Handling a query from a requestor by a digital assistant where results include a data portion restricted for the requestor
US-12182205-B2 · Dec 31, 2024 · US
Supporting configurable security levels for memory address ranges
US10671740B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10671740-B2 |
| Application number | US-201815946401-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 5, 2018 |
| Priority date | Jul 20, 2015 |
| Publication date | Jun 2, 2020 |
| Grant date | Jun 2, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.
First claim
Opening claim text (preview).
What is claimed is: 1. A processing device comprising: one or more cores; and a memory encryption circuit, operatively coupled to the one or more cores, to: detect a memory address operation with respect to a data item using a memory address within a memory address range; determine a security level to access the memory address range based on a security-level register associated with the processing device, wherein the security level register stores a data structure comprising a direction bit identifying a boundary between a first part of the data structure corresponding to an encryption-only memory range and a second part of the data structure corresponding to a full-protection memory range; and perform, based on the security level, at least one of encrypting the data item or decrypting the data item. 2. The processing device of claim 1 , wherein the security-level register further comprises a memory address to indicate a range to divide a memory device into the encryption-only memory range and the full-protection memory range. 3. The processing device of claim 1 , wherein the memory encryption circuit is further to: determine that the data item is to be transmitted to a memory address in the encryption-only memory range; and encrypt the data item. 4. The processing device of claim 1 , wherein the memory encryption circuit is further to: determine that the data item is to be transmitted from a memory address in the encryption-only memory range; and decrypt the data item. 5. The processing device of claim 1 , wherein the memory encryption circuit is further to: determine that the data item is to be transmitted to a memory address in the full-protection memory range; receive encryption metadata for the data item; and store the encryption metadata in the full-protection memory range. 6. The processing device of claim 1 , wherein the memory encryption circuit is further to: determine that the data item is to be transmitted from a memory address in the full-protection memory range; retrieve encryption metadata associated with the data item from the full-protection memory range; and validate the data item based on the retrieved encryption metadata. 7. The processing device of claim 6 , wherein to validate, the memory encryption circuit is further to: generate verification metadata based on data contents of the memory address associated with the data item; and compare the verification metadata to the retrieved encryption metadata. 8. A method, comprising: receiving, by a processing device, a request to perform a memory operation with respect to a data item using a memory address within a memory address range; determining, by the processing device, a security level to access the memory address range based on a security-level register, wherein the security level register stores a data structure comprising a direction bit identifying a boundary between a first part of the data structure corresponding to an encryption-only memory range and a second part of the data structure corresponding to a full-protection memory range; and performing, based on the security level, at least one of: encrypting the data item or decrypting the data item. 9. The method of claim 8 , wherein the security-level register further comprises a memory address to indicate a range to divide a memory device into the encryption-only memory range and the full-protection memory range. 10. The method of claim 8 , further comprising: determining that the data item is to be transmitted to a memory address in the encryption-only memory range; and encrypting the data item. 11. The method of claim 8 , further comprising: determining that the data item is to be transmitted from a memory address in the encryption-only memory range; and decrypting the data item. 12. The method of claim 8 , further comprising: determining that the data item is to be transmitted to a memory address in the full-protection memory range; receiving encryption metadata for the data item; and storing the encryption metadata in the full-protection memory range. 13. The method of claim 8 , further comprising: determining that the data item is to be transmitted from a memory address in the full-protection memory range; retrieving encryption metadata associated with the data item from the full-protection memory range; and validating the data item based on the retrieved encryption metadata. 14. The method of claim 13 , wherein the validating further comprises: generating verification metadata based on data contents of the memory address associated with the data item; and comparing the verification metadata to the retrieved encryption metadata. 15. A system comprising: a security-level register; a memory controller to access a memory device; and a processing device, operatively coupled to the memory controller and the security-level register, to: detect a memory address operation with respect to a data item using a memory address within a memory address range; determine a security level to access the memory address range of the memory device based on the security-level register, wherein the security level register stores a data structure comprising a direction bit identifying a boundary between a first part of the data structure corresponding to an encryption-only memory range and a second part of the data structure corresponding to a full-protection memory range; and perform, based on the security level, at least one of encrypting the data item or decrypting the data item. 16. The system of claim 15 , wherein the security-level register further comprises a memory address to indicate a range to divide the memory device into the encryption-only memory range and the full-protection memory range. 17. The system of claim 15 , wherein the processing device is further to: determine that the data item is to be transmitted to a memory address in the encryption-only memory range; and encrypt the data item. 18. The system of claim 15 , wherein the processing device is further to: determine that the data item is to be transmitted from a memory address in the encryption-only memory range; and decrypt the data item. 19. The system of claim 15 , wherein the processing device is further to: determine that the data item is to be transmitted to a memory address in the full-protection memory range; receive encryption metadata for the data item; and store the encryption metadata in the full-protection memory range. 20. The system of claim 15 , wherein the processing device is further to: determine that the data item is to be transmitted from a memory address in the full-protection memory range; retrieve encryption metadata associated with the data item from the full-protection memory range; and validate the data item based on the retrieved encryption metadata.
Assignees
Inventors
Classifications
for a range · CPC title
Providing cryptographic facilities or services · CPC title
Multi-level security, e.g. mandatory access control · CPC title
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10671740B2 cover?
- A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to dete…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/62. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 02 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).