Memory encryption method compatible with a memory interleaved system and corresponding system

US 9,419,952 B2
Filed: 03/12/2015
Issued: 08/16/2016
Est. Priority Date: 06/05/2014
Status: Active Grant

First Claim

Patent Images

1. A method for managing an encrypted global interleaved memory space physically implemented according to an interleaving addressing scheme in encrypted memory banks of a plurality of memories respectively belonging to a plurality of channels, the encrypted global interleaved memory space being addressable with transactions through the interleaving addressing scheme for routing each transaction to a channel containing a physical memory location corresponding to a transaction address in accordance with the interleaving addressing scheme, and a range of addresses of an interleaved memory zone being equal to an address interleaving step, the method comprising:

providing each channel with a local address pointer configured to be incrementally moved along the encrypted global interleaved memory space each time the encrypted global interleaved memory space is addressed at a current address pointed by the local address pointer;

addressing the encrypted global interleaved memory space from the channel with a specific transaction at the current address in an absence of movement of the local address pointer during a time period;

re-encrypting data located at the current address with a new encryption key and incrementing the local address pointer to its next position upon reception at the channel of the specific transaction having been initiated by the channel; and

if the specific transaction was initiated by another channel, discarding the specific transaction and sending an error transaction to that another channel, and incrementing a local address pointer of the another channel by the address interleaving step upon receiving the error transaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing an operation of an encrypted global interleaved memory space physically implemented according to an interleaving addressing scheme in encrypted memory banks of a plurality of memories respectively belonging to a plurality of channels. The method includes providing each channel with a local address pointer configured to be incrementally moved along the global memory space each time the global memory space is addressed at the current address pointed by the pointer, and in an absence of movement of the local pointer of a channel during a time period, addressing the global memory space from the channel through the address interleaving with a specific transaction at the current address, and upon reception at the channel of the specific transaction having been initiated by the channel, re-encrypting data located at the current address with a new encryption key and incrementing the local address pointer to its next position.

Citations

10 Claims

1. A method for managing an encrypted global interleaved memory space physically implemented according to an interleaving addressing scheme in encrypted memory banks of a plurality of memories respectively belonging to a plurality of channels, the encrypted global interleaved memory space being addressable with transactions through the interleaving addressing scheme for routing each transaction to a channel containing a physical memory location corresponding to a transaction address in accordance with the interleaving addressing scheme, and a range of addresses of an interleaved memory zone being equal to an address interleaving step, the method comprising:
- providing each channel with a local address pointer configured to be incrementally moved along the encrypted global interleaved memory space each time the encrypted global interleaved memory space is addressed at a current address pointed by the local address pointer;
  
  addressing the encrypted global interleaved memory space from the channel with a specific transaction at the current address in an absence of movement of the local address pointer during a time period;
  
  re-encrypting data located at the current address with a new encryption key and incrementing the local address pointer to its next position upon reception at the channel of the specific transaction having been initiated by the channel; and
  
  if the specific transaction was initiated by another channel, discarding the specific transaction and sending an error transaction to that another channel, and incrementing a local address pointer of the another channel by the address interleaving step upon receiving the error transaction.
- View Dependent Claims (2, 3)
- - 2. The method according to claim 1, further comprising:
    - encrypting data to be stored within a memory bank and decrypting data to be read from the memory bank and, upon reception at the channel of the specific transaction having been initiated by the channelreading the data located at the current address and encrypted with a previous encryption key,decrypting the encrypted data with the previous encryption key,selecting a new primary key,generating the new encryption key from at least the selected new primary key,re-encrypting the decrypted data with the new encryption key, andrewriting the re-encrypted data at the current address.
  - 3. The method of claim 1, wherein said encrypted global interleaved memory space contains memory regions covering at least one memory zone, and further comprising upon reception of a transaction addressing a memory region:
    - assigning a region identification associated to the memory region; and
      
      generating the new encryption key from at least a selected new key and the region identification.

