Data storage device performing in-storage processing
US-11763041-B2 · Sep 19, 2023 · US
Paging support for encrypted GPU buffers
US12562916B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12562916-B2 |
| Application number | US-202217692930-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 11, 2022 |
| Priority date | Mar 11, 2022 |
| Publication date | Feb 24, 2026 |
| Grant date | Feb 24, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Described herein is a paging technique that can be implemented in any accelerator with attached memory and support for operating on encrypted data when the CPU is not within the trusted compute base (TCB). Memory storing data that is encrypted using hardware physical address (HPA)-based encrypted can be paged out of accelerator device memory by decoupling encryption from the hardware physical address and re-encrypting the data for page-out. Upon page-in, the data is decrypted, the integrity and authenticity of the data is verified, then the data is re-encrypted using HPA-based encryption.
First claim
Opening claim text (preview).
What is claimed is: 1 . An accelerator device comprising: a first memory device; a graphics processor coupled with the first memory device; and circuitry coupled with the first memory device and the graphics processor, the circuitry configured to: receive a request to page out a first memory page of the first memory device to a second memory device, wherein the first memory page is configured to store encrypted data that is encrypted based on a hardware physical address (HPA) of the data; decrypt the encrypted data generate a message authentication code (MAC) of the first memory page; store the MAC to a slot within a second memory page of the first memory device, wherein the slot within the second memory page corresponds with a first counter value of a counter included within the circuitry; encrypt the first memory page via a first page key and the first counter value to generate an encrypted first memory page; and copy the encrypted first memory page to the second memory device. 2 . The accelerator device as in claim 1 , wherein the circuitry is configured to: store the first counter value to first memory page metadata associated with the first memory page; store a second counter value associated with the second memory page to the first memory page metadata; and copy the first memory page metadata to the second memory device. 3 . The accelerator device as in claim 2 , wherein the circuitry is configured to: receive a request to page in the encrypted first memory page to the first memory device; determine the slot within the second memory page that stores the MAC of the first memory page based on the first counter value stored to the first memory page metadata; decrypt the encrypted first memory page via the first page key and the first counter value; verify the first memory page based on the MAC of to the slot within the second memory page; upon verification of the first memory page, encrypting data of the first memory page based on the HPA to which the data is to be stored; and store the first memory page to the first memory device. 4 . The accelerator device as in claim 1 , wherein the second memory page is stored to an access limited portion of the first memory device. 5 . The accelerator device as in claim 4 , wherein the circuitry is configured to: receive a request to page out the second memory page from the access limited portion of the first memory device; encrypt the second memory page via a second page key and a second counter value associated with the second memory page to generate an encrypted second memory page, wherein the second page key differs from the first page key; and copy the encrypted second memory page from the access limited portion of the first memory device. 6 . The accelerator device as in claim 5 , wherein the circuitry is configured to copy the encrypted second memory page to the second memory device. 7 . The accelerator device as in claim 5 , wherein the circuitry is configured to: initialize a successive instance of the second memory page in the access limited portion of the first memory device; and store second memory page metadata to the successive instance of the second memory page, the second memory page metadata including a MAC value of the encrypted second memory page, the second counter value, and a third counter value, wherein the third counter value is associated with the successive instance of the second memory page. 8 . The accelerator device as in claim 7 , wherein the circuitry is configured to: receive a request to page in the encrypted second memory page to the access limited portion of the first memory device; load the MAC value of the encrypted second memory page and the second counter value from the second memory page metadata of the successive instance of the second memory page; load the encrypted second memory page; decrypt the encrypted second memory page via the second page key and the second counter value; and store the second memory page to the access limited portion of the first memory device. 9 . The accelerator device as in claim 1 , wherein the second memory device is external to the accelerator device and couples with the accelerator device via a system interconnect. 10 . The accelerator device as in claim 1 , wherein the second memory device is a non-volatile memory device. 11 . A method comprising: determining to page out a first memory page that includes data that is encrypted according to a hardware physical address (HPA) of the data, wherein the first memory page is associated with device memory of an accelerator device; determining if a slot is available in a second memory page to store a message authentication code (MAC) of the first memory page, the second memory page stored in an access limited portion of the device memory of the accelerator device; in response to a determination that a slot is available in the second memory page to store the MAC of the first memory page, issuing a first instruction to trusted hardware of the accelerator device to evict the first memory page from the device memory of the accelerator device, wherein the trusted hardware is configured to store the MAC of the first memory page to the slot in the second memory page; and in response to a determination that a slot is not available in the second memory page to store the MAC of the first memory page: issuing a second instruction to the trusted hardware to evict the second memory page from the access limited portion of the device memory of the accelerator device; and issuing the first instruction to the trusted hardware, wherein the trusted hardware is configured to store the MAC of the first memory page to a slot in a successive instance of the second memory page. 12 . The method as in claim 11 , wherein the trusted hardware, in response to the first instruction, is configured to decrypt data that is encrypted according to the HPA of the data, encrypt the first memory page according to a first page key to generate an encrypted first memory page, and copy the encrypted first memory page to host memory of a data processing system that includes the accelerator device. 13 . The method as in claim 12 , further comprising: determining to page in the encrypted first memory page; determining the instance of the second memory page that stores the MAC of the first memory page; issuing a third instruction to the trusted hardware to page in the instance of the second memory page that stores the MAC of the first memory page; and issuing a fourth instruction to the trusted hardware to page in the encrypted first memory page, wherein the trusted hardware is configured to decrypt the encrypted first memory page, verify the first memory page based on the MAC of the first memory page, and upon verification of the first memory page, encrypting data of the first memory page based on the HPA to which the data is to be stored. 14 . The method as in claim 12 , further comprising determining the instance of the second memory page that stores the MAC of the first memory page based on metadata associated with the first memory page. 15 . A data processing system comprising: a host processor; host memory coupled with the host processor; an accelerator device including accelerator device memory, a graphics processor coupled with the device memory, and circuitry coupled with the accelerator device memory and the graphics processor, circuitry configured to: receive a request to page out a first memory page of the accelerator device memory device to the host memory, wherein the first memory page is configured to st
Assignees
Inventors
Classifications
using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM] · CPC title
by using cryptography (for digital transmission H04L9/00) · CPC title
Memory management · CPC title
Performance improvement · CPC title
Security improvement · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12562916B2 cover?
- Described herein is a paging technique that can be implemented in any accelerator with attached memory and support for operating on encrypted data when the CPU is not within the trusted compute base (TCB). Memory storing data that is encrypted using hardware physical address (HPA)-based encrypted can be paged out of accelerator device memory by decoupling encryption from the hardware physical a…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3242. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 24 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).