Automatic Bus Encryption And Decryption
First Claim
1. A method for protecting data and instructions of computer program code, the method comprising:
- receiving a memory access request from a processor, the memory access request comprising a physical address of a memory location;
generating an output value with a pseudo random number generator based on the physical address;
non-deterministically selecting an encryption key from a plurality of encryption keys using the output value;
if the memory access request is a read operation, decrypting the contents of the memory location using the selected key and providing the decrypted contents to the processor; and
if the memory access request is a write operation, encrypting a value from the memory access request using the selected key and writing the encrypted value to the memory location.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and logic are disclosed for automatic hardware bus encryption/decryption. The logic receives a memory access request comprising a physical address of a memory location from a processor. The logic translates the physical address, and uses the translated physical address and a seed value in a pseudo random number generator to produce an output value. The logic then uses the output value to non-deterministically select an encryption key from a plurality of encryption keys. If the memory access request is a read operation, the logic uses the selected key to decrypt the contents of the memory location; and provides the decrypted contents to the processor. If the memory access request is a write operation, the logic uses the selected key to encrypt a value comprised in the memory access request; and writes the encrypted value in the memory location.
-
Citations
20 Claims
-
1. A method for protecting data and instructions of computer program code, the method comprising:
-
receiving a memory access request from a processor, the memory access request comprising a physical address of a memory location; generating an output value with a pseudo random number generator based on the physical address; non-deterministically selecting an encryption key from a plurality of encryption keys using the output value; if the memory access request is a read operation, decrypting the contents of the memory location using the selected key and providing the decrypted contents to the processor; and if the memory access request is a write operation, encrypting a value from the memory access request using the selected key and writing the encrypted value to the memory location. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor coupled to a plurality of busses; an external memory coupled to the plurality of busses, wherein the external memory is accessible by the processor; a hardware encryption (HBE) logic coupled to the plurality of busses, wherein the HBE logic receives a memory access request from the processor on one of the plurality of busses, the memory access request comprising a physical address of a memory location; wherein the HBE logic is operable to generate a random output value based on the physical address; and
non-deterministically select an encryption key from a plurality of encryption keys using the output value;if the memory access request is a read operation, the HBE logic decrypts the contents of the memory location using the selected key and provides the decrypted contents to the processor; and if the memory access request is a write operation, the HBE logic encrypts a value from the memory access request using the selected key and writes the encrypted value in the memory location. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A hardware bus encryption (HBE) apparatus, comprising:
-
a means for receiving a memory access request, wherein the memory access request comprises a physical address of a memory location; a configuration register coupled to the means for receiving a memory access request, wherein the configuration register stores a plurality of encryption keys and at least one address range having an address vector; a translation logic coupled to the means for receiving a memory access request and the configuration register, wherein the translation logic combines the physical address of the memory location with the address vector to result in a translated address; a key generation logic coupled to the translation logic and the configuration register, wherein the key generation logic generates a key selection output based on the translated address, and selects an encryption key from the plurality of encryption keys; a encryption/decryption logic coupled to the key generation logic, wherein the encryption/decryption logic receives the selected encryption key from the key generation logic, and encrypts or decrypts the contents stored at the physical address using the encryption key. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification