Memory management device and memory management method

US 8,732,480 B2
Filed: 09/01/2011
Issued: 05/20/2014
Est. Priority Date: 09/24/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A memory management device to which a memory is connected and which performs verification at reading of data stored in the memory and at writing of data to the memory, the device comprising:

a first hardware storage configured to store therein a root secret value that is a secret value assigned to the memory;

a second hardware storage configured to hold an upper counter value that is in common among a predetermined plurality of data pieces and lower counter values associated with the data pieces, respectively;

an assignment engine configured to update counter values including the upper counter value and the lower counter values at writing of the data pieces to the memory and calculate data verification values; and

a verification engine configured to perform a verification process of the data verification values at reading of the data pieces, whereinat writing of first data piece to the memory;

the assignment engine increments a lower counter value associated with the first data piece each time the first data piece is written to the memory;

when the lower counter value associated with the first data piece overflows, the assignment engine updates counter values associated with the first data piece by incrementing the upper counter value in common among the plurality of data pieces and resetting the lower counter value;

the assignment engine calculates a first secret value for each data piece using the counter values associated with the first data piece and the root secret value, and calculates a first data verification value using the first data piece and the first secret value for each data piece;

when the counter values associated with the first data piece are updated, the assignment engine recalculates the first secret value for each data piece using the updated counter values and the root secret value, and recalculates the first data verification value using the first data piece and the recalculated first secret value for each data piece; and

the assignment engine writes the first data piece and the calculated first data verification value or the recalculated first data verification value to the memory,at reading of the first data piece from the memory;

the verification engine reads the first data piece and the first calculated data verification value from the memory;

when the first data piece and the first data verification value are read, the verification engine calculates a second secret value for each data piece using updated values of the counter values associated with the first data piece and the root secret value, and calculates a second data verification value using the read first data piece and the second secret value for each data piece; and

the verification engine compares the read first data verification value and the second data verification value to perform verification of the read first data piece, andat writing of second data piece to the memory;

when a lower counter value associated with the second data piece overflows, the assignment engine updates counter values associated with the second data piece by incrementing the upper counter value in common among the plurality of data pieces and resetting the lower counter value;

the assignment engine calculates another first secret value for each data piece using the counter values associated with the second data piece and the root secret value, and calculates a second data verification value using the second data piece and the another first secret value for each data piece; and

when the counter values associated with the second data piece are updated, the assignment engine recalculates the first secret value for each data piece using the updated counter values and the root secret value, and recalculates the first data verification value using the second data piece and the first secret value for each data piece, the assignment engine writes the second data piece and the calculated second data verification value or the recalculated first data verification value to the memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an embodiment, a memory management device increments a lower value of a first counter, updates the counter by incrementing an upper value and resetting the lower value when the lower value overflows, increments to update the lower counter value when the upper value is incremented as a result of writing a second data piece having the upper value in common to a memory, recalculates a first secret value calculated using the first counter values and a root secret value in response to the first counter update, writes a first data piece and the first secret value to the memory, and at reading of the first data piece and the first secret value, calculates a second secret value using the updated first counter values and the root secret value, and compares the first secret value with the second secret value to verify the first data piece.

23 Citations

View as Search Results

10 Claims

1. A memory management device to which a memory is connected and which performs verification at reading of data stored in the memory and at writing of data to the memory, the device comprising:
- a first hardware storage configured to store therein a root secret value that is a secret value assigned to the memory;
  
  a second hardware storage configured to hold an upper counter value that is in common among a predetermined plurality of data pieces and lower counter values associated with the data pieces, respectively;
  
  an assignment engine configured to update counter values including the upper counter value and the lower counter values at writing of the data pieces to the memory and calculate data verification values; and
  
  a verification engine configured to perform a verification process of the data verification values at reading of the data pieces, whereinat writing of first data piece to the memory;
  
  the assignment engine increments a lower counter value associated with the first data piece each time the first data piece is written to the memory;
  
  when the lower counter value associated with the first data piece overflows, the assignment engine updates counter values associated with the first data piece by incrementing the upper counter value in common among the plurality of data pieces and resetting the lower counter value;
  
  the assignment engine calculates a first secret value for each data piece using the counter values associated with the first data piece and the root secret value, and calculates a first data verification value using the first data piece and the first secret value for each data piece;
  
  when the counter values associated with the first data piece are updated, the assignment engine recalculates the first secret value for each data piece using the updated counter values and the root secret value, and recalculates the first data verification value using the first data piece and the recalculated first secret value for each data piece; and
  
  the assignment engine writes the first data piece and the calculated first data verification value or the recalculated first data verification value to the memory,at reading of the first data piece from the memory;
  
  the verification engine reads the first data piece and the first calculated data verification value from the memory;
  
  when the first data piece and the first data verification value are read, the verification engine calculates a second secret value for each data piece using updated values of the counter values associated with the first data piece and the root secret value, and calculates a second data verification value using the read first data piece and the second secret value for each data piece; and
  
  the verification engine compares the read first data verification value and the second data verification value to perform verification of the read first data piece, andat writing of second data piece to the memory;
  
  when a lower counter value associated with the second data piece overflows, the assignment engine updates counter values associated with the second data piece by incrementing the upper counter value in common among the plurality of data pieces and resetting the lower counter value;
  
  the assignment engine calculates another first secret value for each data piece using the counter values associated with the second data piece and the root secret value, and calculates a second data verification value using the second data piece and the another first secret value for each data piece; and
  
  when the counter values associated with the second data piece are updated, the assignment engine recalculates the first secret value for each data piece using the updated counter values and the root secret value, and recalculates the first data verification value using the second data piece and the first secret value for each data piece, the assignment engine writes the second data piece and the calculated second data verification value or the recalculated first data verification value to the memory.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The device according to claim 1, whereinthe assignment engine increments the lower counter value each time the first data piece is written to the memory, and when the lower counter value overflows, the assignment engine updates the counter values associated with the first data piece by incrementing the upper counter value and resetting the lower counter value,when the upper counter value is incremented as a result of writing the first data piece to the memory, the assignment engine increments to update the lower counter value associated with the second data piece having the upper counter value in common, and when the upper counter value is incremented as a result of writing the first data piece to the memory and the lower counter value associated with the second data piece overflows as a result of incrementing the lower counter value, the assignment engine resets the lower counter value to update the lower counter associated with the second data piece,when the counter values associated with the second data piece are updated as a result of writing the first data piece to the memory, the assignment engine recalculates the first secret value for each data piece using the updated counter values associated with the second data piece and recalculates the first data verification value using the second data, the root secret value and the recalculated first secret value for each data piece, and when the counter values associated with the first data piece are updated as a result of writing the second data piece to the memory and the lower counter value does not overflow as a result of incrementing the lower counter, the assignment engine skips recalculation of the first secret value for each data piece and writing the first data piece and the first data verification value to the memory,when the counter values associated with the first data piece are updated as a result of writing the second data piece to the memory and the lower counter value included in the counter values associated with the first data piece overflows as a result of being incremented, the assignment engine recalculates the first data verification value, andthe assignment engine calculates the second secret value for each data piece using “
    - (the upper counter value−
      
      the lower counter value)×
      
      a constant” and
      
      the root secret value at reading of the second data piece.
  - 3. The device according to claim 1, whereina flag indicating whether data pieces written to the memory are associated with the counter values for each lower counter value,the memory management device further includes an updating engine configured to, when writing of the first data piece to the memory is performed, update a first flag that is associated with the lower counter value associated with the first data piece so that the first flag indicates that writing of the first data piece to the memory is performed and, when the upper counter is incremented as a result of writing the second data piece having an upper counter value in common to the memory, update the first flag to indicate that writing of the first data piece to the memory is not performed,when the first flag indicates that writing of the first data piece to the memory is performed, the assignment engine recalculates the first secret value for each data piece, when the first flag indicates that writing of the first data piece to the memory is not performed and the lower counter value included in the counter values associated with the first data piece does not overflow as a result of being incremented, the assignment engine skips recalculation of the first secret value for each data piece, and when the first flag indicates that writing of the first data piece to the memory is not performed and the lower counter value included in the counter values associated with the first data piece overflows as a result of being incremented, the assignment unit engine recalculates the first secret value for each data piece, andwhen the first flag indicates that the writing of the first data piece is performed at reading of the first data piece, the assignment engine calculates the second secret value for each data piece using “
    - (the upper counter value−
      
      the lower counter value)×
      
      a constant” and
      
      the root secret value.
  - 4. The device according to claim 3, whereinthe assignment engine has a hierarchical structure where an upper counter value and a plurality of lower counter values having the upper counter value in common are combined, and writes the counter values associated with the flag for each of the lower counter values to at least one of the memory and the second hardware storage,the assignment engine reads the counter values stored in at least one of the memory and the second hardware storage, andthe assignment engine calculates the second secret value for each data piece using the counter values stored in at least one of the memory and the second hardware storage unit and the root secret value.
  - 5. The device according to claim 1, whereinthe first data piece and the second data piece are in units of a block, andthe assignment engine assigns the counter values unique to an address in units of a block in the memory to which the first data piece is to be written to, and unique to a command value of the upper counter value and the lower counter value.

6. A memory management method implemented in a memory management device to which a memory is connected and which performs verification at reading of data stored in the memory and at writing of data to the memory, whereinthe memory management device includes:
- a first storage unit that stores a root secret value that is a secret value assigned to the memory; and
  
  a second storage unit that holds an upper counter value that is in common among a predetermined plurality of data pieces and lower counter values associated with the data pieces, respectively, the method comprising;
  
  assigning step of updating counter values including the upper counter value and the lower counter values at writing of the data pieces to the memory and calculating data verification values; and
  
  verifying the data verification value at reading of the data piece, whereinat writing of first data piece to the memory;
  
  the assigning step includes;
  
  incrementing a lower counter value associated with the first data piece each time the first data piece is written to the memory;
  
  when the lower counter value associated with the first data piece overflows, updating the counter values associated with the first data piece by incrementing the upper counter value in common among the plurality of data pieces and resetting the lower counter value;
  
  calculating a first secret value for each data piece using the counter values associated with the first data piece and the root secret value, and calculating a first data verification value using the first data piece and the first secret value for each data piece;
  
  when the counter values associated with the first data piece are updated, recalculating the first secret value for each data piece using the updated counter values and the root secret value, and recalculating the first data verification value using the first data piece and the recalculated first secret value for each data piece; and
  
  writing the first data piece and the calculated first data verification value or the recalculated first data verification value to the memory,at reading of the first data piece from the memory;
  
  the verifying includes;
  
  reading the first data piece and the first calculated or recalculated data verification value from the memory;
  
  when the first data piece and the first calculated or recalculated data verification value are read, calculating a second secret value for each data piece using updated values of the counter values associated with the first data piece and the root secret value, and calculating a second data verification value using the read first data piece and the second secret value for each data piece; and
  
  comparing the read first data verification value and the second data verification value to perform verification of the read first data piece, andat writing of second data piece to the memory;
  
  the assigning step includes;
  
  when a lower counter value associated with the second data piece overflows, updating counter values associated with the second data piece by incrementing the upper counter value in common among the plurality of data pieces and resetting the lower counter value;
  
  calculating another first secret value for each data piece using the counter values associated with the second data piece and the root secret value, and calculating another second data verification value using the second data piece and the another first secret value for each data piece;
  
  when the counter values associated with the second data piece are updated, recalculating the first secret value for each data piece using the updated counter values and the root secret value, and recalculating the first data verification value using the second data piece and the calculated another first secret value for each data piece; and
  
  writing the second data piece and the calculated another second data verification value or the recalculated first data verification value to the memory.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method according to claim 6, whereinthe assigning step increments the lower counter value each time the first data piece is written to the memory, and when the lower counter value overflows, the assigning step updates the counter values associated with the first data piece by incrementing the upper counter value and resetting the lower counter value,when the upper counter value is incremented as a result of writing the first data piece to the memory, the assigning step increments to update the lower counter value associated with the second data piece having the upper counter value in common, and when the upper counter value is incremented as a result of writing the first data piece to the memory and the lower counter value associated with the second data piece overflows as a result of incrementing the lower counter value, the assigning step resets the lower counter value to update the lower counter value associated with the second data piece,when the counter values associated with the second data piece are updated as a result of writing the first data piece to the memory, the assigning step recalculates the first secret value for each data piece using the updated counter values associated with the second data piece and recalculates the first data verification value using the second data piece, the root secret value and the recalculated first secret value for each data piece, and when the counter values associated with the first data piece are updated as a result of writing the second data piece to the memory and the lower counter value does not overflow as a result of incrementing the lower counter, the assigning step skips recalculation of the first secret value for each data piece and writing the first data piece and the first data verification value to the memory, when the counter values associated with the first data piece are updated as a result of writing the second data piece to the memory and the lower counter value included in the counter values associated with the first data piece overflows as a result of being incremented, the assigning step recalculates the first data verification value, andthe assigning step calculates the second secret value for each data piece using “
    - (the upper counter value−
      
      the lower counter value)×
      
      a constant” and
      
      the root secret value at reading of the second data piece.
  - 8. The device according to claim 6, whereina flag indicating whether data pieces written to the memory are associated with the counter values for each lower counter value,the memory management method further includes an updating step, wherein in response to writing of the first data piece to the memory is performed, the updating step updates a first flag that is associated with the lower counter value associated with the first data piece so that the first flag indicates that writing of the first data piece to the memory is performed and, in response to the upper counter being incremented as a result of writing the second data piece having an upper counter value in common to the memory, the updating step updates the first flag to indicate that writing of the first data piece to the memory is not performed,in response to the first flag indicating that writing of the first data piece to the memory is performed, the assigning step recalculates the first secret value for each data piece, in response to the first flag indicating that writing of the first data piece to the memory is not performed and the lower counter value included in the counter values associated with the first data piece does not overflow as a result of being incremented, the assigning step skips recalculation of the first secret value for each data piece, and in response to the first flag indicating that writing of the first data piece to the memory is not performed and the lower counter value included in the counter values associated with the first data piece overflows as a result of being incremented, the assignment step recalculates the first secret value for each data piece, andin response to the first flag indicating that the writing of the first data piece is performed at reading of the first data piece, the assigning step calculates the second secret value for each data piece using “
    - (the upper counter value−
      
      the lower counter value)×
      
      a constant” and
      
      the root secret value.
  - 9. The device according to claim 8, whereinthe assigning step employs a hierarchical structure where an upper counter value and a plurality of lower counter values having the upper counter value in common are combined, and writes the counter values associated with the flag for each of the lower counter values to at least one of the memory and the second storage unit,the assigning step reads the counter values stored in at least one of the memory and the second storage unit, andthe assigning step calculates the second secret value for each data piece using the counter values stored in at least one of the memory and the second storage unit and the root secret value.
  - 10. The device according to claim 6, wherein the first data piece and the second data piece are in units of a block, and the assigning step assigns the counter values unique to an address in units of a block in the memory to which the first data piece is to be written to, and unique to a command value of the upper counter value and the lower counter value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Hashimoto, Mikio, Haruki, Hiroyoshi, Kawabata, Takeshi, Jokan, Tomohide, Fujimatsu, Yurie, Hayashi, Ryotaro, Nakanishi, Fukutomo
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
VU, PHY ANH TRAN

Application Number

US13/223,753
Publication Number

US 20120079283A1
Time in Patent Office

992 Days
Field of Search

713164-167, 713189-194
US Class Current

713/189
CPC Class Codes

G06F 12/1425   the protection being physic...

G06F 21/52   during program execution, e...

G06F 21/64   Protecting data integrity, ...

Memory management device and memory management method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Memory management device and memory management method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links