4. A device comprising:
- a plurality of channels;
  
  an encrypted global interleaved memory space physically implemented according to an interleaving addressing scheme in encrypted memory banks of a plurality of memories respectively belonging to the plurality of channels, the encrypted global interleaved memory space being addressable with transactions through an address interleaving for routing each transaction to a channel containing a physical memory location corresponding to a transaction address in accordance with the interleaving addressing scheme, and a range of addresses of an interleaved memory zone being equal to an address interleaving step; and
  
  each channel further comprisinga local address pointer configured to be incrementally moved along the encrypted global interleaved memory space each time the encrypted global interleaved memory space is addressed at a current address pointed by the local address pointer,a local controller configured to, in an absence of movement of the local address pointer during a time period, address the encrypted global interleaved memory space through the interleaving addressing scheme with a specific transaction at the current address, and upon reception of the specific transaction having been initiated by the local controller, control re-encrypting data located at the current address with a new encryption key and increment the local address pointer to its next position, and if the specific transaction was initiated by another channel, discarding the specific transaction and sending an error transaction to that another channel, and incrementing a local address pointer of the another channel by an address interleaving step upon receiving the error transaction.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The device according to claim 4, further comprising:
    - at least one master address decoder and a plurality of local address decoders respectively associated to the plurality of channels;
      
      each address decoder configured to implement the address interleaving with the interleaving addressing scheme;
      
      at least one master element configured to address the encrypted global interleaved memory space with transactions through the at least one master address decoder; and
      
      the local controller of the channel being configured to, in the absence of movement of the local address pointer of the channel during the time period, address the encrypted global interleaved memory space through the local address decoder associated to the channel with the specific transaction at the current address.
  - 6. The device according to claim 4, wherein each channel further comprises a local encryptor/decryptor configured to encrypt data to be stored within a memory bank and to decrypt data to be read from a memory bank and the local controller is configured, upon reception at the channel of a specific transaction having been initiated by the local controller, to select a new primary key, control reading the data located at the current address and encrypted with a previous encryption key, control the encryptor/decryptor for decrypting the encrypted data with the previous encryption key, generating the new encryption key from at least the selected new primary key and re-encrypting the decrypted data with the new encryption key, and control rewriting the re-encrypted data at the current address.
  - 7. The device according to claim 4, wherein the encrypted global interleaved memory space contains memory regions covering at least one memory zone, each local processor further comprising:
    - an address filter configured, upon reception of a transaction addressing a memory region, to assign a region identification associated to the memory region, and the local encryptor/decryptor is configured to generate the new encryption key from at least the selected new key and the region identification.
  - 8. The device according to claim 4, further comprising a System on Chip including a local processor of each channel, master elements and a plurality of memory interfaces respectively coupled to the plurality of memories being outside of the System on Chip, a communication medium being a Network on Chip.

9. A device comprising:
- a plurality of channels;
  
  an encrypted global interleaved memory space physically implemented according to an interleaving addressing scheme in encrypted memory banks of a plurality of memories respectively belonging to the plurality of channels, the encrypted global interleaved memory space being addressable with transactions through an address interleaving for routing each transaction to a channel containing a physical memory location corresponding to a transaction address in accordance with the interleaving addressing scheme; and
  
  a local controller configured to, in an absence of movement of a local address pointer during a time period, address the encrypted global interleaved memory space through the interleaving addressing scheme with a specific transaction at a current address, and upon reception of the specific transaction having been initiated by the local controller, control re-encrypting data located at the current address with a new encryption key and increment the local address pointer to its next position, and if the specific transaction was initiated by another channel, discarding the specific transaction and sending an error transaction to that another channel, and incrementing a local address pointer of the another channel by an address interleaving step upon receiving the error transaction.
- View Dependent Claims (10)
- - 10. The device of claim 9, wherein each channel further comprising a local address pointer configured to be incrementally moved along the encrypted global interleaved memory space each time the encrypted global interleaved memory space is addressed at the current address pointed by the local address pointer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
STMicroelectronics International N.V. (STMicroelectronics NV)
Original Assignee
STMicroelectronics Grenoble 2 SAS (STMicroelectronics NV), STMicroelectronics International N.V. (STMicroelectronics NV)
Inventors
Urzi, Ignazio Antonino, Zargar, Asif Rashid
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Lwin, Maung

Application Number

US14/645,688
Publication Number

US 20150358300A1
Time in Patent Office

523 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/71   to assure secure computing ...

G06F 21/79   in semiconductor storage me...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0618   Block ciphers, i.e. encrypt...

Memory encryption method compatible with a memory interleaved system and corresponding system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Memory encryption method compatible with a memory interleaved system and corresponding system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links