Encryption integrity check with CRC encryption in memory using a word count- and address-derived nonce

US 9,697,140 B2
Filed: 09/23/2014
Issued: 07/04/2017
Est. Priority Date: 09/23/2014
Status: Active Grant

First Claim

Patent Images

1. A memory, comprising:

a non-volatile memory device; and

a controller coupled to the memory device and comprising logic to;

receive a write request from a host device to write a line of data having a logical block address to the memory device at a physical memory address, where the physical memory address includes a write count that is incremented for each write operation;

generate a first plaintext cyclic redundancy check (CRC) from a concatenation of the line of data and the logical block address;

encrypt, by a first encoder, the line of data to generate an encrypted line of data;

encrypt, by a second encoder, a nonce formed from a concatenation of the write count and the physical memory address to generate an encrypted value that is unique to the write request;

perform an XOR operation with the first plaintext CRC and the encrypted value to generate a first encrypted CRC; and

store the encrypted line of data and the first encrypted CRC in the memory device to complete the write request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, systems, and methods for AES integrity check in memory are described. In one embodiment, a controller comprises logic to receive a write request from a host device to write a line of data to the memory device, determine a first plaintext cyclic redundancy check from the line of data, encrypt the line of data, encrypt the first plaintext CRC with a unique value to generate a first encrypted CRC, and store the encrypted line of data and the first encrypted CRC in memory. Other embodiments are also disclosed and claimed.

Citations

24 Claims

1. A memory, comprising:
- a non-volatile memory device; and
  
  a controller coupled to the memory device and comprising logic to;
  
  receive a write request from a host device to write a line of data having a logical block address to the memory device at a physical memory address, where the physical memory address includes a write count that is incremented for each write operation;
  
  generate a first plaintext cyclic redundancy check (CRC) from a concatenation of the line of data and the logical block address;
  
  encrypt, by a first encoder, the line of data to generate an encrypted line of data;
  
  encrypt, by a second encoder, a nonce formed from a concatenation of the write count and the physical memory address to generate an encrypted value that is unique to the write request;
  
  perform an XOR operation with the first plaintext CRC and the encrypted value to generate a first encrypted CRC; and
  
  store the encrypted line of data and the first encrypted CRC in the memory device to complete the write request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The memory of claim 1, wherein the controller further comprises logic to:
    - store the write count in the memory device.
  - 3. The memory of claim 1, wherein the controller further comprises logic to:
    - initiate a memory refresh operation at the physical memory address;
      
      update the write count of the physical memory address to an updated write count; and
      
      update the first encrypted CRC with an updated encrypted value to generate an updated encrypted CRC.
  - 4. The memory of claim 3, wherein, in updating the first encrypted CRC, the controller further comprises logic to:
    - encrypt, by the second encoder, an updated nonce formed from a concatenation of the updated write count and the physical memory address to generate an updated encrypted value; and
      
      perform an XOR operation with the first plaintext CRC and the updated encrypted value to generate the updated encrypted CRC.
  - 5. The memory of claim 1, wherein the controller further comprises logic to:
    - receive a read request from a host device to read the encrypted line of data from the physical memory address; and
      
      retrieve the encrypted line of data, the write count, and the first encrypted CRC from the physical memory address.
  - 6. The memory of claim 5, further comprising logic to:
    - decrypt the encrypted line of data to generate a decrypted line of data;
      
      generate a decrypted data plaintext CRC from a concatenation of the decrypted line of data and the logical block address of the read request;
      
      encrypt, by the second encoder, a nonce formed from a concatenation of the write count and the physical memory address to generate a second encrypted value; and
      
      perform an XOR operation with the first encrypted CRC and the second encrypted value to generate a second plaintext CRC.
  - 7. The memory of claim 6, further comprising logic to:
    - return the decrypted line of data in response to the read request when the second plaintext CRC matches the decrypted data plaintext CRC.
  - 8. The memory of claim 7, further comprising logic to:
    - return a read error in response to the read request when the second plaintext CRC fails to match the decrypted data plaintext CRC.

9. An electronic device, comprising:
- a processor; and
  
  a memory device, comprising;
  
  a non-volatile memory device; and
  
  a controller coupled to the memory device and comprising logic to;
  
  receive a write request from a host device to write a line of data having a logical block address to the memory device at a physical memory address, where the physical memory address includes a write count that is incremented for each write operation;
  
  generate a first plaintext cyclic redundancy check (CRC) from a concatenation of the line of data and the logical block address;
  
  encrypt, by a first encoder, the line of data to generate an encrypted line of data;
  
  encrypt, by a second encoder, a nonce formed from a concatenation of the write count and the physical memory address to generate an encrypted value that is unique to the write request;
  
  perform an XOR operation with the first plaintext CRC and the encrypted value to generate a first encrypted CRC; and
  
  store the encrypted line of data and the first encrypted CRC in the memory device to complete the write request.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The electronic device of claim 9, wherein the controller further comprises logic to:
    - store the write count in the memory device.
  - 11. The electronic device of claim 9, wherein the controller further comprises logic to:
    - initiate a memory refresh operation at the physical memory address;
      
      update the write count of the physical memory address to an updated write count; and
      
