Storage device deleting encryption key, method of operating the same, and method of operating electronic device including the same
US-2024086336-A1 · Mar 14, 2024 · US
Memory address translation-based data encryption with integrated encryption engine
US8954755B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-8954755-B2 |
| Application number | US-201213355827-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 23, 2012 |
| Priority date | Jan 23, 2012 |
| Publication date | Feb 10, 2015 |
| Grant date | Feb 10, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and circuit arrangement utilize an integrated encryption engine within a processing core of a multi-core processor to perform encryption operations, i.e., encryption and decryption of secure data, in connection with memory access requests that access such data. The integrated encryption engine is utilized in combination with a memory address translation data structure such as an Effective To Real Translation (ERAT) or Translation Lookaside Buffer (TLB) that is augmented with encryption-related page attributes to indicate whether pages of memory identified in the data structure are encrypted such that secure data associated with a memory access request in the processing core may be selectively streamed to the integrated encryption engine based upon the encryption-related page attribute for the memory page associated with the memory access request.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of accessing data in a data processing system, the method comprising: in response to a memory access request initiated by a thread in a processing core disposed in a multi-core processor, accessing an encryption-related page attribute in a memory address translation data structure to determine whether a memory page associated with the memory access request is encrypted, wherein the memory address translation data structure is configured to perform memory address translation between virtual and real memory addresses; and streaming secure data in the memory page through a hardware-based encryption engine integrated into the processing core in response to determining that the memory page associated with the memory access request is encrypted. 2. The method of claim 1 , wherein streaming secure data in the memory page through the encryption engine includes encrypting the secure data and communicating the encrypted secure data out of the processing core for storage external to the processing core, wherein the secure data is only decrypted when resident within the processing core. 3. The method of claim 1 , wherein streaming secure data in the memory page through the encryption engine includes decrypting secure data retrieved from outside the processing core. 4. The method of claim 3 further comprising storing the decrypted secure data in a cache disposed in the processing core, wherein the secure data is stored in a decrypted format in the cache. 5. The method of claim 1 , wherein streaming secure data in the memory page through the encryption engine includes decrypting secure data retrieved from a cache resident in the processing core, wherein the secure data is stored in an encrypted format in the cache. 6. The method of claim 1 , wherein streaming secure data in the memory page through the encryption engine includes decrypting the secure data and communicating the decrypted secure data from the encryption engine to a register file in the processing core. 7. The method of claim 1 , wherein streaming secure data in the memory page through the encryption engine includes decrypting the secure data and communicating the decrypted secure data from the encryption engine to a bypass network in the processing core such that the decrypted secure data bypasses a register file in the processing core. 8. The method of claim 1 , wherein the encryption engine is coupled to an L1 cache in the processing core. 9. The method of claim 8 , wherein the L1 cache is a secure L1 cache, and wherein the processing core further includes a non-secure L1 cache that is separate from the secure L1 cache. 10. The method of claim 8 , wherein the L1 cache is configured to store secure and non-secure data. 11. The method of claim 8 , further comprising, in response to a miss on the L1 cache in response to the memory access request, adding an entry to a load/miss queue for the memory access request and indicating in the entry that the memory page associated with the memory access request is encrypted, wherein streaming the secure data in the memory page through the encryption engine is performed in response to determining that the memory page associated with the memory access request is encrypted from the entry in the load/miss queue during return of the secure data from outside of the processing core. 12. The method of claim 1 , wherein the processing core is a first processing core among a plurality of processing cores in the multi-core processor, and wherein the secure data is only decrypted when resident within the first processing core. 13. The method of claim 1 , further comprising performing a memory address translation for the memory access request by accessing the memory address translation data structure. 14. A circuit arrangement, comprising: a multi-core processor including a plurality of processing cores; a memory address translation data structure disposed in a first processing core among the plurality of processing cores, the memory address translation data structure configured to store address translation data for a memory page, wherein the memory address translation data structure is further configured to store an encryption-related page attribute for the memory page, and wherein the memory address translation data structure is configured to perform memory address translation between virtual and real memory addresses; and a hardware-based encryption engine integrated in the first processing core, wherein the encryption engine is configured to, in response to a memory access request initiated by a thread in the first processing core and associated with the memory page, perform an encryption operation on secure data from the memory page if the encryption-related page attribute in the memory address translation data structure indicates that the memory page associated with the memory access request is encrypted. 15. The circuit arrangement of claim 14 , wherein the encryption engine is configured to encrypt the secure data prior to communication of the encrypted secure data out of the first processing core for storage external to the first processing core, wherein the secure data is only decrypted when resident within the first processing core. 16. The circuit arrangement of claim 14 , wherein the encryption engine is configured to decrypt secure data retrieved from outside the first processing core. 17. The circuit arrangement of claim 16 , wherein the encryption engine is configured to communicate the decrypted secure data to a cache disposed in the first processing core, wherein the secure data is stored in a decrypted format in the cache. 18. The circuit arrangement of claim 14 , wherein the encryption engine is configured to decrypt secure data retrieved from a cache resident in the first processing core, wherein the secure data is stored in an encrypted format in the cache. 19. The circuit arrangement of claim 14 , wherein the encryption engine is configured to decrypt the secure data and communicate the decrypted secure data to a register file in the first processing core. 20. The circuit arrangement of claim 14 , wherein the encryption engine is configured to decrypt the secure data and communicate the decrypted secure data to a bypass network in the first processing core such that the decrypted secure data bypasses a register file in the first processing core. 21. The circuit arrangement of claim 14 , wherein the encryption engine is coupled to an L1 cache in the first processing core, wherein the L1 cache is a secure L1 cache, and wherein the first processing core further includes a non-secure L1 cache that is separate from the secure L1 cache. 22. The circuit arrangement of claim 14 , wherein the encryption engine is coupled to an L1 cache in the first processing core, wherein the L1 cache is configured to store secure and non-secure data. 23. The circuit arrangement of claim 14 , wherein the encryption engine is coupled to an L1 cache in the first processing core, wherein the load/miss queue includes an entry that is added thereto in response to a miss on the L1 cache in response to the memory access request, the entry indicating that the memory page associated with the memory access request is encrypted, wherein the encryption engine is configured to perform the encryption operation in response to a determination that the memory page associated with the memory access request is encrypted from the entry in the load/miss queue during return of the secu
Assignees
Inventors
Classifications
Encrypted data · CPC title
Security improvement · CPC title
using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] · CPC title
Performance improvement · CPC title
- G06F12/1408Primary
by using cryptography (for digital transmission H04L9/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US8954755B2 cover?
- A method and circuit arrangement utilize an integrated encryption engine within a processing core of a multi-core processor to perform encryption operations, i.e., encryption and decryption of secure data, in connection with memory access requests that access such data. The integrated encryption engine is utilized in combination with a memory address translation data structure such as an Effect…
- Who is the assignee on this patent?
- Muff Adam J, Schardt Paul E, Shearer Robert A, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification G06F12/1408. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 10 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).