TAMPER RESISTANT MEMORY PROTECTION

US 20090222675A1
Filed: 02/29/2008
Published: 09/03/2009
Est. Priority Date: 02/29/2008
Status: Active Grant

First Claim

Patent Images

1. A system for protecting the security of memory in a computing environment, comprising:

a plurality of memory units;

at least one memory unit of said plurality of memory units configured to house header data, code, sensitive data, and other data;

an encryption layer configured to encrypt at least said header data, said code, and said sensitive data and configured to leave said other data unencrypted, wherein said encryption layer prevents the reading of said header data, said code, and said sensitive data;

a hashing layer configured to hash at least said header data, said code, and said sensitive data, wherein said hashing layer prevents any changes to said header data, said code, and said sensitive data;

a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive said at least one memory unit, and manage dynamic encryption and hashing of said header data, said code, and said sensitive data; and

a module configured to store said encrypted and hashed header data, code, sensitive data, and said other data in dynamic memory of said computing environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks.

42 Citations

View as Search Results

20 Claims

1. A system for protecting the security of memory in a computing environment, comprising:
- a plurality of memory units;
  
  at least one memory unit of said plurality of memory units configured to house header data, code, sensitive data, and other data;
  
  an encryption layer configured to encrypt at least said header data, said code, and said sensitive data and configured to leave said other data unencrypted, wherein said encryption layer prevents the reading of said header data, said code, and said sensitive data;
  
  a hashing layer configured to hash at least said header data, said code, and said sensitive data, wherein said hashing layer prevents any changes to said header data, said code, and said sensitive data;
  
  a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive said at least one memory unit, and manage dynamic encryption and hashing of said header data, said code, and said sensitive data; and
  
  a module configured to store said encrypted and hashed header data, code, sensitive data, and said other data in dynamic memory of said computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17)
- - 2. The system according to claim 1, wherein said security layer further comprises a decryption layer configured to dynamically decrypt said header data, code, and said sensitive data.
  - 3. The system according to claim 1, wherein said memory unit is a page of memory.
  - 4. The system according to claim 1, wherein said memory unit is a selected amount of bits.
  - 5. The system according to claim 1, wherein said header data is data about at least one of said code and said sensitive data.
  - 6. The system according to claim 1, wherein said header data, said code, said sensitive data, and said other data is stored on persistent storage attached to a computing device.
  - 7. The system according to claim 1, wherein said header data, said code, said sensitive data, and said other data is stored on random access memory inside a computing device.
  - 8. The system according to claim 1, wherein said encryption layer encrypts said at least one memory unit after said hashing layer hashes said memory unit.
  - 9. The system according to claim 1, wherein said computing environment is a closed system gaming console.
  - 10. The system according to claim 1, wherein said computing environment is one of (a) a mobile device and (b) a stationary device.
  - 11. The system according to claim 1, wherein at least one of (a) said encryption layer and (b) said hashing layer is distributed over a network.
  - 12. The system according to claim 1, wherein an attempt to read or write in said encrypted or hashed header data, code, and sensitive data results in at least one of (a) said computing environment system failure and (b) undiscernable data relative to said header data, code, or sensitive data.
  - 13. The system according to claim 1, wherein said plurality of memory units are distributed over different memory storage devices.
  - 15. The method according to claim 13, further comprising decrypting dynamically said header data, said code, and said sensitive data from said dynamic memory and storing a result of said decrypting in a local memory of said computing device.
  - 16. The method according to claim 15, further comprising checking said hashed header data, said code data, and said sensitive data for any changes to said code or data when receiving said code or data from a persistent storage or said dynamic memory.
  - 17. The method according to claim 13, further comprising storing said encrypted and hashed header data, said code data, and said sensitive data in a persistent storage.

14. A method for preventing tampering with memory in computing environments, comprising:
- receiving a memory unit, comprising header data, code, and sensitive data;
  
  encrypting said header data, said code, and said sensitive data;
  
  hashing said header data, said code data, and said sensitive data;
  
  wherein, said memory unit is dynamically encrypted and hashed on a per-memory unit basis; and
  
  storing said encrypted and hashed header data, said code data, and said sensitive data in a dynamic memory of a computing device.

18. A computer readable medium storing thereon computer executable instructions for increasing memory security and integrity in computing environments, comprising:
- at least one instruction configured to access a runtime memory;
  
  at least one instruction configured to identify in said memory header data, code, and sensitive data;
  
  at least one instruction configured to dynamically check a hash of said memory header data, code, and sensitive data;
  
  at least one instruction configured to dynamically decrypt said memory header data, code, and sensitive data;
  
  at least one instruction configured to process at least one of said checked and decrypted code and sensitive data;
  
  at least one instruction configured to dynamically encrypt any information back to said runtime memory;
  
  at least one instruction configured to dynamically hash any information back to said runtime memory; and
  
  at least one instruction configured to store encrypted and hashed information on said runtime memory.
- View Dependent Claims (19, 20)
- - 19. The computer readable medium according to claim 18, further comprising at least one instruction configured to store said any encrypted information or said any hashed information in persistent storage.
  - 20. The computer readable medium according to claim 18, further comprising at least one instruction configured to page in said any encrypted information or said any hashed information from persistent storage to a local processor chip memory of a computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Tan, Victor, Morais, Dinarte R., Lange, Sebastian, Poulos, Adam G.

Granted Patent

US 8,726,042 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

TAMPER RESISTANT MEMORY PROTECTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TAMPER RESISTANT MEMORY PROTECTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links