Securing data caches through encryption
First Claim
1. A method for selective data protection and encryption of a cache on a data processing device by using a data processor, comprising:
- reading data from the cache, using the data processor, wherein the data comprises copies of data stored in at least one other storage device;
determining, using the data processor, whether the data read from the cache is encrypted to identify one or more of previously unencrypted data and previously encrypted data, wherein the previously unencrypted data comprises copies of data stored unencrypted in the at least one other storage device, wherein determining whether the data read from the cache is encrypted includes calculating at least one of a Shannon entropy value or a compressibility value, and comparing the calculated Shannon entropy value or compressibility value to a threshold entropy value or a threshold compressibility value, respectively;
in response to identifying the data read from the cache as the previously unencrypted data, encrypting, using the data processor, selectively at least a portion of the previously unencrypted data to provide selectively encrypted data;
in response to identifying the data read from the cache as the previously encrypted data, providing the previously encrypted data in the cache without further encryption;
storing, using the data processor, the selectively encrypted data in the cache;
erasing at least a portion of the data read from the cache in response to detection of security credentials being compromised; and
detecting a sleep/hibernation sequence, and erasing at least a portion of the data read from the cache in response to detecting the sleep/hibernation sequence.
3 Assignments
0 Petitions
Accused Products
Abstract
Encryption techniques for securing data in a data cache are generally disclosed. Example methods may include one or more of reading the cache to identify data, determining whether the data is encrypted to identify previously unencrypted data and/or previously encrypted data, and encrypting selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to a computer system data processor configured to read a cache to identify data, determine whether the read data is encrypted, and encrypt selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to computer accessible mediums containing computer-executable instructions for data encryption upon execution of the instructions by a data processor. The instructions may configure the data processor to perform procedures that read the cache to identify data, determine whether the data is encrypted, and selectively encrypt data determined as unencrypted.
63 Citations
25 Claims
-
1. A method for selective data protection and encryption of a cache on a data processing device by using a data processor, comprising:
-
reading data from the cache, using the data processor, wherein the data comprises copies of data stored in at least one other storage device; determining, using the data processor, whether the data read from the cache is encrypted to identify one or more of previously unencrypted data and previously encrypted data, wherein the previously unencrypted data comprises copies of data stored unencrypted in the at least one other storage device, wherein determining whether the data read from the cache is encrypted includes calculating at least one of a Shannon entropy value or a compressibility value, and comparing the calculated Shannon entropy value or compressibility value to a threshold entropy value or a threshold compressibility value, respectively; in response to identifying the data read from the cache as the previously unencrypted data, encrypting, using the data processor, selectively at least a portion of the previously unencrypted data to provide selectively encrypted data; in response to identifying the data read from the cache as the previously encrypted data, providing the previously encrypted data in the cache without further encryption; storing, using the data processor, the selectively encrypted data in the cache; erasing at least a portion of the data read from the cache in response to detection of security credentials being compromised; and detecting a sleep/hibernation sequence, and erasing at least a portion of the data read from the cache in response to detecting the sleep/hibernation sequence. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19, 22, 23, 24, 25)
-
-
10. A computing system, comprising:
-
a cache; and a data processor configured to; read data from the cache, wherein the data comprises copies of data stored in at least one other storage device; determine whether the data read from the cache is encrypted to identify one or more of previously unencrypted data and previously encrypted data, wherein the previously unencrypted data comprises copies of data stored unencrypted in the at least one other storage device, wherein to determine whether the data read from the cache is encrypted, the data processor is configured to calculate at least one of a Shannon entropy value or a compressibility value, and to compare the calculated Shannon entropy value or compressibility value to a threshold entropy value or a threshold compressibility value, respectively; in response to identification of the data read from the cache as the previously unencrypted data, encrypt selectively at least a portion of the previously unencrypted data to provide selectively encrypted data; in response to identification of the data read from the cache as the previously encrypted data, provide the previously encrypted data in the cache without further encryption; store the selectively encrypted data in the cache; detect a sleep/hibernation sequence, and erase at least a portion of the data read from the cache in response to detection of the sleep/hibernation sequence; and erase at least a portion of the data read from the cache in response to detection of security credentials being compromised. - View Dependent Claims (11, 12, 13, 14, 15, 16, 20)
-
-
17. A non-transitory computer accessible medium that includes computer executable instructions stored thereon for cache encryption and decryption in response to execution of the executable instructions by a processor unit, the computer executable instructions capable to configure the processor unit to perform a procedure, comprising:
-
reading data from the cache, wherein the data comprises copies of data stored in at least one other storage device; determining whether the data read from the cache is encrypted to identify one or more of previously unencrypted data and previously encrypted data, wherein the previously unencrypted data comprises copies of data stored unencrypted in the at least one other storage device and wherein determining whether the data read from the cache is encrypted includes performing entropy analysis on the data read from the cache; in response to identifying the data read from the cache as the previously unencrypted data, encrypting at least a portion of the previously unencrypted data to provide selectively encrypted data; in response to identifying the data read from the cache as the previously encrypted data, providing the previously encrypted data in the cache without further encryption; storing the selectively encrypted data in the cache, wherein determining whether the data read from the cache is encrypted, including performing the entropy analysis on the data read from the cache, includes; examining each file of data read from the cache to identify header information indicating that the respective file is either compressed or uncompressed; identifying each file as either compressed or uncompressed based on the examination of the header information; in response to each file being identified as uncompressed, performing the entropy analysis on the data read from the cache corresponding to each file that is identified as uncompressed, wherein the entropy analysis includes calculating a Shannon entropy value and comparing the calculated Shannon entropy value to a threshold entropy value; and determining based on the entropy analysis whether the data read from the cache corresponding to each file is previously encrypted data; erasing at least a portion of the data read from the cache in response to detection of security credentials being compromised; and detecting a sleep/hibernation sequence, and erasing at least a portion of the data read from the cache in response to detecting the sleep/hibernation sequence. - View Dependent Claims (18, 21)
-
Specification