OBFUSCATING IN MEMORY ENCRYPTION KEYS

US 20150161414A1
Filed: 12/09/2013
Published: 06/11/2015
Est. Priority Date: 12/09/2013
Status: Active Grant

First Claim

Patent Images

1. A method for obfuscating keys, comprising:

identifying that a memory is subject to one of a core dump or an hibernation; and

overwriting a key in unencrypted form in the memory, responsive to the identifying, wherein at least one method operation is performed by a processor.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for obfuscating keys is provided. The method includes identifying that a memory is subject to one of a core dump or an hibernation and overwriting a key in unencrypted form in the memory, responsive to the identifying, wherein at least one method operation is performed by a processor. A system and a computer readable media are also provided.

19 Citations

View as Search Results

20 Claims

1. A method for obfuscating keys, comprising:
- identifying that a memory is subject to one of a core dump or an hibernation; and
  
  overwriting a key in unencrypted form in the memory, responsive to the identifying, wherein at least one method operation is performed by a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein overwriting the key in the memory includes writing a pattern to the memory, the pattern including one of a predetermined pattern, or a random pattern.
  - 3. The method of claim 1, further comprising:
    - obtaining a replacement key in response to one of rebooting, or awaking from the hibernation.
  - 4. The method of claim 1, further comprising:
    - obtaining a replacement key in response to determining that the key is overwritten in the memory.
  - 5. The method of claim 1, wherein overwriting the key in the memory includes writing data to the memory that indicates the key is no longer in the memory.
  - 6. The method of claim 1, further comprising:
    - decrypting an encrypted key, to produce the key in unencrypted form.
  - 7. The method of claim 1, further comprising:
    - doubly decrypting a doubly encrypted key, to produce the key in unencrypted form.
  - 8. The method of claim 1, wherein the identifying includes one from a set consisting of:
    - calling a subroutine in response to initiation of the core dump;
      
      calling a subroutine in response to initiation of the hibernation;
      
      initiating a thread in response to initiation of the core dump;
      
      initiating a thread in response to initiation of the hibernation;
      
      passing a parameter in response to initiation of the core dump; and
      
      passing a parameter in response to initiation of the hibernation.

9. An encryption processing system, comprising:
- a memory; and
  
  at least one agent, operable through a processor coupled to the memory, the at least one agent configured to;
  
  encrypt and decrypt files or portions thereof;
  
  hold an unencrypted key in the memory;
  
  overwrite the unencrypted key in the memory, responsive to at least one of;
  
  a core dump, or an hibernation; and
  
  overwrite the unencrypted key in the memory, responsive to a completion of a usage of the unencrypted key.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The encryption processing system of claim 9, wherein the unencrypted key in the memory is overwritten in response to at least one from a set consisting of:
    - a core dump that is about to occur, a core dump that is begun but not yet completed, an hibernation that is about to occur, and an hibernation that is begun but not yet completed.
  - 11. The encryption processing system of claim 9, wherein:
    - the memory includes random-access memory (RAM);
      
      the agent is configured to produce the unencrypted key as a result of a decryption of an encrypted key; and
      
      the agent is configured to write the unencrypted key into the RAM, to hold the unencrypted key in the memory.
  - 12. The encryption processing system of claim 9, wherein:
    - an image of the memory is stored during one of the core dump, or the hibernation; and
      
      the image of the memory includes data with which the unencrypted key was overwritten.
  - 13. The encryption processing system of claim 9, wherein the at least one agent is further configured to decrypt a multi-level encrypted key to produce the unencrypted key.
  - 14. The encryption processing system of claim 9, wherein the at least one agent is further configured to produce the unencrypted key from an encrypted key, in response to commencement of encryption processing, the unencrypted key held in the memory during at least a portion of the encryption processing.

15. A tangible, non-transient, computer-readable media having instructions thereupon which, when executed by a processor, cause the processor to perform a method comprising:
- decrypting an encrypted key to produce a decrypted key;
  
  applying the decrypted key to encryption processing;
  
  writing a pattern over the decrypted key, in response to one of a core dump or an hibernation; and
  
  deleting the decrypted key, in response to a completion of the encryption processing.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable media of claim 15, wherein deleting the decrypted key includes overwriting the decrypted key in a memory.
  - 17. The computer-readable media of claim 15, wherein the decrypted key includes an encryption key, and the encryption processing includes encryption using the encryption key.
  - 18. The computer-readable media of claim 15, wherein the decrypted key includes a decryption key, and the encryption processing includes decryption using the decryption key.
  - 19. The computer-readable media of claim 15, wherein the method further comprises:
    - holding the decrypted key in a register of the processor, wherein writing the pattern over the decrypted key includes loading the pattern into the register.
  - 20. The computer-readable media of claim 15, wherein the method further comprises:
    - transforming the decrypted key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thales DIS CPL USA, Inc. (Thales SA)
Original Assignee
Vormetric, Inc. (Thales SA)
Inventors
Pandian, Ramaraj, Nandode, Rohan, Gupta, Rajesh

Granted Patent

US 10,140,477 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/79   in semiconductor storage me...

G06F 2221/2143   Clearing memory, e.g. to pr...

G09C 1/00   Apparatus or methods whereb...

H04L 2209/04   Masking or blinding

H04L 2209/12   Details relating to cryptog...

H04L 9/0894   Escrow, recovery or storing...

OBFUSCATING IN MEMORY ENCRYPTION KEYS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

OBFUSCATING IN MEMORY ENCRYPTION KEYS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links