Encryption for transactions in a memory fabric

US 10,715,332 B2
Filed: 10/30/2014
Issued: 07/14/2020
Est. Priority Date: 10/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method to facilitate memory address encryption for transactions between electronic circuits in a memory fabric, comprising:

obtaining, at an electronic circuit in the memory fabric, a transaction integrity key and a transaction encryption key;

encrypting a counter value from a transaction using the transaction encryption key;

truncating the encrypted counter value;

computing an exclusive-or operation on the truncated encrypted counter value and an address value from the transaction to determine an address ciphertext; and

computing a truncated message authentication code (MAC) using the transaction integrity key on a concatenation of the address ciphertext and a payload of the transaction.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, memory address encryption is facilitated for transactions between electronic circuits in a memory fabric. An electronic circuit may obtain a transaction integrity key and a transaction encryption key. The electronic circuit may encrypt an address using the transaction encryption key and a compute a truncated message authentication code (MAC) using the transaction integrity key.

79 Citations

View as Search Results

17 Claims

1. A method to facilitate memory address encryption for transactions between electronic circuits in a memory fabric, comprising:
- obtaining, at an electronic circuit in the memory fabric, a transaction integrity key and a transaction encryption key;
  
  encrypting a counter value from a transaction using the transaction encryption key;
  
  truncating the encrypted counter value;
  
  computing an exclusive-or operation on the truncated encrypted counter value and an address value from the transaction to determine an address ciphertext; and
  
  computing a truncated message authentication code (MAC) using the transaction integrity key on a concatenation of the address ciphertext and a payload of the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 16, 17)
- - 2. The method of claim 1, comprising:
    - replacing an address field of the transaction with the address ciphertext; and
      
      placing the truncated MAC in a next header field of the transaction.
  - 3. The method of claim 1, wherein the counter value is 128-bit and the truncated encrypted counter value is a first 64-bits of the encrypted counter value.
  - 4. The method of claim 1, wherein the address value is 64-bits and the truncated MAC is 64-bits.
  - 5. The method of claim 1, wherein the truncated MAC is keyed-hash message authentication code (HMAC).
  - 6. The method of claim 1, comprising:
    - receiving a transaction from another electronic circuit in the memory fabric;
      
      verifying a MAC of the received transaction using the transaction integrity key;
      
      encrypting a counter value of the received transaction using the transaction encryption key; and
      
      computing an exclusive-or operation on the encrypted counter value and an address ciphertext to determine the address value for the received transaction.
  - 7. The method of claim 1, wherein obtaining the transaction integrity key and the transaction encryption key comprises receiving the transaction integrity key and the transaction encryption key from a key distribution server in the memory fabric.
  - 16. The method of claim 1, wherein communication in the memory fabric is implemented according to a memory fabric protocol that operates on a physical layer of a protocol stack.
  - 17. The method of claim 1, wherein the electronic circuits in the memory fabric are provided inside a device and are connected via links which are internal to a chip or chip-to-chip interconnections in the device.

8. A method to facilitate memory address encryption for transactions between electronic circuits in a memory fabric, comprising:
- obtaining, at an electronic circuit in the memory fabric, a transaction integrity key and a transaction encryption key;
  
  computing a truncated message authentication code (MAC) using the transaction integrity key, wherein a hash function is applied to a concatenation of an address value and a payload of a transaction;
  
  encrypting a concatenation of the address value and the truncated MAC using the transaction encryption key to determine a ciphertext;
  
  splitting the ciphertext into an encrypted address and an encrypted MAC; and
  
  placing the encrypted address in an address field of the transaction and the encrypted MAC in a next header field of the transaction.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein to compute a truncated MAC, wherein computing the truncated MAC comprises computing a 64-bit key-hashed message authentication code (HMAC).
  - 10. The method of claim 8, wherein splitting the ciphertext comprises splitting the ciphertext into a 64-bit encrypted address and a 64-bit encrypted MAC.
  - 11. The method of claim 8, comprising:
    - receiving a transaction from another electronic circuit in the memory fabric;
      
      decrypting a concatenation of the encrypted address and the encrypted MAC using the transaction encryption key; and
      
      verify the integrity of the decrypted MAC using the transaction integrity key.

12. An electronic circuit connectable to a memory fabric, the electronic circuit comprising:
- a hardware controller; and
  
  a local memory storing machine readable instructions, executable by the hardware controller, that cause the hardware controller to;
  
  obtain a transaction integrity key and a transaction encryption key;
  
  encrypt an arbitrary number using the transaction encryption key, wherein the encrypted arbitrary number is truncated in length, and calculate an exclusive-or operation on the encrypted arbitrary number and an address value from the transaction to determine an address ciphertext; and
  
  calculate a truncated keyed-hash message authentication code (HMAC) using the transaction integrity key on a concatenation of the address ciphertext and a payload of the transaction.
- View Dependent Claims (13, 14, 15)
- - 13. The electronic circuit of claim 12, comprising machine readable instructions that are executable by the hardware controller to:
    - replace an address field of the transaction with the address ciphertext; and
      
      place the truncated HMAC in a next header field of the transaction.
  - 14. The electronic circuit of claim 12, comprising machine readable instructions that are executable by the hardware controller to:
    - receive a transaction from another electronic circuit in the memory fabric;
      
      verify a HMAC of the received transaction using the transaction integrity key;
      
      encrypt an arbitrary number of the received transaction using the transaction encryption key; and
      
      compute an exclusive-or operation on the encrypted arbitrary number and an address ciphertext to determine the address value for the received transaction.
  - 15. The electronic circuit of claim 12, wherein to obtain the transaction integrity key and the transaction encryption key, the machine readable instructions are executable by the hardware controller to obtain the transaction integrity key and the transaction encryption key from a key distribution server in the memory fabric.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Jacquin, Ludovic Emmanuel Paul Noel, Chen, Liqun, Dalton, Chris I.
Primary Examiner(s)
Tabor, Amare F

Application Number

US15/515,707
Publication Number

US 20170302454A1
Time in Patent Office

2,084 Days
Field of Search

713193
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

G06F 21/79   in semiconductor storage me...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/083   involving central third par...

H04L 9/14   using a plurality of keys o...

H04L 9/3242   involving keyed hash functi...

Encryption for transactions in a memory fabric

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption for transactions in a memory fabric

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links