E-fuses for storing security version data
First Claim
Patent Images
1. A method of handling secure data in a secure system, wherein the secure data is passed between a processor and memory external to the processor, comprising:
- maintaining a security version parameter in persistent storage on the processor, wherein blocks of secure data are encrypted as a function of the security version parameter; and
dynamically changing the security version parameter by modifying the contents of the persistent storage.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and devices that may be utilized in systems to dynamically update a security version parameter used to encrypt secure data are provided. The version may be maintained in persistent storage located on a device implementing the encryption, such as a system on a chip (SOC). The persistent storage does not require battery backing and, thus, the cost and complexity associated with conventional systems utilizing battery backed storage may be reduced.
-
Citations
25 Claims
-
1. A method of handling secure data in a secure system, wherein the secure data is passed between a processor and memory external to the processor, comprising:
-
maintaining a security version parameter in persistent storage on the processor, wherein blocks of secure data are encrypted as a function of the security version parameter; and
dynamically changing the security version parameter by modifying the contents of the persistent storage. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of handling secure data in a secure system, wherein the secure data is passed between a processor and memory external to the processor, comprising:
-
maintaining a security version parameter and master key data in persistent storage on the processor;
encrypting a block of secure data;
generating an integrity check value for the block of secure data, wherein at least one of the encrypting and the generating is performed as a function of the security version parameter;
storing the encrypted block of secure data in the external memory; and
dynamically changing the security version parameter by modifying the contents of the persistent storage. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A device for encrypting blocks of data to be stored in memory external to the device, comprising:
-
first persistent storage elements for storing a security version parameter;
second persistent storage elements for storing master key data;
an encryption engine configured to encrypt secure blocks of data to be stored in the external memory, wherein at least one of;
the encrypted secure blocks or an integrity check value generated therefore are affected by the security version parameter; and
a mechanism for modifying the first persistent storage elements to update the security version parameter without modifying previously modified first persistent storage elements. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of handling secure data in a secure system, wherein the secure data is passed between a processor and memory external to the processor, comprising:
-
maintaining a security version parameter and master key data in persistent storage on the processor;
storing first and second copies of an encrypted data structure in external memory, wherein at least one of;
the encrypted data structure or an integrity check value calculated therefor are affected by the security version parameter;
dynamically updating the security version parameter without modifying the contents of the persistent storage;
overwriting the first copy of the encrypted data structure with a new encrypted data structure, wherein at least one of;
the encrypted data structure or an integrity check value calculated therefor are affected by the updated security version parameter;
reading back the first copy of the new encrypted data structure;
determining if the first copy of the new encrypted data structure read back is valid; and
modifying the persistent storage to reflect the updated security version parameter only if the first copy of the new encrypted data structure is valid. - View Dependent Claims (22, 23, 24, 25)
-
Specification