      update the first encrypted CRC with an updated encrypted value to generate an updated encrypted CRC.
  - 12. The electronic device of claim 11, wherein, in updating the first encrypted CRC, the controller further comprises logic to:
    - encrypt, by the second encoder, an updated nonce formed from a concatenation of the updated write count and the physical memory address to generate an updated encrypted value; and
      
      perform an XOR operation with the first plaintext CRC and the updated encrypted value to generate the updated encrypted CRC.
  - 13. The electronic device of claim 9, wherein the controller further comprises logic to:
    - receive a read request from a host device to read the encrypted line of data from the physical memory address;
      
      retrieve the encrypted line of data, the write count, and the first encrypted CRC from the physical memory address.
  - 14. The electronic device of claim 13, further comprising logic to:
    - decrypt the encrypted line of data to generate a decrypted line of data;
      
      generate a decrypted data plaintext CRC from a concatenation of the decrypted line of data and the logical block address of the read request;
      
      encrypt, by the second encoder, a nonce formed from a concatenation of the write count and the physical memory address to generate a second encrypted value; and
      
      perform an XOR operation with the first encrypted CRC and the second encrypted value to generate a second plaintext CRC.
  - 15. The electronic device of claim 14, further comprising logic to:
    - return the decrypted line of data in response to the read request when the second plaintext CRC matches the decrypted data plaintext CRC.
  - 16. The electronic device of claim 15, further comprising logic to:
    - return a read error in response to the read request when the second plaintext CRC fails to match the decrypted data plaintext CRC.

17. A computer program product comprising logic instructions stored on a nontransitory computer readable medium which, when executed by a controller coupled to a memory device, configure the controller to:
- receive a write request from a host device to write a line of data having a logical block address to a memory device at a physical memory address, where the physical memory address includes a write count that is incremented for each write operation;
  
  generate a first plaintext cyclic redundancy check (CRC) from a concatenation of the line of data and the logical block address;
  
  encrypt, by a first encoder, the line of data to generate an encrypted line of data;
  
  encrypt, by a second encoder, a nonce formed from a concatenation of the write count and the physical memory address to generate an encrypted value that is unique to the write request;
  
  perform an XOR operation with the first plaintext CRC and the encrypted value to generate a first encrypted CRC; and
  
  store the encrypted line of data and the first encrypted CRC in the memory device to complete the write request.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17, wherein the controller further comprises logic instructions stored on a nontransitory computer readable medium which, when executed by a controller coupled to a memory device, configure the controller tostore the write count in the memory.
  - 19. The computer program product of claim 17, wherein the controller further comprises logic instructions stored on a nontransitory computer readable medium which, when executed by a controller coupled to a memory device, configure the controller to:
    - initiate a memory refresh operation at the physical memory address;
      
      update the write count of the physical memory address to an updated write count; and
      
      update the first encrypted CRC with an updated encrypted value to generate an updated encrypted CRC.
  - 20. The computer program product of claim 19, wherein, in updating the first encrypted CRC, the controller is further configured to:
    - encrypt, by the second encoder, an updated nonce formed from a concatenation of the updated write count and the physical memory address to generate an updated encrypted value; and
      
      perform an XOR operation with the first plaintext CRC and the updated encrypted value to generate the updated encrypted CRC.
  - 21. The computer program product of claim 17, wherein the controller further comprises logic instructions stored on a nontransitory computer readable medium which, when executed by a controller coupled to a memory device, configure the controller to:
    - receive a read request from a host device to read the encrypted line of data from the physical memory address;
      
      retrieve the encrypted line of data, the write count, and the first encrypted CRC from the physical memory address.
  - 22. The computer program product of claim 21, further comprising logic instructions stored on a nontransitory computer readable medium which, when executed by a controller coupled to a memory device, configure the controller to:
    - decrypt the encrypted line of data to generate a decrypted line of data;
      
      generate a decrypted data plaintext CRC from a concatenation of the decrypted line of data and the logical block address of the read request;
      
      encrypt, by the second encoder, a nonce formed from a concatenation of the write count and the physical memory address to generate a second encrypted value; and
      
      perform an XOR operation with the first encrypted CRC and the second encrypted value to generate a second plaintext CRC.
  - 23. The computer program product of claim 22, further comprising logic instructions stored on a nontransitory computer readable medium which, when executed by a controller coupled to a memory device, configure the controller to:
    - return the decrypted line of data in response to the read request when the second plaintext CRC matches the decrypted data plaintext CRC.
  - 24. The computer program product of claim 23, further comprising logic instructions stored on a nontransitory computer readable medium which, when executed by a controller coupled to a memory device, configure the controller to:
    - return a read error in response to the read request when the second plaintext CRC fails to match the decrypted data plaintext CRC.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Kwok, Zion S.
Primary Examiner(s)
Patel, Haresh N

Application Number

US14/493,924
Publication Number

US 20160085692A1
Time in Patent Office

1,015 Days
Field of Search

713193, 713150, 713190
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/79   in semiconductor storage me...

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

G06F 2212/403   Error protection encoding, ...

Y02D 10/00   Energy efficient computing,...

Encryption integrity check with CRC encryption in memory using a word count- and address-derived nonce

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption integrity check with CRC encryption in memory using a word count- and address-derived nonce

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links