Software cryptoprocessor
First Claim
1. A method for securing information stored by a computer, the computer having a processor and a main memory, the processor having a core with cache memory for storing instructions for execution by the core, the method comprising:
- loading an agent into the processor and storing the agent into the cache memory so that the agent is resident in the cache memory; and
under control of the core executing instructions of the agent;
upon detecting transmission of encrypted content from the main memory to the cache memory,retrieving the encrypted content from the cache memory;
decrypting the encrypted content; and
storing the decrypted content into the cache memory;
when the decrypted content is to be evicted from the cache memory to the main memory,retrieving the decrypted content from cache memory;
encrypting the decrypted content as newly encrypted content; and
storing the newly encrypted content into the cache memory so that the encrypted content, rather than the decrypted content, is evicted.
2 Assignments
0 Petitions
Accused Products
Abstract
Security of information—both code and data—stored in a computer'"'"'s system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided.
93 Citations
20 Claims
-
1. A method for securing information stored by a computer, the computer having a processor and a main memory, the processor having a core with cache memory for storing instructions for execution by the core, the method comprising:
-
loading an agent into the processor and storing the agent into the cache memory so that the agent is resident in the cache memory; and under control of the core executing instructions of the agent; upon detecting transmission of encrypted content from the main memory to the cache memory, retrieving the encrypted content from the cache memory; decrypting the encrypted content; and storing the decrypted content into the cache memory; when the decrypted content is to be evicted from the cache memory to the main memory, retrieving the decrypted content from cache memory; encrypting the decrypted content as newly encrypted content; and storing the newly encrypted content into the cache memory so that the encrypted content, rather than the decrypted content, is evicted. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for securing information stored by a computer, comprising:
-
a processor having a core with cache memory; a main memory; an application for accessing sensitive content that is stored in main memory as encrypted content; and an agent stored in the cache memory so that the agent is resident in the cache memory, wherein the agent is configured to; detect that the application has executed an instruction to cause the encrypted content to be transmitted from main memory to the cache memory; decrypt the encrypted content that is stored in cache memory; store the decrypted content into the cache memory; and cause control to be passed to the application for accessing the decrypted content. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable medium that is not a transitory, propagating signal storing instructions of a computer for securing content, the computer having a processor and a main memory, the processor having a core with cache memory, the instructions for execution by the core, the instructions comprising:
-
instructions of an agent that intercept a transmission of encrypted content from the main memory to the cache memory as a result of software accessing the encrypted content, decrypt the encrypted content that is stored in the cache memory, and store the decrypted content into the cache memory so that the software can access the decrypted content; and instructions of the agent that, prior to the decrypted content being transmitted from the cache memory to the main memory, encrypts the decrypted content as newly encrypted content wherein the newly encrypted content, rather the decrypted content, is transmitted to main memory. - View Dependent Claims (18, 19, 20)
-
Specification