SELECTOR SYNCRONIZED WITH MOVEMENT OF DATA IN MEMORY

BACKGROUND

Memories are used within computing devices to store data. For example, data are stored and accessed within computing devices such as personal computers, notebook and laptop computers, smartphones, personal digital assistants (“PDAs”), tablet and slate devices, personal entertainment devices such as MP3 players and media players, set-top boxes, gaming consoles, appliances, embedded devices, smart meters, and other computing devices at memories such as random-access memories (“RAMS”).

Typically, data stored at RAMs or other memories of a computing device are accessed by a processor and some operation is performed by the processor based on the data. For example, an encryption key may be stored at a memory and a processor may access the encryption key to encrypt or decrypt a document.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is an example flowchart of a process to provide a non-imprinted data values, according to an implementation.

FIGS. 2-5 are example schematic block diagrams of computing devices including memory control modules and a selector, according to one or more implementations.

FIG. 6 is an example illustration of non-imprinting memory, a selector, and real-time output, according to an implementation.

FIG. 7 is an example illustration of non-imprinting memory, a selector, and real-time output, according to an implementation.

FIG. 8 is an example illustration of a multiplexer and an optional latch, according to an implementation.

FIG. 9 is an example illustration of circuit incorporating a selector and an encryption engine, according to an implementation.

FIG. 10 is a flowchart of a process to access a data set at a me or according to an implementation.

DETAILED DESCRIPTION

Computer memories (or memories) such as static random-access memories (“SRAMs”) and dynamic random-access memories (“DRAMs”) are used to store information within computing devices such as computer servers, personal computers, laptop or notebook computers, smartphones, personal digital assistants (“PDAs”), tablet or slate computing devices, computing appliances, or other computing devices. Typically, such memories are semiconductor devices that store information (or data values) based on a state (e.g., a charge value, resistance value, or some other state) of the memory elements—often referred, to as memory cells—that are included within those memories. Due to various properties of memories such as manufacturing processes, types and amounts of dopants, temperature, composition, or other properties, storage of data (or data values) at memories may alter the physical characteristics of the memories such that those data become imprinted at the memories. As a result of this memory imprinting, data values stored at memories may be determined or read even after those data values have been deleted or over-written at such memories or after volatile memories have been powered down. In other words, memories may be susceptible to imprinting of the data values stored at those memories (or memory imprinting).

Some memories are more susceptible to memory imprinting of particular data values such as bit values. That is, some memories are more susceptible to memory imprinting of, for example, a charged state than to memory imprinting of an uncharged state. Alternatively, some memories are more susceptible to memory imprinting of, for example, an uncharged state than to memory imprinting of a charged state. Yet other memories are equally susceptible to memory imprinting of a charged state and an uncharged state.

Memory imprinting is particularly problematic for memories that store data sets that are predominantly static or constant. That is, data sets that remain in a memory for extended periods of time without being altered may become imprinted at and, therefore, later determined from, that memory. As a specific example, data sets that include data values representing cryptographic keys are particularly susceptible to becoming imprinted at the memories at which these keys are stored. In other words, because such cryptographic keys are relatively constant, the memories at which cryptographic keys are stored may become imprinted with those cryptographic keys. After this memory imprinting occurs, the cryptographic keys may be determined from those memories even after those memories are removed from the computing devices including those memories. Thus, memory imprinting may compromise the security of cryptographic systems.

Data values of a data set stored at various memory locations of a memory may be periodically moved to other memory locations of that memory according to one or more permutation patterns or schema. That is, the data values may be frequently moved from one memory location to another within a memory according to a pattern to prevent prolonged exposure of the memory elements of that memory to a particular data value and, therefore, particular state of those memory elements. Thus, memory imprinting is mitigated by frequently storing different data values at the memory locations of the memory. Moreover, each permutation state (or step) of the data set may be recorded to access the data set when the data set is requested or after interruption or disruption of a permutation.

A selector may be synchronized with the permutation pattern(s) or schema such that the state of the selector conforms to the state of the data values in the memory locations. This may allow the data values to be accessed and output, in order, in real time without further movement of the data values.

