Vehicle with multiple user interface operating domains
US-2016328272-A1 · Nov 10, 2016 · US
Data security for multiple banks of memory
US10353815B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10353815-B2 |
| Application number | US-201715607279-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 26, 2017 |
| Priority date | May 26, 2017 |
| Publication date | Jul 16, 2019 |
| Grant date | Jul 16, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed technology is generally directed to data security. In one example of the technology, data is stored in a memory. The memory includes a plurality of memory banks including a first memory bank and a second memory bank. At least a portion of the data is interleaved amongst at least two of the plurality of memory banks. Access is caused to be prevented to at least one of the plurality of memory banks while a debug mode or recovery mode is occurring. Also, access is caused to be prevented to the at least one of the plurality of memory banks starting with initial boot until a verification by a security complex is successful. The verification by the security complex includes the security complex verifying a signature.
First claim
Opening claim text (preview).
We claim: 1. A device for data security, comprising: a memory including a plurality of memory banks including a first memory bank and a second memory bank, wherein at least a portion of data is interleaved amongst at least two of the plurality of memory banks; and a security complex that is configured to prevent access to at least one of the plurality of memory banks while a debug mode or recovery mode is occurring, and to prevent access to the at least one of the plurality of memory banks starting with initial boot until a verification by the security complex is successful, wherein the verification by the security complex includes the security complex verifying a signature. 2. The apparatus of claim 1 , wherein preventing access to the at least one of the plurality of memory banks while a debug mode or recovery mode is occurring is accomplished via hardware prevention. 3. The apparatus of claim 1 , wherein each memory bank of the plurality of memory banks is a flash memory bank. 4. The apparatus of claim 1 , wherein the portion of data is a secure portion of the memory that is interleaved by two between the first memory bank and the second memory bank, and wherein access being preventing to at least one of the memory banks includes preventing access to the second memory bank. 5. The apparatus of claim 1 , wherein the security complex includes a hardware root of trust for the device. 6. The apparatus of claim 1 , wherein the signature is a digital signature of a first bootloader. 7. The apparatus of claim 6 , wherein the security complex includes a read-only memory, and wherein the first bootloader is read from the read-only memory. 8. The apparatus of claim 6 , wherein the security complex verifies the digital signature with a public key that is stored in the security complex. 9. A method for data security, comprising: storing data in a memory, the memory including a plurality of memory banks including a first memory bank and a second memory bank, wherein at least a portion of the data is interleaved between at least two of the plurality of memory banks; and causing access to be prevented at least one of the plurality of memory banks while operating in a mode that does not include signature validation is occurring, and causing access to be prevented access to the at least one of the plurality of memory banks starting with an initial boot until a verification by a security complex is successful, wherein the verification by the security complex includes the security complex verifying a signature. 10. The method of claim 9 , wherein a debug mode and a recovery mode are each a mode that does not include signature validation. 11. The method of claim 9 , wherein causing access to be prevented to the at least one of the plurality of memory banks while a debug mode or recovery mode is occurring is accomplished via hardware prevention. 12. The method of claim 9 , wherein each memory banks of the plurality of memory banks is a flash memory bank. 13. The method of claim 9 , wherein the signature is a digital signature of a first bootloader. 14. The method of claim 13 , wherein the security complex includes a read-only memory, and wherein the first bootloader is read from the read-only memory. 15. The method of claim 13 , wherein the security complex verifies the digital signature with a public key that is stored in the security complex. 16. An apparatus for data security, comprising: a device, including: a flash memory including a plurality of flash memory banks including a first flash memory bank and a second flash memory bank, wherein at least a portion of data is interleaved amongst at least two of the plurality of flash memory banks; and a security complex that is configured to prevent access to at least one of the plurality of flash memory banks while a debug mode or recovery mode is occurring, and to prevent access to the at least one of the plurality of flash memory banks starting with initial boot until a verification by the security complex is successful, wherein the verification by the security complex includes the security complex verifying a signature. 17. The apparatus of claim 16 , wherein preventing access to the at least one of the plurality of flash memory banks while a debug mode or recovery mode is occurring is accomplished via hardware prevention. 18. The apparatus of claim 16 , wherein the signature is a digital signature of a first bootloader. 19. The apparatus of claim 18 , wherein the security complex includes a read-only memory, and wherein the first bootloader is read from the read-only memory. 20. The apparatus of claim 18 , wherein the security complex verifies the digital signature with a public key that is stored in the security complex.
Assignees
Inventors
Classifications
operating in dual or compartmented mode, i.e. at least one secure mode · CPC title
Address decoders, e.g. bit - or word line decoders; Multiple line decoders · CPC title
- G06F12/0661Primary
and decentralised selection · CPC title
Security improvement · CPC title
in semiconductor storage media, e.g. directly-addressable memories · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10353815B2 cover?
- The disclosed technology is generally directed to data security. In one example of the technology, data is stored in a memory. The memory includes a plurality of memory banks including a first memory bank and a second memory bank. At least a portion of the data is interleaved amongst at least two of the plurality of memory banks. Access is caused to be prevented to at least one of the plurality…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F12/0661. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 16 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).