What technology area does this patent fall under?

Primary CPC classification G06F21/64. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Oct 04 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Data integrity protection from rollback attacks for use with systems employing message authentication code tags

US9460312B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9460312-B2
Application number	US-201414205226-A
Country	US
Kind code	B2
Filing date	Mar 11, 2014
Priority date	Mar 11, 2014
Publication date	Oct 4, 2016
Grant date	Oct 4, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

One feature pertains to an efficient procedure for storing data units in a storage device that allows for authentication of data units to prevent rollback attacks and other attacks such as cut-and-paste attacks. In one aspect, a message authentication code (MAC) is generated or otherwise obtained based on a primary key, a data unit to be stored, a corresponding index for the data unit (such as a page index) and a secondary key for the corresponding data unit, which is generated for each new write operation. The MAC and the corresponding data unit are stored in a bulk storage device such as a relatively insecure off-chip storage. Secondary keys are stored in a separate storage device such as a more secure on-chip storage. In some examples, new secondary keys are generated upon each data write based on a non-zero random or pseudorandom value.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for storing data to permit authentication of the data, comprising: obtaining, at a processing circuit, a message authentication code based on a primary key, a data unit to be stored, an index corresponding to the data unit, and a secondary key corresponding to the index; storing the message authentication code and the data unit in a first storage device coupled to the processing circuit; storing the secondary key for the data unit in a second storage device coupled to the processing circuit; obtaining, at the processing circuit, a new secondary key upon each new data write operation to the first storage device of a corresponding data unit to be stored in the first storage device; obtaining, at the processing circuit, a new message authentication code based on the primary key, a data unit retrieved from the first storage device and its corresponding secondary key retrieved from the second storage device; and obtaining, at the processing circuit, the corresponding message authentication code from the first storage device for the retrieved data unit, and comparing the new message authentication code with the corresponding message authentication code, where authentication is successful if the new message authentication code and the corresponding message authentication code are the same. 2. The method of claim 1 , further comprising authenticating a data unit stored in the first storage device by: obtaining a corresponding secondary key from the second storage device based on the index; and obtaining the primary key, wherein the primary key is obtained from the second storage device. 3. The method of claim 1 , wherein the secondary key is substantially smaller than the message authentication code and the primary key. 4. The method of claim 1 , wherein the message authentication code (MAC) is a tag (Ti) obtained for a corresponding data unit index (i) based on a global primary key (K), a per data unit secondary key (Ni), the data unit (Mi) and the data unit index (i). 5. The method of claim 4 , wherein the tag (Ti) is obtained by applying a message authentication algorithm (MAA) to the corresponding data unit index (i) based on the global primary key (K), the secondary key (Ni), and the data unit (Mi). 6. The method of claim 5 , further comprising concatenating a particular secondary key (Ni), a corresponding index (i) and the data unit (Mi) before the MAA is applied with the global primary key (K) to obtain the message authentication code (MAC). 7. The method of claim 1 , wherein the secondary key is one of a random or pseudorandom value. 8. The method of claim 1 , wherein all secondary key values are initially set to zero and all subsequent secondary key values are set to non-zero values. 9. The method of claim 1 , wherein the method is operational within a system-on-a-chip device coupled to an off-chip storage device, and the first storage device includes the off-chip storage device. 10. The method of claim 1 , wherein the method is operational within a system-on-a-chip device having an on-chip storage device, and the second storage device includes the on-chip storage device. 11. The method of claim 1 , wherein the secondary key is small relative to the message authentication code (MAC). 12. The method of claim 1 , wherein the secondary key is initially set to zero and all subsequent secondary keys are set to non-zero values. 13. A device comprising: a first storage device to store data units and message authentication codes; a second storage device to store authentication keys to authenticate the data units of the first storage device; a processing circuit coupled to the first and second storage devices, the processing circuit configured to obtain a message authentication code based on a primary key, a data unit to be stored, an index corresponding to the data unit, and a secondary key corresponding to the index; store the message authentication code and the data unit in the first storage device; store the secondary key for the data unit in the second storage device; obtain a new secondary key upon each new data write operation to the first storage device of a corresponding data unit to be stored in the first storage device; obtain, at the processing circuit, a new message authentication code based on the primary key, a data unit retrieved from the first storage device and its corresponding secondary key retrieved from the second storage device; and obtain, at the processing circuit, the corresponding message authentication code from the first storage device for the retrieved data unit, and comparing the new message authentication code with the corresponding message authentication code, where authentication is successful if the new message authentication code and the corresponding message authentication code are the same. 14. The device of claim 13 , wherein the processing circuit is further configured to authenticate a data unit stored in the first storage device by: obtaining a corresponding secondary key from the second storage device based on the index; and obtaining the primary key, wherein the primary key is obtained from the second storage device. 15. The device of claim 13 , wherein the processing circuit is further configured to set all secondary key values to zero initially and to set all subsequent secondary key values to non-zero values. 16. The device of claim 13 , wherein the device is integrated within a system-on-a-chip device, and the first storage device includes an off-chip storage device. 17. The device of claim 13 , wherein the device is integrated within a system-on-a-chip device, and the second storage device includes an on-chip storage device. 18. The device of claim 13 , wherein the secondary key is small relative to the message authentication code (MAC). 19. The device of claim 13 , wherein the secondary key is initially set to zero and all subsequent secondary keys are set to non-zero values. 20. A device, comprising: means for obtaining a message authentication code based on a primary key, a data unit to be stored, an index corresponding to the data unit, and a secondary key corresponding to the index; means for storing the message authentication code and the data unit in a first storage device; means for storing the secondary key for the data unit in a second storage device; means for obtaining a new secondary key upon each new data write operation to the first storage device of a corresponding data unit to be stored; means for obtaining a new message authentication code based on the primary key, a data unit retrieved from the first storage device and its corresponding secondary key retrieved from the second storage device; and means for obtaining the corresponding message authentication code from the first storage device for the retrieved data unit, and comparing the new message authentication code with the corresponding message authentication code, where authentication is successful if the new message authentication code and the corresponding message authentication code are the same. 21. The device of claim 20 , further comprising: means for obtaining a corresponding secondary key from the second storage device based on the index; and means for obtaining the primary key, wherein the primary key is obtained from the first storage device. 22. The device of claim 20 , wherein the means for obtaining the message authentication code (MAC) includes means for obtaining the MAC as a tag (Ti) for a corre

Assignees

Qualcomm Inc

Inventors

Classifications

H04L9/3242
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
H04L63/12
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
H04L9/0643
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
G06F21/64Primary
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
H04L9/0894
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title

Patent family

Related publications grouped by family.

View patent family 52684703

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9460312B2 cover?: One feature pertains to an efficient procedure for storing data units in a storage device that allows for authentication of data units to prevent rollback attacks and other attacks such as cut-and-paste attacks. In one aspect, a message authentication code (MAC) is generated or otherwise obtained based on a primary key, a data unit to be stored, a corresponding index for the data unit (such as …
Who is the assignee on this patent?: Qualcomm Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/64. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Oct 04 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).