/0861 , H04L9/0891 , G06F12/0246 , G11C16/14 , G06F12/1475 , G06F21/602 , H03M13/1102 , G06F2212/7205 , G06F2212/7201 , G06F2212/402 , G06F2212/202 , G06F2212/1052
摘要: A memory control unit of a memory device includes at least one hardware processor; and memory storing instructions that cause the at least one hardware processor to perform operations comprising: generating a scrambler seed and a logical block address (LBA) for a block of write data received by the memory control unit from a host device; generating a flash translation layer (FTL) to map the LBA to a physical address (PA); scrambling the block of data using the scrambler seed; encrypting the scrambler seed, the LBA, and the PA in the FTL using an encryption key; initiating writing a scrambled block of data and encrypted LBA and scrambler seed to a memory array; and decrypting the FTL using an incorrect encryption key in response to an erase command received by the memory control unit from the host device.
-
公开(公告)号:US11895236B2
公开(公告)日:2024-02-06
申请号:US18097867
申请日:2023-01-17
发明人: Chun-Hsiung Hung , Chin-Hung Chang
IPC分类号: H04L9/08 , H04L9/32 , G06F12/14 , G11C7/24 , G09C1/00 , G11C16/22 , G06F12/02 , H03K19/003 , G11C7/10 , G11C8/20 , G11C16/04
CPC分类号: H04L9/0866 , G06F12/0246 , G06F12/1408 , G06F12/1425 , G09C1/00 , G11C7/24 , G11C16/22 , H04L9/3278 , G06F2212/1052 , G11C7/1006 , G11C8/20 , G11C16/0425 , G11C16/0466 , H03K19/003 , H04L2209/12
摘要: A device which can be implemented on a single packaged integrated circuit or a multichip module comprises a plurality of non-volatile memory cells, and logic to use a physical unclonable function to produce a key and to store the key in a set of non-volatile memory cells in the plurality of non-volatile memory cells. The physical unclonable function can use entropy derived from non-volatile memory cells in the plurality of non-volatile memory cells to produce a key. Logic is described to disable changes to data in the set of non-volatile memory cells, and thereby freeze the key after it is stored in the set.
-
-
-
-
-
-
-
-
-
搜索结果
19575 条记录 (耗时 0.054 秒)
