公开(公告)号：US20160182223A1

公开(公告)日：2016-06-23

申请号：US14581946

申请日：2014-12-23

申请人： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

发明人： Eugene M. Kishinevsky ,  Uday R. Savagaonkar ,  Alpa T. Narendra Trivedi ,  Siddhartha Chhabra ,  Baiju V. Patel ,  Men Long ,  Kirk S. Yap ,  David M. Durham

IPC分类号： H04L9/06 ,  G06F12/14 ,  G06F21/62

CPC分类号： H04L9/0631 ,  G06F12/1408 ,  G06F12/1425 ,  G06F21/602 ,  G06F21/85 ,  G06F2212/1052 ,  G06F2212/402 ,  G09C1/00 ,  H04L2209/125 ,  Y02D10/13

摘要： Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

摘要翻译： 描述加密接口技术。 处理器可以包括系统代理，加密接口和存储器控制器。 系统代理可以与硬件功能块通信数据。 加密接口可以耦合在系统代理和存储器控制器之间。 加密接口可以从系统代理接收明文请求，加密明文请求以获得加密请求，并将加密的请求传送到存储器控制器。 存储器控制器可以将加密的请求传送到计算设备的主存储器。

公开(公告)号：US20160283750A1

公开(公告)日：2016-09-29

申请号：US14669235

申请日：2015-03-26

申请人： David M. Durham ,  Siddhartha Chhabra ,  Jungju Oh ,  Men Long ,  Eugene M. Kishinevsky

发明人： David M. Durham ,  Siddhartha Chhabra ,  Jungju Oh ,  Men Long ,  Eugene M. Kishinevsky

IPC分类号： G06F21/79 ,  G06F12/14 ,  H04L9/08 ,  G06F21/71 ,  H04L9/06

CPC分类号： G06F21/79 ,  G06F12/1408 ,  G06F21/71 ,  G06F2212/1052 ,  H04L9/0891 ,  H04L9/3242

摘要： In an embodiment, a processor includes: at least one core to execute instructions; a cache memory coupled to the at least one core to store data; and a tracker cache memory coupled to the at least one core. The tracker cache memory includes entries to store an integrity value associated with a data block to be written to a memory coupled to the processor. Other embodiments are described and claimed.

摘要翻译： 在一个实施例中，处理器包括：执行指令的至少一个核心; 耦合到所述至少一个核心以存储数据的高速缓存存储器; 以及耦合到所述至少一个核的跟踪器缓存存储器。 跟踪器缓存存储器包括用于存储与要写入耦合到处理器的存储器的数据块相关联的完整性值的条目。 描述和要求保护其他实施例。

公开(公告)号：US20160378687A1

公开(公告)日：2016-12-29

申请号：US14750664

申请日：2015-06-25

申请人： David M. Durham ,  Siddhartha Chhabra ,  Men Long ,  Eugene M. Kishinevsky

发明人： David M. Durham ,  Siddhartha Chhabra ,  Men Long ,  Eugene M. Kishinevsky

IPC分类号： G06F12/14 ,  H04L9/32 ,  G06F12/08

CPC分类号： G06F12/1408 ,  G06F12/0864 ,  G06F12/0875 ,  G06F21/602 ,  G06F21/64 ,  G06F2212/1052 ,  G06F2212/402 ,  G06F2212/60 ,  H04L9/0637 ,  H04L9/0643 ,  H04L9/3242 ,  H04L9/3247

摘要： Technologies for memory encryption include a computing device to generate a keyed hash of a data line based on a statistical counter value and a memory address to which to write the data line and to store the keyed hash to a cache line. The statistical counter value has a reference probability of incrementing at each write operation. The cache line includes a plurality of keyed hashes and each of the keyed hashes corresponds with a different data line. The computing device further encrypts the data line based on the keyed hash, the memory address, and the statistical counter value.

摘要翻译： 用于存储器加密的技术包括计算设备，用于基于统计计数​​器值和存储器地址生成数据线的密钥哈希，用于写入数据线并将密钥散列存储到高速缓存行。 统计计数器值在每次写入操作时具有递增的参考概率。 高速缓存线包括多个键控哈希，并且每个键控哈希对应于不同的数据线。 计算设备还基于密钥哈希，存储器地址和统计计数器值对数据线进行加密。

公开(公告)号：US20140040632A1

公开(公告)日：2014-02-06

申请号：US13976930

申请日：2011-12-28

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

IPC分类号： G06F21/64

CPC分类号： G06F21/64 ,  G06F12/1408 ,  G06F21/00 ,  G06F21/77

摘要： A method and system to provide a low-overhead cryptographic scheme that affords memory confidentiality, integrity and replay-protection by removing the critical read-after-write dependency between the various levels of the cryptographic tree. In one embodiment of the invention, the cryptographic processing of a child node can be pipelined with that of the parent nodes. This parallelization provided by the invention results in an efficient utilization of the cryptographic pipeline, enabling significantly lower performance overheads.

