Data processing method based on blockchain network and related product
US-2024419537-A1 · Dec 19, 2024 · US
Periodic memory refresh in a secure computing system
US9928385B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9928385-B2 |
| Application number | US-201414472948-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 29, 2014 |
| Priority date | Aug 29, 2014 |
| Publication date | Mar 27, 2018 |
| Grant date | Mar 27, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of providing security in a computer system includes performing a memory refresh of a window of memory locations in a memory, and in which each memory location stores a version value and a block of ciphertext. The version value may be updated with each write operation at a memory location; and the block of ciphertext may be produced with a key that changes with each write operation and from memory location to memory location. The memory refresh may include performing a periodic read operation followed by a corresponding write operation at each memory location. Between the read and write operations, the version value stored at the memory location may be compared with a chronologically earliest version value stored at any memory location of the window, and validity of the block of ciphertext stored at the memory location may be verified based on the comparison.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for providing security in a computer system, the system comprising one or more logic circuits configured to perform a memory refresh of a window of memory locations in a memory, including being configured to at least: perform a periodic read operation followed by a corresponding write operation at each memory location, each memory location having a respective address storing a version value and a block of ciphertext, the version value being updated with each write operation at a memory location, and the block of ciphertext being produced with a key that depends on the version value and the respective address and thereby changes with each write operation, the key also changing from memory location to memory location; and between the read operation and corresponding write operation at each memory location; compare the version value stored at the memory location with a chronologically earliest version value stored at any memory location of the window; and verify validity of the block of ciphertext stored at the memory location based on the comparison, the validity of the block of ciphertext being verified in an instance in which the version value stored at the memory location is no earlier than the earliest version value, wherein the version value stored at the memory location is updated with the corresponding write operation at the memory location, and includes the one or more logic circuits being configured to update the chronologically earliest version value only when the version value stored at the memory location is the chronologically earliest version value, the chronologically earliest version value being updated with the version value stored at the memory location. 2. The system of claim 1 , wherein the one or more logic circuits are configured to perform the memory refresh in cycles in each of which the one or more logic circuits are configured to perform the read operation and corresponding write operation randomly over the memory locations of the window. 3. The system of claim 1 , wherein the one or more logic circuits are configured to perform the memory refresh in cycles in each of which the one or more logic circuits are configured to perform the read operation and corresponding write operation randomly over the memory locations of the window. 4. The system of claim 1 , wherein the one or more logic circuits are configured to perform the memory refresh in cycles in each of which the one or more logic circuits are configured to perform the read operation and corresponding write operation over the memory locations of the window, and in each of which the one or more logic circuits are configured to perform an additional read operation and corresponding write operation at each of one or more randomly-selected memory locations of the window. 5. The system of claim 1 , wherein each memory location further stores a data authentication tag produced with a second key that changes with each write operation, the second key also changing from memory location to memory location, and wherein the one or more logic circuits being configured to perform the read operation includes being configured to at least verify integrity of the ciphertext based on the data authentication tag and second key. 6. The system of claim 1 , wherein the one or more logic circuits being configured to perform the read operation at each memory location includes being configured to at least: read the version value and block of ciphertext stored at the memory location having a respective address; regenerate the key using the version value and respective address; and decrypt the block of ciphertext with the regenerated key to produce plaintext corresponding to the block of ciphertext. 7. The system of claim 6 , wherein the one or more logic circuits being configured to perform the corresponding write operation at each memory location includes being configured to at least: update the version value; generate another key using the updated version value and respective address; encrypt the plaintext with the generated key to reproduce the block of ciphertext; and write the updated version value and reproduced block of ciphertext at the memory location having the respective address. 8. The system of claim 1 , wherein in at least one instance in which the validity of the block of ciphertext is not verified, the one or more logic circuits are further configured to at least: perform one or more actions in accordance with one or more security policies. 9. A method of providing security in a computer system, the method comprising performing a memory refresh of a window of memory locations in a memory, the memory refresh comprising: performing a periodic read operation followed by a corresponding write operation at each memory location, each memory location having a respective address storing a version value and a block of ciphertext, the version value being updated with each write operation at a memory location, and the block of ciphertext being produced with a key that depends on the version value and the respective address and thereby changes with each write operation, the key also changing from memory location to memory location; and between the read operation and corresponding write operation at each memory location; comparing the version value stored at the memory location with a chronologically earliest version value stored at any memory location of the window; and verifying validity of the block of ciphertext stored at the memory location based on the comparison, the validity of the block of ciphertext being verified in an instance in which the version value stored at the memory location is no earlier than the earliest version value, wherein the version value stored at the memory location is updated with the corresponding write operation at the memory location, and includes updating the chronologically earliest version value only when the version value stored at the memory location is the chronologically earliest version value, the chronologically earliest version value being updated with the version value stored at the memory location. 10. The method of claim 9 , wherein the memory refresh is performed in cycles in each of which the read operation and corresponding write operation are performed sequentially over the memory locations of the window. 11. The method of claim 9 , wherein the memory refresh is performed in cycles in each of which the read operation and corresponding write operation are performed randomly over the memory locations of the window. 12. The method of claim 9 , wherein the memory refresh is performed in cycles in each of which the read operation and corresponding write operation are performed over the memory locations of the window, and in each of which an additional read operation and corresponding write operation are performed at each of one or more randomly-selected memory locations of the window. 13. The method of claim 9 , wherein each memory location further stores a data authentication tag produced with a second key that changes with each write operation, the second key also changing from memory location to memory location, and wherein performing the read operation includes verifying integrity of the ciphertext based on the data authentication tag and second key. 14. The method of claim 9 , wherein the read operation at each memory location comprises: reading the version value and block of ciphertext stored at the memory location having a respective address; regenerating the key using the version value and respective address; and decrypting the block of ciphertext with the regenerated key to pr
Assignees
Inventors
Classifications
- G06F21/64Primary
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms · CPC title
{Cryptographic mechanisms or cryptographic} arrangements for secret or secure communications; Network security protocols · CPC title
the protection being physical, e.g. cell, word, block · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9928385B2 cover?
- A method of providing security in a computer system includes performing a memory refresh of a window of memory locations in a memory, and in which each memory location stores a version value and a block of ciphertext. The version value may be updated with each write operation at a memory location; and the block of ciphertext may be produced with a key that changes with each write operation and …
- Who is the assignee on this patent?
- Boeing Co
- What technology area does this patent fall under?
- Primary CPC classification G06F21/64. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 27 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).