Automatic Bus Encryption And Decryption

US 20080155273A1
Filed: 01/04/2007
Published: 06/26/2008
Est. Priority Date: 12/21/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for protecting data and instructions of computer program code, the method comprising:

receiving a memory access request from a processor, the memory access request comprising a physical address of a memory location;

generating an output value with a pseudo random number generator based on the physical address;

non-deterministically selecting an encryption key from a plurality of encryption keys using the output value;

if the memory access request is a read operation, decrypting the contents of the memory location using the selected key and providing the decrypted contents to the processor; and

if the memory access request is a write operation, encrypting a value from the memory access request using the selected key and writing the encrypted value to the memory location.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and logic are disclosed for automatic hardware bus encryption/decryption. The logic receives a memory access request comprising a physical address of a memory location from a processor. The logic translates the physical address, and uses the translated physical address and a seed value in a pseudo random number generator to produce an output value. The logic then uses the output value to non-deterministically select an encryption key from a plurality of encryption keys. If the memory access request is a read operation, the logic uses the selected key to decrypt the contents of the memory location; and provides the decrypted contents to the processor. If the memory access request is a write operation, the logic uses the selected key to encrypt a value comprised in the memory access request; and writes the encrypted value in the memory location.

Citations

20 Claims

1. A method for protecting data and instructions of computer program code, the method comprising:
- receiving a memory access request from a processor, the memory access request comprising a physical address of a memory location;
  
  generating an output value with a pseudo random number generator based on the physical address;
  
  non-deterministically selecting an encryption key from a plurality of encryption keys using the output value;
  
  if the memory access request is a read operation, decrypting the contents of the memory location using the selected key and providing the decrypted contents to the processor; and
  
  if the memory access request is a write operation, encrypting a value from the memory access request using the selected key and writing the encrypted value to the memory location.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein generating an output value with a pseudo random number generator based on the physical address comprises shifting the physical address by a seed vector value, and providing the shifted result and a seed value to the pseudo random number generator to produce the output value.
  - 3. The method of claim 1, further comprising configuring a hardware bus encryption logic by loading the plurality of encryption keys and an address range configuration associated with a range of physical addresses of an external memory.
  - 4. The method of claim 3, further comprising determining if the physical address of the memory location falls in the address range configuration associated with physical address of the external memory.
  - 5. The method of claim 3, wherein receiving the memory access request is performed by the hardware bus encryption logic between the processor and the external memory.
  - 6. The method of claim 2, wherein generating an output value with a pseudo random number generator based on the physical address further comprises translating the physical address by combining the physical address with the particular vector value indicating an address range in which the physical address falls, thereby recreating the address in memory where the content was stored when originally encrypted.
  - 7. The method of claim 1, wherein the selected encryption key is the same key used to originally encrypt the content of the memory location.

8. A system comprising:
- a processor coupled to a plurality of busses;
  
  an external memory coupled to the plurality of busses, wherein the external memory is accessible by the processor;
  
  a hardware encryption (HBE) logic coupled to the plurality of busses, wherein the HBE logic receives a memory access request from the processor on one of the plurality of busses, the memory access request comprising a physical address of a memory location;
  
  wherein the HBE logic is operable to generate a random output value based on the physical address; and
  
  non-deterministically select an encryption key from a plurality of encryption keys using the output value;
  
  if the memory access request is a read operation, the HBE logic decrypts the contents of the memory location using the selected key and provides the decrypted contents to the processor; and
  
  if the memory access request is a write operation, the HBE logic encrypts a value from the memory access request using the selected key and writes the encrypted value in the memory location.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, further comprising an interface to a programming interface operable to configure the HBE logic by loading the plurality of encryption keys and an address range configuration associated with a range of physical addresses of an external memory.
  - 10. The system of claim 8, wherein the HBE logic further determines if the physical address of the memory location falls in the address range configuration associated with physical address of the external memory.
  - 11. The system of claim 8, wherein the HBE logic further translates the physical address by shifting the physical address by a vector value associated with the address range in which the physical address falls, thereby recreating the physical address in the memory location wherein the content was stored when originally encrypted.
  - 12. The system of claim 8, wherein the HBE logic generates an output value with a pseudo random number generator based on the translated physical address and a seed value;
    - and non-deterministically select an encryption key from a plurality of encryption keys using the output value;
  - 13. The system of claim 8, wherein the system is a mobile device.

14. A hardware bus encryption (HBE) apparatus, comprising:
- a means for receiving a memory access request, wherein the memory access request comprises a physical address of a memory location;
  
  a configuration register coupled to the means for receiving a memory access request, wherein the configuration register stores a plurality of encryption keys and at least one address range having an address vector;
  
  a translation logic coupled to the means for receiving a memory access request and the configuration register, wherein the translation logic combines the physical address of the memory location with the address vector to result in a translated address;
  
  a key generation logic coupled to the translation logic and the configuration register, wherein the key generation logic generates a key selection output based on the translated address, and selects an encryption key from the plurality of encryption keys;
  
  a encryption/decryption logic coupled to the key generation logic, wherein the encryption/decryption logic receives the selected encryption key from the key generation logic, and encrypts or decrypts the contents stored at the physical address using the encryption key.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The HBE apparatus of claim 14, wherein the means for receiving the memory access request comprises a channel address comparison logic that monitors an incoming channel for the memory access request and determines whether the memory access request is a read operation or a write operation.
  - 16. The HBE apparatus of claim 14, wherein the configuration register further stores a seed value and the key generation logic generates a key selection output based on the translated address and the seed value.
  - 17. The HBE apparatus of claim 16, wherein the key generation logic comprises:
    - a probability calculator coupled to the translation logic, wherein the probability calculator comprises a linear feedback register to shift the translated address by the seed value to generate a key selection number;
      
      a key selection logic coupled to the probability calculator, wherein the key selection logic selects one the plurality of encryption keys from the configuration register using the key selection number and forwards the selected encryption key to an encryption/decryption multiplexor (MUX); and
      
      the encryption/decryption MUX coupled to the encryption/decryption logic and the channel address comparison logic, wherein the encryption/decryption MUX indicates to the encryption/decryption logic
      
      1) whether to perform an encryption in the case of a write operation or a decryption in the case of a read operation and
      
      2) the encryption key to use in either encryption or decryption.
  - 18. The HBE apparatus of claim 17, wherein the probability calculator further comprises a Markov generator to create a unique dispersion of usage probability of each encryption key among the plurality of encryption keys.
  - 19. The HBE apparatus of claim 14, wherein the memory access request comprises a read operation or a write operation to a location in external memory.
  - 20. The HBE apparatus of claim 14, further comprising a resynchronization logic that combines the translated address with the encrypted contents, thereby ensuring that the contents are stored at the translated address in external memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Texas Instruments, Inc.
Original Assignee
Texas Instruments, Inc.
Inventors
Conti, Gregory R.

Application Number

US11/619,738
Publication Number

US 20080155273A1
Time in Patent Office

Days
Field of Search
US Class Current

713/190
CPC Class Codes

G06F 12/0897   with two or more cache hier...

G06F 12/1408   by using cryptography for d...

G06F 12/1425   the protection being physic...

Automatic Bus Encryption And Decryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic Bus Encryption And Decryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links