METHOD AND DEVICES FOR SELECTIVE RAM SCRAMBLING

US 20140047549A1
Filed: 08/10/2012
Published: 02/13/2014
Est. Priority Date: 08/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method for selective memory scrambling within a computing device to efficiently protect data from pattern matching attacks, comprising:

determining whether data to be stored in a memory includes protected content;

applying a scrambling routine to the data as part of storing the data in the memory when the data includes protected content; and

storing the data in the memory without applying the scrambling routine to the data when the data does not include protected content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for selectively scrambling data within a memory associated with a computing device based on data tagging. The computing device may define security domains that are protected. Data generated by an application may be packaged as a data bus transaction having tagging information describing the application and/or the data. The data bus transaction may be transmitted over a bus of the computing device to a memory, such as internal memory, where the computing device may compare the tagging information to stored information describing security domains. When the data is determined to be protected based on the tagging information, the computing device may perform scrambling operations on the data. In an aspect, the tagging information may describe a virtual machine used to execute various applications on a processor. In another aspect, the tagging information may define destination memory addresses or content protection bit values.

Citations

54 Claims

1. A method for selective memory scrambling within a computing device to efficiently protect data from pattern matching attacks, comprising:
- determining whether data to be stored in a memory includes protected content;
  
  applying a scrambling routine to the data as part of storing the data in the memory when the data includes protected content; and
  
  storing the data in the memory without applying the scrambling routine to the data when the data does not include protected content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein protected content is selected from the group of data under digital rights management (DRM), personal information, security information, banking information, passwords, authentication information, protected content application information, and medical data.
  - 3. The method of claim 1, wherein the memory is selected from the group of cache memory, volatile memory, non-volatile memory, and off-chip storage.
  - 4. The method of claim 1, wherein determining whether the data to be stored in a memory includes protected content comprises:
    - adding tagging information to data transmitted over a bus of the computing device identifying a source or content of the data; and
      
      determining the source or content of the transaction based on the tagging information,wherein applying a scrambling routine to the data as part of storing the data in the memory when the data includes protected content comprises scrambling and storing the data in the memory based on the determined source or content.
  - 5. The method of claim 4, wherein:
    - tagging data transmitted over a bus of the computing device with information identifying a source or content of the data comprises adding information to the data correlated to a security domain in which the data may be stored, anddetermining the source or content of the transaction based on the tagging information comprises comparing the tagging information to stored identifiers correlated to authorized security domains.
  - 6. The method of claim 4, wherein the tagging information added to the data is a virtual machine identification (VMID).
  - 7. The method of claim 4, wherein the tagging information added to the data is a bus master identification.
  - 8. The method of claim 4, wherein:
    - the tagging information added to the data is a destination memory address, andthe memory uses particular memory addresses for protected content data.
  - 9. The method of claim 4, wherein the tagging information added to the data is a content protection (CP) bit.
  - 10. The method of claim 1, wherein the method is executed on at least one of a first processor within the computing device, a coprocessor within the computing device, and a peer processor within the computing device.

11. A computing device, comprising:
- a memory configured with at least a secure domain in which data is scrambled and an unsecure domain; and
  
  a processor coupled to the memory, wherein the processor is configured with processor executable instructions to perform operations comprising;
  
  determining whether data to be stored in the memory includes protected content;
  
  applying a scrambling routine to the data as part of storing the data in the secure domain in the memory when the data includes protected content; and
  
  storing the data in the unsecure domain without applying the scrambling routine to the data when the data does not include protected content.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computing device of claim 11, wherein protected content is selected from the group of data under digital rights management (DRM), personal information, security information, banking information, passwords, authentication information, protected content application information, and medical data.
  - 13. The computing device of claim 11, wherein the memory is selected from the group of cache memory, volatile memory, non-volatile memory, and off-chip storage.
  - 14. The computing device of claim 11, wherein the processor is configured with processor executable instructions to perform operations such that determining whether the data to be stored in a memory includes protected content comprises:
    - adding tagging information to data transmitted over a bus of the computing device identifying a source or content of the data; and
      
      determining the source or content of the transaction based on the tagging information,wherein the processor is configured with processor executable instructions to perform operations such that applying a scrambling routine to the data as part of storing the data in the memory when the data includes protected content comprises scrambling and storing the data in the memory based on the determined source or content.
  - 15. The computing device of claim 14, wherein the processor is configured with processor executable instructions to perform operations such that:
    - tagging data transmitted over a bus of the computing device with information identifying a source or content of the data comprises adding information to the data correlated to a security domain in which the data may be stored, anddetermining the source or content of the transaction based on the tagging information comprises comparing the tagging information to stored identifiers correlated to authorized security domains.
  - 16. The computing device of claim 14, wherein the tagging information added to the data is a virtual machine identification (VMID).
  - 17. The computing device of claim 14, wherein the tagging information added to the data is a bus master identification.
  - 18. The computing device of claim 14, wherein:
    - the tagging information added to the data is a destination storage address, andthe memory uses particular storage addresses for protected content data.
  - 19. The computing device of claim 14, wherein the tagging information added to the data is a content protection (CP) bit.
  - 20. The computing device of claim 14, wherein the processor is one of a first of a plurality of processors within the computing device, a coprocessor within the computing device, and a peer processor within the computing device.

