Techniques for data storage protection and integrity checking
First Claim
1. An apparatus to support secure processing comprising:
- a processor component comprising a cache, the cache comprising a cache line to store a first block of data that is to correspond to a second block of encrypted data stored within a storage by the processor component;
a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store a first metadata associated with generation of the second block of encrypted data from the first block of data in response to eviction of the first block of data from the cache line; and
an encrypter to;
encrypt the compressed data and the first metadata within the first block to generate the encrypted data within the second block within the storage;
generate a cryptographic hash of the encrypted data andstore, within the second block within the storage;
(i) encryption metadata associated with the encryption of the compressed data and the encryption of the first metadata, and (ii) integrity metadata indicative of the cryptographic hash of the encrypted data.
2 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments are generally directed to techniques for encrypting stored data. An apparatus includes a processor component comprising a cache that comprises a cache line to store a first block of data corresponding to a second block of encrypted data stored within a storage; a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store metadata associated with generation of the second block of encrypted data from the first block in response to eviction of the first block from the cache line; and an encrypter to encrypt the compressed data within the first block to generate the encrypted data within the second block and to store encryption metadata associated with encrypting the compressed data within the second block as a portion of the metadata associated with the generation of the second block.
-
Citations
25 Claims
-
1. An apparatus to support secure processing comprising:
-
a processor component comprising a cache, the cache comprising a cache line to store a first block of data that is to correspond to a second block of encrypted data stored within a storage by the processor component; a compressor to compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store a first metadata associated with generation of the second block of encrypted data from the first block of data in response to eviction of the first block of data from the cache line; and an encrypter to; encrypt the compressed data and the first metadata within the first block to generate the encrypted data within the second block within the storage; generate a cryptographic hash of the encrypted data and store, within the second block within the storage;
(i) encryption metadata associated with the encryption of the compressed data and the encryption of the first metadata, and (ii) integrity metadata indicative of the cryptographic hash of the encrypted data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus to support secure processing comprising:
-
a processor component comprising a cache, the cache comprising a cache line to store a recreation of a first block of data that is to correspond to a second block of encrypted data stored within a storage of the apparatus by the processor component, the encrypted data comprising a compression indicator indicating whether the data within the first block was compressed to generate the encrypted data within the second block, the encrypted data comprising metadata associated with generation of the second block from the first block; a verifier to, in response to retrieval of the second block of encrypted data from the storage, retrieve integrity metadata from the second block to verify preservation of integrity of the encrypted data, the integrity metadata including a cryptographic hash of the encrypted data; a decrypter to, in response to retrieval of the second block of encrypted data from the storage, decrypt the encrypted data within the second block to recreate the data or to recreate compressed data within the recreation of the first block based on the compression indicator; and a decompressor to decompress the recreated compressed data within the recreation of the first block to recreate the data within the recreation of the first block based on the compression indicator. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer-implemented method for supporting secure processing comprising:
-
storing, within a cache line of a cache of a processor component, a first block of data that is to correspond to a second block of encrypted data stored within a storage by the processor component; compressing the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store a first metadata associated with generation of the second block of encrypted data from the first block of data in response to eviction of the first block of data from the cache line; encrypting the compressed data and the first metadata within the first block to generate the encrypted data within the second block within the storage; generating a cryptographic hash of the encrypted data; and storing, within the second block within the storage;
(i) encryption metadata associated with the encryption of the compressed data and the encryption of the first metadata, and (ii) integrity metadata indicative of the cryptographic hash of the encrypted data. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. At least one non-transitory machine-readable storage medium comprising instructions that when executed by a processing device, cause the processing device to:
-
store, within a cache line of a cache of a processor component, a first block of data that is to correspond to a second block of encrypted data stored within a storage by the processor component; compress the data within the first block to generate compressed data within the first block to clear sufficient storage space within the first block to store a first metadata associated with generation of the second block of encrypted data from the first block of data in response to eviction of the first block of data from the cache line; encrypt the compressed data and the first metadata within the first block to generate the encrypted data within the second block within the storage; generate a cryptographic hash of the encrypted data; and store, within the second block within the storage;
(i) encryption metadata associated with the encryption of the compressed data and the encryption of the first metadata, and (ii) integrity metadata indicative of the cryptographic hash of the encrypted data. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification