FLASH RECOVERY MODE

US 20180341584A1
Filed: 05/26/2017
Published: 11/29/2018
Est. Priority Date: 05/26/2017
Status: Active Grant

First Claim

Patent Images

1. A device for data security, comprising:

a memory including a plurality of memory banks including a first memory bank and a second memory bank, wherein at least a portion of data is interleaved amongst at least two of the plurality of memory banks; and

a security complex that is configured to prevent access to at least one of the plurality of memory banks while a debug mode or recovery mode is occurring, and to prevent access to the at least one of the plurality of memory banks starting with initial boot until a verification by the security complex is successful, wherein the verification by the security complex includes the security complex verifying a signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed technology is generally directed to data security. In one example of the technology, data is stored in a memory. The memory includes a plurality of memory banks including a first memory bank and a second memory bank. At least a portion of the data is interleaved amongst at least two of the plurality of memory banks. Access is caused to be prevented to at least one of the plurality of memory banks while a debug mode or recovery mode is occurring. Also, access is caused to be prevented to the at least one of the plurality of memory banks starting with initial boot until a verification by a security complex is successful. The verification by the security complex includes the security complex verifying a signature.

8 Citations

20 Claims

1. A device for data security, comprising:
- a memory including a plurality of memory banks including a first memory bank and a second memory bank, wherein at least a portion of data is interleaved amongst at least two of the plurality of memory banks; and
  
  a security complex that is configured to prevent access to at least one of the plurality of memory banks while a debug mode or recovery mode is occurring, and to prevent access to the at least one of the plurality of memory banks starting with initial boot until a verification by the security complex is successful, wherein the verification by the security complex includes the security complex verifying a signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein preventing access to the at least one of the plurality of memory banks while a debug mode or recovery mode is occurring is accomplished via hardware prevention.
  - 3. The apparatus of claim 1, wherein each memory bank of the plurality of memory banks is a flash memory bank.
  - 4. The apparatus of claim 1, wherein the portion of data is a secure portion of the memory that is interleaved by two between the first memory bank and the second memory bank, and wherein access being preventing to at least one of the memory banks includes preventing access to the second memory bank.
  - 5. The apparatus of claim 1, wherein the security complex includes a hardware root of trust for the device.
  - 6. The apparatus of claim 1, wherein the signature is a digital signature of a first bootloader.
  - 7. The apparatus of claim 6, wherein the security complex includes a read-only memory, and wherein the first bootloader is read from the read-only memory.
  - 8. The apparatus of claim 6, wherein the security complex verifies the digital signature with a public key that is stored in the security complex.

9. A method for data security, comprising:
- storing data in a memory, the memory including a plurality of memory banks including a first memory bank and a second memory bank, wherein at least a portion of the data is interleaved between at least two of the plurality of memory banks; and
  
  causing access to be prevented at least one of the plurality of memory banks while operating in a mode that does not include signature validation is occurring, and causing access to be prevented access to the at least one of the plurality of memory banks starting with an initial boot until a verification by a security complex is successful, wherein the verification by the security complex includes the security complex verifying a signature.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein a debug mode and a recovery mode are each a mode that does not include signature validation.
  - 11. The method of claim 9, wherein causing access to be prevented to the at least one of the plurality of memory banks while a debug mode or recovery mode is occurring is accomplished via hardware prevention.
  - 12. The method of claim 9, wherein each memory banks of the plurality of memory banks is a flash memory bank.
  - 13. The method of claim 9, wherein the signature is a digital signature of a first bootloader.
  - 14. The method of claim 13, wherein the security complex includes a read-only memory, and wherein the first bootloader is read from the read-only memory.
  - 15. The method of claim 13, wherein the security complex verifies the digital signature with a public key that is stored in the security complex.

16. An apparatus for data security, comprising:
- a device, including;
  
  a flash memory including a plurality of flash memory banks including a first flash memory bank and a second flash memory bank, wherein at least a portion of data is interleaved amongst at least two of the plurality of flash memory banks; and
  
  a security complex that is configured to prevent access to at least one of the plurality of flash memory banks while a debug mode or recovery mode is occurring, and to prevent access to the at least one of the plurality of flash memory banks starting with initial boot until a verification by the security complex is successful, wherein the verification by the security complex includes the security complex verifying a signature.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, wherein preventing access to the at least one of the plurality of flash memory banks while a debug mode or recovery mode is occurring is accomplished via hardware prevention.
  - 18. The apparatus of claim 16, wherein the signature is a digital signature of a first bootloader.
  - 19. The apparatus of claim 18, wherein the security complex includes a read-only memory, and wherein the first bootloader is read from the read-only memory.
  - 20. The apparatus of claim 18, wherein the security complex verifies the digital signature with a public key that is stored in the security complex.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
LETEY, George Thomas, STILES, Douglas L., NIGHTINGALE, Edmund B.

Granted Patent

US 10,353,815 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/06   Addressing a physical block...

G06F 12/0607   Interleaved addressing

G06F 12/0661   and decentralised selection

G06F 12/0669   with decentralised address ...

G06F 12/1433   for a module or a part of a...

G06F 21/575   Secure boot

G06F 21/74   operating in dual or compar...

G06F 21/79   in semiconductor storage me...

G06F 2212/1052   Security improvement

G06F 9/3012   Organisation of register sp...

G06F 9/4411   Configuring for operating w...

G11C 11/4087   Address decoders, e.g. bit ...

G11C 8/12   Group selection circuits, e...

H04L 67/125   involving control of end-de...

H04L 9/3247   involving digital signatures

FLASH RECOVERY MODE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FLASH RECOVERY MODE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links