Managing encryption keys per logical block on a persistent memory device
US-2024346188-A1 · Oct 17, 2024 · US
Device having a security module
US9798901B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9798901-B2 |
| Application number | US-201314786558-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 30, 2013 |
| Priority date | Apr 30, 2013 |
| Publication date | Oct 24, 2017 |
| Grant date | Oct 24, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A device securely accesses data in a memory via an addressing unit which provides a memory interface for interfacing to a memory, a core interface for interfacing to a core processor and a first and second security interface. The device includes a security processor HSM for performing at least one security operation on the data and a remapping unit MMAP. The remapping unit enables the security processor to be accessed by the core processor via the first security interface and to access the memory device via the second security interface according to a remapping structure for making accessible processed data based on memory data. The device provides a clear view on encrypted memory data without requiring system memory for storing the clear data.
First claim
Opening claim text (preview).
The invention claimed is: 1. Device for securely accessing data in a memory via an addressing unit comprising: at least one memory interface for interfacing to at least one memory device; a core interface for interfacing to a core processor for enabling the core processor to access the memory; a first security interface and a second security interface for interfacing to a security processor; the security processor for performing at least one security operation on the data, and a remapping unit for enabling the security processor to be accessed by the core processor via the first security interface and to access the memory device via the second security interface according to a remapping structure for making accessible processed data based on memory data, wherein the processed data is transferred to the core processor from the memory device by the security processor via the first security interface. 2. Device as claimed in claim 1 , wherein the device is arranged for receiving a remapping command from the core processor for setting at least part of the remapping structure. 3. Device as claimed in claim 1 , wherein the security processor is arranged for receiving a security command from the core processor for setting the security operation. 4. Device as claimed in claim 2 , wherein the device is arranged for receiving the commands from the core processor via the first security interface. 5. Device as claimed in claim 2 , wherein the device is arranged for receiving, via the command, at least one of a source address, a destination address, a window size, a security mode, and a key. 6. Device as claimed in claim 1 , wherein the remapping unit is arranged for providing a data cache for the core processor. 7. Device as claimed in claim 6 , wherein the remapping unit is arranged for receiving, via the command, at least one of a cache start address, a cache end address, and a cache size. 8. Device as claimed in claim 1 , wherein the remapping unit is arranged for, according to the remapping structure, providing a memory window at a window address to the core processor via the first security interface and making accessible the processed data within the memory window based on accessing, via the second security interface, the memory data at a target address. 9. Device as claimed in claim 1 , wherein the remapping unit is arranged for, according to the remapping structure, when being accessed via the first security interface at a first address, determining a second address at the second security interface, providing access to the memory data at the second address as the processed data for the core processor via a data bus, and the security processor is arranged for reading the data bus and performing at least one security operation on the memory data. 10. Device as claimed in claim 1 , wherein the remapping unit is arranged for, according to the remapping structure, when being accessed via the first security interface at a first address, determining a second address for the memory device, reading the memory data at the second address via the second security interface, and providing the processed data via the first security interface for the core processor, and the security processor is arranged for performing at least one security operation on the memory data as read for generating the processed data. 11. Device as claimed in claim 1 , wherein the remapping unit is arranged for, according to the remapping structure, when being accessed via the first security interface at a first address, receiving core data from the core processor via the first security interface, and determining a second address for the memory device, writing the memory data at the second address via the second security interface and the security processor is arranged for performing at least one security operation on the core data as received for generating the memory data. 12. Device as claimed in claim 1 , wherein the remapping unit is arranged for, according to the remapping structure, when being accessed via the first security interface at a first address, receiving core data from the core processor via the first security interface, and determining a second address for the memory device, writing the core data at the second address via the second security interface and the security processor is arranged for performing at least one security operation on the core data as received. 13. Device as claimed in claim 1 , wherein the security processor is arranged for, as the security operation, at least one of encrypting and decrypting data. 14. Device as claimed in claim 1 , wherein the security processor is arranged for, as the security operation, determining an authentication code based on the data. 15. Device as claimed in claim 14 , wherein the security processor is arranged for determining an authentication code by determining at least one of a Cipher based Message Authentication Code and a HASH code. 16. An integrated circuit comprising at least one device according to claim 1 . 17. Method of securely accessing data in a memory, the method comprising: performing, in a security processor, at least one security operation on the data; addressing multiple interfaces comprising at least one memory interface for interfacing to at least one memory device, a core interface for interfacing to a core processor for enabling the core processor to access the memory, a first security interface and a second security interface for interfacing to the security processor, the method further comprising: remapping for enabling the security processor to be accessed via the first security interface and to access the memory device via the second security interface according to a remapping structure for making accessible processed data based on memory data, wherein the processed data is transferred to the core processor from the memory device by the security processor via the first security interface. 18. Method as claimed in claim 17 , the method further comprising: receiving a remapping command for setting at least part of the remapping structure, or receiving a security command for setting the security operation. 19. Method as claimed in claim 18 , the method further comprising the step of receiving, via the command, at least one of a source address, a destination address, a window size, a security mode, and a key.
Assignees
Inventors
Classifications
interconnection devices, e.g. bus-connected or in-line devices · CPC title
- G06F21/79Primary
in semiconductor storage media, e.g. directly-addressable memories · CPC title
User address space allocation, e.g. contiguous or non contiguous base addressing · CPC title
Security improvement · CPC title
by using cryptography (for digital transmission H04L9/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9798901B2 cover?
- A device securely accesses data in a memory via an addressing unit which provides a memory interface for interfacing to a memory, a core interface for interfacing to a core processor and a first and second security interface. The device includes a security processor HSM for performing at least one security operation on the data and a remapping unit MMAP. The remapping unit enables the security …
- Who is the assignee on this patent?
- Frank Juergen, Staudenmaier Michael, Thanner Manfred, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/79. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 24 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).