摘要翻译： 一种提供低开销加密方案的方法和系统，其通过去除加密树的各个级别之间的关键读后依赖关系来提供内存机密性，完整性和重放保护。 在本发明的一个实施例中，子节点的密码处理可以与母节点的密码处理流水线化。 由本发明提供的这种并行化导致密码流水线的有效利用，能够显着降低性能开销。

公开(公告)号：US09092644B2

公开(公告)日：2015-07-28

申请号：US13976935

申请日：2011-12-28

申请人： Alpa T. Narendra Trivedi ,  David M. Durham ,  Men Long ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas

发明人： Alpa T. Narendra Trivedi ,  David M. Durham ,  Men Long ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas

IPC分类号： G06F21/64 ,  H04L9/06 ,  G06F12/14 ,  G06F21/78 ,  G06F21/79

CPC分类号： G06F21/64 ,  G06F12/1408 ,  G06F21/78 ,  G06F21/79 ,  H04L9/0643 ,  H04L2209/12

摘要： A method and system to provide an effective, scalable and yet low-cost solution for Confidentiality, Integrity and Replay protection for sensitive information stored in a memory and prevent an attacker from observing and/or modifying the state of the system. In one embodiment of the invention, the system has strong hardware protection for its memory contents via XTS-tweak mode of encryption where the tweak is derived based on “Global and Local Counters”. This scheme offers to enable die-area efficient Replay protection for any sized memory by allowing multiple counter levels and facilitates using small counter-sizes to derive the “tweak” used in the XTS encryption without sacrificing cryptographic strength.

摘要翻译： 一种方法和系统，为存储在存储器中的敏感信息提供有效，可扩展且低成本的保密性，完整性和重放保护解决方案，并防止攻击者观察和/或修改系统的状态。 在本发明的一个实施例中，系统通过经由XTS调整加密模式对其存储器内容具有强大的硬件保护，其中基于“全局和本地计数器”导出调整。 该方案提供了通过允许多个计数器级别为任何大小的存储器提供芯片区域高效的重放保护，并有助于使用小型计数器来导出XTS加密中使用的“调​​整”，而不会牺牲加密强度。

公开(公告)号：US20140101461A1

公开(公告)日：2014-04-10

申请号：US13646105

申请日：2012-10-05

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  David M. Durham ,  Niranjan L. Cooray ,  Men Long ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  David M. Durham ,  Niranjan L. Cooray ,  Men Long ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi

IPC分类号： G06F12/14

CPC分类号： G06F12/1408 ,  G06F21/71

摘要： A processor includes a memory encryption engine that provides replay and confidentiality protections to a memory region. The memory encryption engine performs low-overhead parallelized tree walks along a counter tree structure. The memory encryption engine upon receiving an incoming read request for the protected memory region, performs a dependency check operation to identify dependency between the incoming read request and an in-process request and to remove the dependency when the in-process request is a read request that is not currently suspended.

摘要翻译： 处理器包括为存储器区域提供重放和保密性保护的存储器加密引擎。 存储器加密引擎沿着计数器树结构执行低架构并行化的树行走。 存储器加密引擎在接收到对受保护的存储器区域的传入读取请求时，执行依赖性检查操作以识别传入的读取请求与进程内请求之间的依赖关系，并且当进程内请求是读取请求时，去除依赖关系 目前尚未暂停。

公开(公告)号：US09053346B2

公开(公告)日：2015-06-09

申请号：US13976930

申请日：2011-12-28

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi ,  Men Long ,  David M. Durham

IPC分类号： G06F12/00 ,  G06F21/64 ,  G06F12/14 ,  G06F21/00 ,  G06F21/77

CPC分类号： G06F21/64 ,  G06F12/1408 ,  G06F21/00 ,  G06F21/77

摘要： A method and system to provide a low-overhead cryptographic scheme that affords memory confidentiality, integrity and replay-protection by removing the critical read-after-write dependency between the various levels of the cryptographic tree. In one embodiment of the invention, the cryptographic processing of a child node can be pipelined with that of the parent nodes. This parallelization provided by the invention results in an efficient utilization of the cryptographic pipeline, enabling significantly lower performance overheads.