21. A computing device, comprising:
- a memory configured with at least a secure domain in which data is scrambled and an unsecure domain;
  
  means for determining whether data to be stored in the memory includes protected content;
  
  means for means for applying a scrambling routine to the data as part of storing the data in the memory when the data includes protected content; and
  
  means for storing the data in the storage without applying the scrambling routine to the data when the data does not include protected content.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computing device of claim 21, wherein protected content is selected from the group of data under digital rights management (DRM), personal information, security information, banking information, passwords, authentication information, protected content application information, and medical data.
  - 23. The computing device of claim 21, wherein the memory is selected from the group of cache memory, volatile memory, non-volatile memory, and off-chip storage.
  - 24. The computing device of claim 21, wherein means for determining whether the data to be stored in a memory includes protected content comprises:
    - means for adding tagging information to data transmitted over a bus of the computing device identifying a source or content of the data; and
      
      means for determining the source or content of the transaction based on the tagging information,wherein means for applying a scrambling routine to the data as part of storing the data in the memory when the data includes protected content comprises means for scrambling and storing the data in the memory based on the determined source or content.
  - 25. The computing device of claim 24, wherein:
    - means for tagging data transmitted over a bus of the computing device with information identifying a source or content of the data comprises means for adding information to the data correlated to a security domain in which the data may be stored, andmeans for determining the source or content of the transaction based on the tagging information comprises means for comparing the tagging information to stored identifiers correlated to authorized security domains.
  - 26. The computing device of claim 24, wherein the tagging information added to the data is a virtual machine identification (VMID).
  - 27. The computing device of claim 24, wherein the tagging information added to the data is a bus master identification.
  - 28. The computing device of claim 24, wherein:
    - the tagging information added to the data is a destination storage address, andthe memory uses particular storage addresses for protected content data.
  - 29. The computing device of claim 24, wherein the tagging information added to the data is a content protection (CP) bit.
  - 30. The computing device of claim 24, further comprising means for executing applications comprising at least one of a first one of a plurality of processors within the computing device, a coprocessor within the computing device, and a peer processor within the computing device.

31. A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor to perform operations comprising:
- determining whether data to be stored in a memory includes protected content;
  
  applying a scrambling routine to the data as part of storing the data in the secure domain in the memory when the data includes protected content; and
  
  storing the data in the unsecure domain without applying the scrambling routine to the data when the data does not include protected content.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The non-transitory processor-readable storage medium of claim 31, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that protected content is selected from the group of data under digital rights management (DRM), personal information, security information, banking information, passwords, authentication information, protected content application information, and medical data.
  - 33. The non-transitory processor-readable storage medium of claim 31, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the memory is selected from the group of cache memory, volatile memory, non-volatile memory, and off-chip storage.
  - 34. The non-transitory processor-readable storage medium of claim 31, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that determining whether the data to be stored in a memory includes protected content comprises:
    - adding tagging information to data transmitted over a bus of the computing device identifying a source or content of the data; and
      
      determining the source or content of the transaction based on the tagging information,wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that applying a scrambling routine to the data as part of storing the data in the memory when the data includes protected content comprises scrambling and storing the data in the memory based on the determined source or content.
  - 35. The non-transitory processor-readable storage medium of claim 34, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that:
    - tagging data transmitted over a bus of the computing device with information identifying a source or content of the data comprises adding information to the data correlated to a security domain in which the data may be stored, anddetermining the source or content of the transaction based on the tagging information comprises comparing the tagging information to stored identifiers correlated to authorized security domains.
  - 36. The non-transitory processor-readable storage medium of claim 34, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the tagging information added to the data is a virtual machine identification (VMID).
  - 37. The non-transitory processor-readable storage medium of claim 34, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the tagging information added to the data is a bus master identification.
  - 38. The non-transitory processor-readable storage medium of claim 34, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that:
    - the tagging information added to the data is a destination storage address, andthe memory uses particular storage addresses for protected content data.
  - 39. The non-transitory processor-readable storage medium of claim 34, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the tagging information added to the data is a content protection (CP) bit.
  - 40. The non-transitory processor-readable storage medium of claim 34, wherein the stored processor-executable instructions are configured to be executed by a processor selected from the group of one of a plurality of processors, a coprocessor, and a peer processor.

