Patent Application
20210019427
Provided herein is a system that includes a cache memory, a counter, an encryption unit, and a logic block. The cache memory is configured to generate a plurality of data blocks. The cache memory outputs the plurality of data blocks responsive to a trigger signal. The counter unit is configured to generate a first plurality of nonrepeating data at a first instance in time. The encryption unit is configured to encrypt the first plurality of nonrepeating data with a first key to generate encrypted first plurality of nonrepeating data. The logic block is configured to encrypt a subset data blocks of the plurality of data blocks, received from the cache memory, with the encrypted first plurality of nonrepeating data in parallel.
These and other features and advantages will be apparent from a reading of the following detailed description.
Before various embodiments are described in greater detail, it should be understood that the embodiments are not limiting, as elements in such embodiments may vary. It should likewise be understood that a particular embodiment described and/or illustrated herein has elements which may be readily separated from the particular embodiment and optionally combined with any of several other embodiments or substituted for elements in any of several other embodiments described herein.
It should also be understood that the terminology used herein is for the purpose of describing the certain concepts, and the terminology is not intended to be limiting. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood in the art to which the embodiments pertain.
Unless indicated otherwise, ordinal numbers (e.g., first, second, third, etc.) are used to distinguish or identify different elements or steps in a group of elements or steps, and do not supply a serial or numerical limitation on the elements or steps of the embodiments thereof. For example, “first,” “second,” and “third” elements or steps need not necessarily appear in that order, and the embodiments thereof need not necessarily be limited to three elements or steps. It should also be understood that the singular forms of “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
Some portions of the detailed descriptions that follow are presented in terms of procedures, methods, flows, logic blocks, processing, and other symbolic representations of operations performed on a computing device or a server. These descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. In the present application, a procedure, logic block, process, or the like, is conceived to be a self-consistent sequence of operations or steps or instructions leading to a desired result. The operations or steps are those utilizing physical manipulations of physical quantities. Usually, although not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a computer system or computing device or a processor. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as transactions, bits, values, elements, symbols, characters, samples, pixels, or the like.
Although the diagrams depict components as functionally separate, such depiction is merely for illustrative purposes. It will be apparent that the components portrayed in these figures can be arbitrarily combined or divided into separate software, firmware and/or hardware components. Furthermore, it will also be apparent that such components, regardless of how they are combined or divided, can execute on the same host or multiple hosts, and wherein the multiple hosts can be connected by one or more networks.
It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present disclosure, discussions utilizing terms such as “storing,” “determining,” “sending,” “receiving,” “generating,” “creating,” “fetching,” “transmitting,” “facilitating,” “providing,” “forming,” “detecting,” “decrypting,” “encrypting,” “processing,” “updating,” “instantiating,” “performing,” “outputting” or the like, refer to actions and processes of a computer system or similar electronic computing device or processor. The computer system or similar electronic computing device manipulates and transforms data represented as physical (electronic) quantities within the computer system memories, registers or other such information storage, transmission or display devices.
It is appreciated that present systems and methods can be implemented in a variety of architectures and configurations. For example, present systems and methods can be implemented as part of a distributed computing environment, a cloud computing environment, a client server environment, hard drive, etc. Embodiments described herein may be discussed in the general context of computer-executable instructions residing on some form of computer-readable storage medium, such as program modules, executed by one or more computers, computing devices, or other devices. By way of example, and not limitation, computer-readable storage media may comprise computer storage media and communication media. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular data types. The functionality of the program modules may be combined or distributed as desired in various embodiments.
Computer storage media can include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. Computer storage media can include, but is not limited to, random access memory (RAM), read only memory (ROM), electrically erasable programmable ROM (EEPROM), flash memory, or other memory technology, compact disk ROM (CD-ROM), digital versatile disks (DVDs) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store the desired information and that can be accessed to retrieve that information.
Communication media can embody computer-executable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media can include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF), infrared and other wireless media. Combinations of any of the above can also be included within the scope of computer-readable storage media.
Data blocks from cache memory may need to be stored in a memory component, e.g., flash memory device, in response to certain events, e.g., power failure, etc. For example, data blocks may need to be stored in a nonvolatile cache memory in response to a triggering signal indicating detection of a power failure. This may be referred to as cache flush. Conventionally, the data blocks from the cache memory being stored in a nonvolatile memory responsive to a power failure is unencrypted. However, content of the flash memory or other memory components storing the data blocks from cache memory may be compromised and therefore pose a security risk. For example, flash memory is removable and as a result its content may be compromised.
