Security perimeter
First Claim
Patent Images
1. A memory device comprising:
- a memory integrated circuit including at least;
memory including a plurality of memory regions configured to store information communicated with at least one processor; and
logic-in-memory at least partially integrated with the memory, the logic-in-memory including at leastencryption logic configured to create at least one cryptographic security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein data inside the at least one cryptographic security perimeter has a different cryptographic state than information outside the at least one cryptographic security perimeter, and at least one of encryption or decryption of data is performed during a direct memory-to-memory transfer across the at least one cryptographic security perimeter wherein the data is at least one of encrypted or decrypted during transfer from a first memory region to a second memory region internal to the memory integrated circuit; and
tamper-handling logic configured to create at least one physical tamper handling security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein at least one physical tamper-handling function is performed in association with the at least one selected memory region within the at least one physical tamper handling security perimeter.
7 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of memory devices, computer systems, security apparatus, data handling systems, and the like, and associated methods facilitate security in a system incorporating the concept of a security perimeter which combines cryptographic and physical security. The memory device can comprise a memory operable to store information communicated with a processor, and a logic operable to create at least one cryptographic security perimeter enclosing at least one selected region of the memory and operable to manage information communication between the processor and the at least one selected region of the memory.
215 Citations
48 Claims
-
1. A memory device comprising:
a memory integrated circuit including at least; memory including a plurality of memory regions configured to store information communicated with at least one processor; and logic-in-memory at least partially integrated with the memory, the logic-in-memory including at least encryption logic configured to create at least one cryptographic security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein data inside the at least one cryptographic security perimeter has a different cryptographic state than information outside the at least one cryptographic security perimeter, and at least one of encryption or decryption of data is performed during a direct memory-to-memory transfer across the at least one cryptographic security perimeter wherein the data is at least one of encrypted or decrypted during transfer from a first memory region to a second memory region internal to the memory integrated circuit; and tamper-handling logic configured to create at least one physical tamper handling security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein at least one physical tamper-handling function is performed in association with the at least one selected memory region within the at least one physical tamper handling security perimeter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 45, 47)
-
25. A computer system comprising:
-
at least one processor; and a memory integrated circuit at least communicatively coupled to the at least one processor, the memory integrated circuit including at least; a memory device communicatively coupled to the at least one processor and including at least; memory including a plurality of memory regions, the memory configured to store information communicated with the at least one processor; and logic-in-memory at least partially integrated with the memory, the logic-in-memory including at least encryption logic configured to create at least one cryptographic security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein data inside the at least one cryptographic security perimeter has a different cryptographic state than information outside the at least one cryptographic security perimeter, and at least one of encryption or decryption of data is performed during a direct memory-to-memory transfer across the at least one cryptographic security perimeter wherein the data is at least one of encrypted or decrypted during transfer from a first memory region to a second memory region internal to the memory integrated circuit; and tamper-handling logic configured to create at least one physical tamper handling security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein at least one physical tamper-handling function is performed in association with the at least one selected memory region within the at least one physical tamper handling security perimeter. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A security apparatus comprising:
-
a memory integrated circuit including at least; a memory including a plurality of memory regions; and logic-in-memory at least partially integrated with the memory, the logic-in-memory including at least encryption logic configured to create at least one cryptographic security perimeter internal to the memory integrated circuit enclosing at least one selected region of memory wherein data inside and outside the at least one cryptographic security perimeter have different encryption characteristics, and at least one of encryption or decryption of data is performed during a direct memory-to-memory transfer across the at least one cryptographic security perimeter wherein the data is at least one of encrypted or decrypted during transfer from a first memory region to a second memory region internal to the memory integrated circuit; and tamper-handling logic configured to create at least one physical tamper handling security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein at least one physical tamper-handling function is performed in association with the at least one selected memory region within the at least one physical tamper handling security perimeter; and a tamper-handling device coupled to the encryption logic configured to create at least one cryptographic security perimeter internal to the memory integrated circuit and configured to handle physical intrusion to the memory wherein the tamper-handling device and the encryption logic configured to create at least one cryptographic security perimeter internal to the memory integrated circuit are configured in combination to create a cryptographic and physical tamper-handling security perimeter. - View Dependent Claims (44)
-
-
46. A security apparatus comprising:
a memory integrated circuit including at least; a memory including a plurality of memory regions; and logic-in-memory at least partially integrated with the memory, the logic-in-memory including at least encryption logic configured to create at least one cryptographic security perimeter internal to the memory integrated circuit enclosing at least one selected region of a memory wherein data inside and outside the at least one cryptographic security perimeter have different levels of cryptographic strength, and at least one of encryption or decryption of data is performed during a direct memory-to-memory transfer across the at least one cryptographic security perimeter wherein the data is at least one of encrypted or decrypted during transfer from a first memory region to a second memory region internal to the memory integrated circuit; and
the encryption logic is configured to (1) perform channel encryption operations on a communication channel that communicates information between at least one processor and the memory, (2) dynamically modify one or more address mappings in the memory, and (3) enable the at least one processor to read back from the modified address mappings according to a predetermined scheme between the memory and the at least one processor; andtamper-handling logic configured to create at least one physical tamper handling security perimeter internal to the memory integrated circuit enclosing at least one selected memory region of the plurality of memory regions wherein at least one physical tamper-handling function is performed in association with the at least one selected memory region within the at least one physical tamper handling security perimeter. - View Dependent Claims (48)
Specification