Managing encryption keys per logical block on a persistent memory device
US-2024346188-A1 · Oct 17, 2024 · US
Process authenticated memory page encryption
US9734357B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9734357-B2 |
| Application number | US-201614989155-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 6, 2016 |
| Priority date | Dec 20, 2012 |
| Publication date | Aug 15, 2017 |
| Grant date | Aug 15, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A memory controller encrypts contents of a page frame based at least in part on a frame key associated with the page frame. The memory controller generates a first encrypted version of the frame key based at least in part on a first process key associated with a first process, wherein the first encrypted version of the frame key is stored in a first memory table associated with the first process. The memory controller generates a second encrypted version of the frame key based at least in part on a second process key associated with a second process, wherein the second encrypted version of the frame key is stored in a second memory table associated with the second process, the first process and the second process sharing access to the page frame using the first encrypted version of the frame key and the second encrypted version of the frame key, respectively.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for protecting a computer from rogue processes, the method comprising executing on a processor the steps of: allocating a first page frame in a memory of the computer to a first process and a second page frame in the memory of the computer to a second process, wherein each of the first page frame and the second page frame is a range of addresses in the memory; associating a first process key with the first process and a second process key with the second process; associating a first frame key with the first page frame and a second frame key with the second page frame; encrypting the first frame key with the first process key, and the second frame key with the second process key; and encrypting the first process key and the second process key. 2. The method of claim 1 , further comprising generating the first frame key and the second frame key. 3. The method of claim 1 , further comprising associating the first process with a first process identifier and the second process with a second process identifier, the method further comprising: generating the first process key using the first process identifier; and generating the second process key using the second process identifier. 4. The method of claim 1 , further comprising receiving a request for the first process key and generating the first process key responsive to the request. 5. The method of claim 1 , further comprising receiving an operating-system key, and generating at least one of the first process key and the first frame key using the operating-system key. 6. The method of claim 1 , further comprising: caching at least one of the first process key and the second process key; and writing the encrypted first process key and the encrypted second process key to main memory. 7. The method of claim 6 , further comprising: receiving a read request from the first process; and responsive to the read request, determining whether the first process key is cached. 8. The method of claim 7 , further comprising, if the first process key is not cached, reading the encrypted first process key from the main memory, decrypting the encrypted first process key, and caching the first process key. 9. A memory controller to manage a flow of data to and from a memory, the memory controller comprising: first logic to allocate a first page frame of the memory to a first process and a second page frame of the memory to a second process; second logic to associate a first process key with the first process and a second process key with the second process; third logic to associate a first frame key with the first page frame and a second frame key with the second page frame; and a cipher to: encrypt first data of the first process with the first process key and write the encrypted first data to a first page frame of the memory; encrypt second data of the second process with the second process key and write the encrypted second data to a second page frame of the memory; encrypt the first frame key with the first process key, and the second frame key with the second process key; and encrypt the first process key and the second process key. 10. The memory controller of claim 9 , the third logic to generate the first frame key and the second frame key. 11. The memory controller of claim 9 , the third logic to generate the first frame key using a first process identifier and the second frame key using a second process identifier. 12. The memory controller of claim 9 , the second logic to generate the first process key responsive to a process-key request. 13. The memory controller of claim 9 , the second logic to generate the first process key and the second process key using an operating-system key. 14. The memory controller of claim 9 , further comprising a cache to store at least one of the unencrypted first process key and the unencrypted second process key. 15. The memory controller of claim 14 , the cache including a translation look-aside buffer to store addresses of the first page frame and the second page frame. 16. The memory controller of claim 15 , the translation look-aside buffer including fields to store at least one of the first frame key and the second frame key. 17. The memory controller of claim 15 , the translation look-aside buffer including fields to store at least one of the first process key and the second process key. 18. A memory system comprising: main memory; a processor to issue memory requests, on behalf of a first process and a second process, to access the main memory; a memory controller coupled between the processor and the main memory, the memory controller to control the memory accesses responsive to the memory requests, the memory controller including: first logic to allocate a first page frame in the main memory to the first process and a second page frame in the main memory to the second process; second logic to associate a first process key with the first process and a second process key with the second process; third logic to associate a first frame key with the first page frame and a second frame key with the second page frame; and a cipher to encrypt the first frame key with the first process key, and the second frame key with the second process key; and to encrypt the first process key and the second process key. 19. The memory system of claim 18 , the cipher to encrypt data from the processor for storage in the main memory. 20. The memory system of claim 18 , the cipher to encrypt the first frame key using a first process identifier and the second frame key using a second process identifier.
Assignees
Inventors
Classifications
File encryption · CPC title
- G06F21/79Primary
in semiconductor storage media, e.g. directly-addressable memories · CPC title
by using cryptography (for digital transmission H04L9/00) · CPC title
using page tables, e.g. page table structures · CPC title
Security improvement · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9734357B2 cover?
- A memory controller encrypts contents of a page frame based at least in part on a frame key associated with the page frame. The memory controller generates a first encrypted version of the frame key based at least in part on a first process key associated with a first process, wherein the first encrypted version of the frame key is stored in a first memory table associated with the first proces…
- Who is the assignee on this patent?
- Rambus Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/79. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 15 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).