SOFTWARE CRYPTOPROCESSOR
First Claim
Patent Images
1. A system for securing information in a computer comprising:
- a central processing unit (CPU) that includes at least one core that receives and executes instructions and processes data;
a cache within the CPU;
system memory that has a system memory address space;
a software stack that runs on the CPU and is embodied at least partially as instructions and data stored in the system memory; and
an agent running within the cache and comprising an encryption/decryption module that encrypts information, which may comprise code and/or data, before it is written to the system memory by the CPU and decrypts the information read from system memory for, and before, processing by the CPU core as the instructions and data.
3 Assignments
0 Petitions
Accused Products
Abstract
Security of information—both code and data—stored in a computer'"'"'s system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.
87 Citations
30 Claims
-
1. A system for securing information in a computer comprising:
-
a central processing unit (CPU) that includes at least one core that receives and executes instructions and processes data; a cache within the CPU; system memory that has a system memory address space; a software stack that runs on the CPU and is embodied at least partially as instructions and data stored in the system memory; and an agent running within the cache and comprising an encryption/decryption module that encrypts information, which may comprise code and/or data, before it is written to the system memory by the CPU and decrypts the information read from system memory for, and before, processing by the CPU core as the instructions and data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for securing information in a computer that has
a central processing unit (CPU) that includes at least one core that receives and executes instructions and processes data; -
a cache within the CPU; system memory that has a system memory address space; and a software stack that runs on the CPU and is embodied at least partially as instructions and data stored in the system memory; the method comprising; loading an agent into the cache; using the agent, encrypting information, which may comprise code and/or data, before it is written to the system memory by the CPU and decrypting the information read from the system memory for, and before, processing by the CPU core as the instructions and data. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. In a computer that has a central processing unit (CPU) that includes at least one core that receives and executes instructions and processes data;
- a cache within the CPU;
system memory that has a system memory address space; and
a software stack that runs on the CPU and is embodied at least partially as instructions and data stored in the system memory;a method for preventing cache conflicts by system memory pages comprising; determining a non-cache-conflicting-set of the memory pages; and marking only the system memory associated with the non-cache-conflicting as cacheable, thereby preventing cache conflicts by system memory. - View Dependent Claims (26, 27, 28, 29, 30)
- a cache within the CPU;
Specification