As used herein, the singular forms “a,” “an,” and “the” include plural referents unless the context clearly dictates otherwise. Thus, for example, the term “memory” is intended to mean one or more memories or a combination of memories. Additionally, as used herein, the term “module” refers to hardware, circuitry such as circuitry implementing computing logic, or software, firmware, programming, machine- or processor-readable instructions, commands, or code that are stored at a memory and executed or interpreted (or hosted) at a processor.

FIG. 1 is a flowchart of a process to prevent imprinting at a memory, according to an implementation. Process 100 may be implemented as a hardware module, as a software module hosted at a computing device, or as a combination thereof. For example, process 100 may be implemented as application-specific circuitry or as a software module including instructions stored at a memory and executed at a processor in communication with the memory. More specifically, for example, process 100 may be implemented at a memory control module.

A data set is stored at a memory at block 110. That is, the data values of the data set are stored at memory locations of the memory. The data set received at block 110 may be ordered. Said differently, the data values of the data set have an order relative one to another (or a relative order or ordering). For example, a memory stores data values as 8-bit bytes at each memory location of the memory. The data set is a cryptographic key that is 256 bits (or 32 bytes) long and, therefore, is stored at 32 memory locations of the memory. In other words, the cryptographic key includes 32 data values (8 bits each and each data value is stored at a memory location of the memory) that are ordered relative one to another. That is, the value of the cryptographic key is altered if the order of the data values of the cryptographic key is altered.

The data values of the data set are moved from the memory locations at which the data values are currently stored (i.e., from the current memory location of each data value) to other memory locations at block 120. In other words, the data values are permuted among the memory locations of the memory from a current memory location to a next memory location. In addition, a selector is adjusted in synchronization with the movement of the data values, such that the order of the data values at the output of the data selector is maintained.

At block 130, a memory control module implementing process 100 determines whether the data values of the data set should be moved again. For example, the memory control module may determine at block 130 whether a period of time since a previous move or permutation of the data values has expired. If the period of time has expired, process 100 may proceed to block 120 to move the data values again. That is, the next memory location of each data value from the previous iteration at block 120 is the current memory location for this iteration at block 120. If the period of time has not expired, process 100 may wait at block 130 until the period of time expires or until a request for the data set is received. Alternatively, for example, process 100 may return to block 120 from block 130 immediately unless a request for the data set had been received. If a request for the data set had been received, process 100 proceeds to block 140.

The data set is provided to a client at block 140. As the selector is synchronized with the movement of the data, the data set may be provided in order without further movement of the data values. Process 100 proceeds to block 130 at which the memory control module may determine whether the data values of the data set should be moved again. The client may be one or a variety of devices, services, software modules, or users that access (i.e., request and/or receive) data values stored at the memory via the memory control module. For example, the memory control module may be separate from a processor of a computing device and the processor may access a memory via the memory control module. Thus, the processor is a client of the memory control module. Alternatively, the memory control module may be included at a secure key storage device separate from a computing device and in communication with the computing device via an interface such as a Universal Serial Bus (“USB”) interface. The secure key storage device may implement process 100 and provide cryptographic keys to the computing device in response to requests for the cryptographic keys in real time. Thus, the computing device may be a client of the secure key storage device.

Although process 100 is discussed above with reference to an example environment within a memory control module, process 100 is applicable within other environments.

FIGS. 2-5 are schematic block diagrams of computing devices including memory control modules, according to one or more implementations. Although various implementations of computing devices and memory control modules are illustrated at FIGS. 2-5, these examples are not exhaustive and memory control modules, systems, and processes discussed herein are applicable to other computing devices or systems not illustrated in FIGS. 2-5.

FIG. 2 illustrates a computing device that includes a memory control module with an integrated memory. Computing device 200 includes processor 210, communication interface 220, memory 230, and memory control module 240. Processor 210 is any of a variety of processors. For example, processor 210 may be a general-purpose processor or an application-specific processor implemented as a hardware module and/or a software module hosted at a hardware module. A hardware module may be, for example, a microprocessor, a microcontroller, an application-specific integrated circuit (“ASIC”), a programmable logic device (“PLD”) such as a field programmable gate array (“FPGA”), and/or other electronic circuits that perform operations. A software module may be, for example, instructions, commands, and/or codes stored at a memory and executed at another processor. Such a software module may be defined using one or more programming languages such as Java™, C++, C, an assembly language, a hardware description language, and/or another suitable programming language. For example, a processor may be a virtual machine hosted at a computer server including a microprocessor and a memory.