41. A computing device, comprising:
- a memory configured with at least a secure domain in which data is scrambled and an unsecure domain;
  
  a memory controller coupled to the memory; and
  
  a processor coupled to the memory and the memory controller, wherein the processor is configured with processor executable instructions to perform operations comprising;
  
  adding tagging information to data transmitted over a bus of the computing device; and
  
  programming the memory controller to perform operations comprising;
  
  determining whether data to be stored in the memory includes protected content based on the tagging information;
  
  applying a scrambling routine to the data as part of storing the data in the secure domain in the memory when the data includes protected content; and
  
  storing the data in the unsecure domain without applying the scrambling routine to the data when the data does not include protected content.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The computing device of claim 41, wherein protected content is selected from the group of data under digital rights management (DRM), personal information, security information, banking information, passwords, authentication information, protected content application information, and medical data.
  - 43. The computing device of claim 41, wherein the memory is selected from the group of cache memory, volatile memory, non-volatile memory, and off-chip storage.
  - 44. The computing device of claim 41, wherein the processor is configured with processor executable instructions to perform operations such that:
    - adding tagging information to data transmitted over a bus of the computing device comprises adding information to the data correlated to a security domain in which the data may be stored; and
      
      determining whether data to be stored in the memory includes protected content based on the tagging information comprises comparing the tagging information to stored identifiers correlated to authorized security domains.
  - 45. The computing device of claim 41, wherein the tagging information added to the data is one of:
    - a virtual machine identification (VMID);
      
      a bus master identification;
      
      a destination storage address;
      
      an identifier of a source or content of the data; and
      
      a content protection (CP) bit.

46. A computing device, comprising:
- a memory configured with at least a secure domain in which data is scrambled and an unsecure domain;
  
  a memory controller coupled to the memory;
  
  means for adding tagging information to data transmitted over a bus of the computing device; and
  
  means for programming the memory controller to perform operations comprising;
  
  determining whether data to be stored in the memory includes protected content based on the tagging information;
  
  applying a scrambling routine to the data as part of storing the data in the secure domain in the memory when the data includes protected content; and
  
  storing the data in the unsecure domain without applying the scrambling routine to the data when the data does not include protected content.
- View Dependent Claims (47, 48, 49, 50)
- - 47. The computing device of claim 46, wherein protected content is selected from the group of data under digital rights management (DRM), personal information, security information, banking information, passwords, authentication information, protected content application information, and medical data.
  - 48. The computing device of claim 46, wherein the memory is selected from the group of cache memory, volatile memory, non-volatile memory, and off-chip storage.
  - 49. The computing device of claim 46, wherein:
    - means for adding tagging information to data transmitted over a bus of the computing device comprises means for adding information to the data correlated to a security domain in which the data may be stored, anddetermining whether data to be stored in the memory includes protected content based on the tagging information comprises comparing the tagging information to stored identifiers correlated to authorized security domains.
  - 50. The computing device of claim 46, wherein the tagging information added to the data is one of:
    - a virtual machine identification (VMID);
      
      a bus master identification;
      
      a destination storage address;
      
      an identifier of a source or content of the data; and
      
      a content protection (CP) bit.

51. A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor to perform operations comprising:
- adding tagging information to data transmitted over a bus of the computing device; and
  
  programming a memory controller to perform operations comprising;
  
  determining whether data to be stored in a memory includes protected content based on the tagging information;
  
  applying a scrambling routine to the data as part of storing the data in the secure domain in the memory when the data includes protected content; and
  
  storing the data in the unsecure domain without applying the scrambling routine to the data when the data does not include protected content.
- View Dependent Claims (52, 53, 54)
- - 52. The non-transitory processor-readable storage medium of claim 51, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that protected content is selected from the group of data under digital rights management (DRM), personal information, security information, banking information, passwords, authentication information, protected content application information, and medical data.
  - 53. The non-transitory processor-readable storage medium of claim 51, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that:
    - adding tagging information to data transmitted over a bus of the computing device comprises adding information to the data correlated to a security domain in which the data may be stored, anddetermining whether data to be stored in the memory includes protected content based on the tagging information comprises comparing the tagging information to stored identifiers correlated to authorized security domains.
  - 54. The non-transitory processor-readable storage medium of claim 51, wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the tagging information added to the data is one of:
    - a virtual machine identification (VMID);
      
      a bus master identification;
      
      a destination storage address;
      
      an identifier of a source or content of the data; and
      
      a content protection (CP) bit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Stubbs, Joshua H., Bostley, Phil J. III, Mueller, Philip T. Jr.

Granted Patent

US 9,400,890 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/62   Protecting access to data v...

G06F 21/79   in semiconductor storage me...

METHOD AND DEVICES FOR SELECTIVE RAM SCRAMBLING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND DEVICES FOR SELECTIVE RAM SCRAMBLING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links