Accordingly, it is desirable to protect the data being stored by encrypting the data blocks of the cache memory. It may be advantageous to encrypt the blocks of data, from the cache memory, as it is being stored in a nonvolatile memory. It is appreciated that in some embodiments, a counter mode encryption may be utilized to encrypt cache data blocks during a cache flush. As such, cache data blocks are being encrypted, in parallel, as they are being stored in a nonvolatile memory component.
Referring now to
It is appreciated that in some embodiments, a counter/buffer 130 may generate and store nonrepeating data 132. For example, the nonrepeating data may have values that are incremented. In other examples, the nonrepeating data being generated by a function that generates nonrepeating values, e.g., random values. In some embodiments, a random value may be combined with to incremental values to create nonrepeating values. In some embodiments, the nonrepeating data 132 is generated in response to a triggering signal to initiate the cache flush.
It is appreciated that no overlap of values may occur for the generated nonrepeating data at a first instance in time and a second instance in time unless a predetermined threshold period is expired. For example, at time t1 a first set of nonrepeating data may be created and at t2 a second set of nonrepeating data may be created. As long as t1−t2<predetermined threshold period, then no values overlap between the first set and the second set of nonrepeating data but after the predetermined threshold period an overlap may occur.
It is appreciated that in some embodiments, the counter may be a 128 bit counter. It is further appreciated that nonrepeating data generated by the counter may be stored in a buffer with a manageable size, e.g., 1 MB or less. It is also appreciated that while the counter/buffer 130 are shown as an integrated unit, they may be implemented as two separate units and the integrated embodiment is for illustrative purposes only and should not be construed as limiting the scope of the embodiments.
It is appreciated that the nonrepeating data 132 is input to the logic block 150 where a logical operation is performed on data blocks 122. The logic block 150 also receives the blocks of data 122 from the cache memory 120 during cache flush. The cache memory 120 outputs blocks of data when it receives a triggering signal initiating the cache flush and the triggering signal may be generated in response to a particular event, e.g., power failure, etc. The logic block 150 may include one or more exclusive OR (XOR) logic blocks. It is appreciated that discussion of the operation with respect to XOR logic blocks is for illustrative purposes only and should not be construed as limiting the scope of the embodiments. The logic block 150 performs a logic operation, e.g., XOR, on the received data blocks 122 and the nonrepeating data 132 in parallel. The result of the logic block 150 is input into an encryption unit 1402.
The encryption unit 1402 encrypts the received data from the logic block 150 using key 141. The encryption unit 1402 may perform an advanced encryption standard (AES) operation on the nonrepeating data 132. It is appreciated that discussion of the AES operation is for illustrative purposes only and should not be construed as limiting the scope of the embodiments. For example, other data encryptions such as data encryption standard (DES), Rivest-Shamir-Adleman (RSA), etc., may be used. The encryption unit 1402 outputs the encrypted data blocks 1404 for storage in the nonvolatile memory 160.
It is appreciated, that a similar process may be repeated if there remain additional data blocks that are unencrypted. For example, for additional data blocks, a second set of nonrepeating data is generated by the counter at a second instance in time. The additional data blocks are logically operated on using a second set of nonrepeating data. The output of the logical operation is encrypted by the same key 141 or it may be encrypted by a different key in some embodiments. The result may be stored in the nonvolatile memory 160. It is appreciated that the process may similarly be repeated until all of the data blocks from the cache memory 120 is stored in the encrypted format. It is appreciated that the number of components, e.g., number XORs, number of nonrepeating data, etc., is for illustrative purposes only and should not be construed as limiting the scope of the embodiments.
Referring now to
Referring now to
Referring now to
Referring now to
Accordingly, data blocks of the cache memory are encrypted in parallel as they are stored in a nonvolatile memory. Thus, content of the cache is protected from being compromised and stored efficiently for later retrieval.
While the embodiments have been described and/or illustrated by means of particular examples, and while these embodiments and/or examples have been described in considerable detail, it is not the intention of the Applicants to restrict or in any way limit the scope of the embodiments to such detail. Additional adaptations and/or modifications of the embodiments may readily appear, and, in its broader aspects, the embodiments may encompass these adaptations and/or modifications. Accordingly, departures may be made from the foregoing embodiments and/or examples without departing from the scope of the concepts described herein. The implementations described above and other implementations are within the scope of the following claims.