摘要翻译： 一种提供低开销加密方案的方法和系统，其通过去除加密树的各个级别之间的关键读后依赖关系来提供内存机密性，完整性和重放保护。 在本发明的一个实施例中，子节点的密码处理可以与母节点的密码处理流水线化。 由本发明提供的这种并行化导致密码流水线的有效利用，能够显着降低性能开销。

公开(公告)号：US08819455B2

公开(公告)日：2014-08-26

申请号：US13646105

申请日：2012-10-05

申请人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  David M. Durham ,  Niranjan L. Cooray ,  Men Long ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi

发明人： Siddhartha Chhabra ,  Uday R. Savagaonkar ,  David M. Durham ,  Niranjan L. Cooray ,  Men Long ,  Carlos V. Rozas ,  Alpa T. Narendra Trivedi

IPC分类号： G06F11/30 ,  G06F12/14

CPC分类号： G06F12/1408 ,  G06F21/71

摘要： A processor includes a memory encryption engine that provides replay and confidentiality protections to a memory region. The memory encryption engine performs low-overhead parallelized tree walks along a counter tree structure. The memory encryption engine upon receiving an incoming read request for the protected memory region, performs a dependency check operation to identify dependency between the incoming read request and an in-process request and to remove the dependency when the in-process request is a read request that is not currently suspended.

摘要翻译： 处理器包括为存储器区域提供重放和保密性保护的存储器加密引擎。 存储器加密引擎沿着计数器树结构执行低架构并行化的树行走。 存储器加密引擎在接收到对受保护的存储器区域的传入读取请求时，执行依赖性检查操作以识别传入的读取请求与进程内请求之间的依赖关系，并且当进程内请求是读取请求时，去除依赖关系 目前尚未暂停。

公开(公告)号：US20140208109A1

公开(公告)日：2014-07-24

申请号：US13976935

申请日：2011-12-28

申请人： Alpa T. Narendra Trivedi ,  David M. Durham ,  Men Long ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas

发明人： Alpa T. Narendra Trivedi ,  David M. Durham ,  Men Long ,  Siddhartha Chhabra ,  Uday R. Savagaonkar ,  Carlos V. Rozas

IPC分类号： H04L29/06

CPC分类号： G06F21/64 ,  G06F12/1408 ,  G06F21/78 ,  G06F21/79 ,  H04L9/0643 ,  H04L2209/12

摘要： A method and system to provide an effective, scalable and yet low-cost solution for Confidentiality, Integrity and Replay protection for sensitive information stored in a memory and prevent an attacker from observing and/or modifying the state of the system. In one embodiment of the invention, the system has strong hardware protection for its memory contents via XTS-tweak mode of encryption where the tweak is derived based on “Global and Local Counters”. This scheme offers to enable die-area efficient Replay protection for any sized memory by allowing multiple counter levels and facilitates using small counter-sizes to derive the “tweak” used in the XTS encryption without sacrificing cryptographic strength.

摘要翻译： 一种方法和系统，为存储在存储器中的敏感信息提供有效，可扩展且低成本的保密性，完整性和重放保护解决方案，并防止攻击者观察和/或修改系统的状态。 在本发明的一个实施例中，系统通过经由XTS调整加密模式对其存储器内容具有强大的硬件保护，其中基于“全局和本地计数器”导出调整。 该方案提供了通过允许多个计数器级别为任何大小的存储器提供芯片区域高效的重放保护，并有助于使用小型计数器来导出XTS加密中使用的“调​​整”，而不会牺牲加密强度。

公开(公告)号：US10223298B2

公开(公告)日：2019-03-05

申请号：US15376442

申请日：2016-12-12

申请人： Siddhartha Chhabra ,  Men Long ,  Carlos Cornelas Ornelas ,  Edgar Borrayo ,  Alpa T. Narendra Trivedi

发明人： Siddhartha Chhabra ,  Men Long ,  Carlos Cornelas Ornelas ,  Edgar Borrayo ,  Alpa T. Narendra Trivedi

IPC分类号： G06F13/16 ,  G06F13/18

摘要： Embodiments of the invention include a machine-readable medium having stored thereon instructions, which if performed by a machine causes the machine to perform a method that includes assigning an urgency of requests based on a priority level for incoming requests and associated entries in at least one priority queue, assigning an urgency delta for anti-starvation that indicates urgency promotion to prevent starvation for the incoming requests in the at least one priority queue, determining conflict information including whether an incoming request is dependent on any request already present in the at least one queue, determining all contending requests within the at least one priority queue during a cycle, and sending a selected contending request to a memory controller for accessing memory.