Tamper resistant memory protection

US 8,726,042 B2
Filed: 02/29/2008
Issued: 05/13/2014
Est. Priority Date: 02/29/2008
Status: Active Grant

First Claim

Patent Images

1. A system for protecting security of memory in a computing environment, the system comprising:

a hardware memory comprising a plurality of memory units;

at least one memory unit of said plurality of memory units configured to house a memory page comprising memory page header data, code, sensitive data, and other data;

an encryption layer configured to encrypt at least said memory page header data, said code, and said sensitive data of the memory page and configured to leave said other data of the memory page unencrypted, wherein said encryption layer prevents reading of said memory page header data, said code, and said sensitive data;

a hashing layer configured to hash at least said memory page header data into a memory page header hash, said code into a code hash, and said sensitive data into a sensitive data hash and to subsequently hash a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data, wherein said hashing layer prevents any changes to said memory page header data, said code, and said sensitive data;

a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive data housed in said at least one memory unit, and manage dynamic encryption and hashing of said memory page header data, said code, and said sensitive data; and

a module configured to store said encrypted and combined hashed memory page header data, code and sensitive data, and said other data in dynamic memory of said computing environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks.

Citations

18 Claims

1. A system for protecting security of memory in a computing environment, the system comprising:
- a hardware memory comprising a plurality of memory units;
  
  at least one memory unit of said plurality of memory units configured to house a memory page comprising memory page header data, code, sensitive data, and other data;
  
  an encryption layer configured to encrypt at least said memory page header data, said code, and said sensitive data of the memory page and configured to leave said other data of the memory page unencrypted, wherein said encryption layer prevents reading of said memory page header data, said code, and said sensitive data;
  
  a hashing layer configured to hash at least said memory page header data into a memory page header hash, said code into a code hash, and said sensitive data into a sensitive data hash and to subsequently hash a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data, wherein said hashing layer prevents any changes to said memory page header data, said code, and said sensitive data;
  
  a security layer that manages said encryption layer and said hashing layer, wherein said security layer is configured to receive data housed in said at least one memory unit, and manage dynamic encryption and hashing of said memory page header data, said code, and said sensitive data; and
  
  a module configured to store said encrypted and combined hashed memory page header data, code and sensitive data, and said other data in dynamic memory of said computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system according to claim 1, wherein said security layer further comprises a decryption layer configured to dynamically decrypt said memory page header data, code, and said sensitive data.
  - 3. The system according to claim 1, wherein said at least one memory unit is a selected amount of bits.
  - 4. The system according to claim 1, wherein said memory page header data is data about at least one of said code and said sensitive data.
  - 5. The system according to claim 1, wherein said memory page header data, said code, said sensitive data, and said other data are stored on persistent storage attached to a computing device.
  - 6. The system according to claim 1, wherein said memory page header data, said code, said sensitive data, and said other data are stored on random access memory inside a computing device.
  - 7. The system according to claim 1, wherein said encryption layer encrypts portions of said at least one memory unit after said hashing layer hashes the portions of said at least one memory unit.
  - 8. The system according to claim 1, wherein said computing environment is a closed system gaming console.
  - 9. The system according to claim 1, wherein said computing environment is one of (a) a mobile device and (b) a stationary device.
  - 10. The system according to claim 1, wherein at least one of (a) said encryption layer and (b) said hashing layer is distributed over a network.
  - 11. The system according to claim 1, wherein said plurality of memory units are distributed over different memory storage devices.

12. A method for preventing tampering with memory in a computing environment, the method comprising:
- receiving a memory page comprising memory page header data, code, sensitive data, and non-sensitive data;
  
  encrypting said memory page header data, said code, and said sensitive data of the memory page while leaving said non-sensitive data of the memory page unencrypted;
  
  hashing said memory page header data into a memory page header hash, hashing said code into a code hash, and hashing said sensitive data into a sensitive data hash, and subsequently hashing a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data; and
  
  storing said encrypted and combined hashed memory page header data, code, and sensitive data of the memory page and the unencrypted non-sensitive data of the memory page in a dynamic memory of a computing device.
- View Dependent Claims (13, 14, 15)
- - 13. The method according to claim 12, further comprising decrypting dynamically said memory page header data, said code, and said sensitive data from said dynamic memory and storing a result of said decrypting in a local memory of said computing device.
  - 14. The method according to claim 13, further comprising checking said encrypted and combined hashed memory page header data, code, and sensitive data for any changes to said encrypted and combined hashed memory page header data, code, and sensitive data when receiving said encrypted and combined hashed memory page header data, code, and sensitive data from a persistent storage or said dynamic memory.
  - 15. The method according to claim 12, further comprising storing said encrypted and combined hashed memory page header data, code, and said sensitive data in a persistent storage.

16. A computer-readable storage medium, other than a signal, storing thereon computer-executable instructions for preventing tampering with memory in a computing environment, the computer-executable instructions comprising instructions for:
- receiving a memory page comprising memory page header data, code, sensitive data, and non-sensitive data;
  
  encrypting said memory page header data, said code, and said sensitive data of the memory page while leaving said non-sensitive data of the memory page unencrypted;
  
  hashing said memory page header data into a memory page header hash, hashing said code into a code hash, and hashing said sensitive data into a sensitive data hash, and subsequently hashing a combination of the memory page header hash, the code hash and the sensitive data hash to form encrypted and combined hashed memory page header data, code and sensitive data; and
  
  storing said encrypted and combined hashed memory page header data, code, and sensitive data of the memory page and the unencrypted non-sensitive data of the memory page in a dynamic memory of a computing device.
- View Dependent Claims (17, 18)
- - 17. The computer-readable storage medium according to claim 16, wherein the computer-executable instructions further comprise instructions for decrypting dynamically said memory page header data, said code, and said sensitive data from said dynamic memory and storing a result of said decrypting in a local memory of said computing device.
  - 18. The computer-readable storage medium according to claim 17, wherein the computer-executable instructions further comprise instructions for checking said encrypted and combined hashed memory page header data, code, and sensitive data for any changes to said encrypted and combined hashed memory page header data, code, and sensitive data when receiving said encrypted and combined hashed memory page header data, code, and sensitive data from a persistent storage or said dynamic memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Lange, Sebastian, Morais, Dinarte R., Tan, Victor, Poulos, Adam G.
Primary Examiner(s)
EDWARDS, LINGLAN E

Application Number

US12/040,654
Publication Number

US 20090222675A1
Time in Patent Office

2,265 Days
Field of Search

713/187, 713/189, 713192-194, 726/26
US Class Current

713/193
CPC Class Codes

G06F 21/64 Protecting data integrity, ...

Tamper resistant memory protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Tamper resistant memory protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links