In some implementations, processor 210 may include multiple processors. For example, processor 210 may be a microprocessor including multiple, processing engines (e,g., computation, algorithmic or thread cores). As another example, processor 210 may be a computing device including multiple processors with a shared clock, memory bus, input/output bus, and/or other shared resources. Furthermore, processor 210 may be a distributed processor. For example, processor 210 may include multiple computing devices, each including a processor, in communication one with another via a communications link such as a computer network.

Processor 210 is operatively coupled to communications interface 220, memory 230, and memory control module 240. Typically, as illustrated in FIG. 2, memory 230 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 210 during operation of computing device 200. For example, memory 230 includes instructions that define operating, system 231, device drivers 232, and applications 233 (e.g., software application programs). In other words, operating system 231, device drivers 232, applications 233, and other software modules stored as instructions (not shown) at memory 230 and executed at processor 210 are hosted at computing device 200. Applications 233 may include, far example, an application software module, a hypervisor, a virtual machine module, or an environment such as a runtime environment or virtual machine instance. As a specific example, applications 233 may include a cryptographic service such as a file encryption application.

In some embodiments, memory 230 is a volatile memory and computing device 200 includes a non-volatile (or non-transient) memory or processor-readable medium (not shown) such as a hard disk drive (“HDD”), a solid-state drive (“SSD”), a FLASH drive, or is in communication with a data storage service (e.g., via communications interface 220 and a communications link such as a communications network) at which software applications (e.g., computer codes or instructions that implement software applications when executed at a processor), data, or combinations thereof may be stored and accessed by processor 210. Such software applications, data, or combinations thereof may be moved or copied to memory 230 by processor 210 and accessed by processor 210 at memory 230 during operation of computing device 200.

Examples of processor-readable media include, but are not limited to: magnetic storage media such as a hard disk, a floppy disk, and/or magnetic tape; optical storage media such as a compact disc (“CD”), a digital video disc (“DVDs”), a compact disc read-only memory (“CD-ROM”), and/or a holographic device; magneto-optical storage media; non-volatile memory such as read-only memory (“ROM”), programmable read-only memory (“PROM”), erasable programmable read-only memory (“EPROM”), electronically erasable read-only memory (“EEPROM”), and/or FLASH memory; and random-access memory (“RAM”). Examples of computer code include, but are not limited to, micro-code or micro-instructions, machine instructions, such as produced by a compiler, and files containing higher-level instructions that are executed by a computer using an interpreter. For example, an implementation may be implemented using Java™, C++, or other object-oriented programming language and development tools. Additional examples of computer code include, but are not limited to, control signals, encrypted code, and compressed code.

Communications interface 220 is an interface accessible to processor 210 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link. In other words, communications interface 220 may receive data from processor 210 and transmit symbols representing those data via a communications link. Moreover, communications interface 220 may receive symbols from other communications interfaces via a communications link and send data represented by those symbols o processor 210. For example, communications interface 220 may be a telephone network interface, a twisted-pair network interface, a coaxial network interface, a fiber-optic network interface, a wireless network interface such as a wireless local area network (“WLAN”) or a cellular network, or some other network or communications interface.

Memory control module 240 includes memory controller 244 and memory 241 at which key 245 is stored. Memory controller 244 includes circuitry, software hosted at that circuitry, or a combination thereof to implement a process to prevent memory imprinting at memory 241. Memory controller 244 periodically moves key 245 (i.e., data values of key 245), for example as discussed below in relation to FIGS. 6A-6F, 7A-7F, and 8A-8F, within memory 241 to prevent memory imprinting of key 245 at memory 241.

Selector 250 may be controlled by memory controller 244 and is synchronized to with the movement of the data values of the key 246 in memory.

Key 245 is a data set such as a cryptographic key that is accessed by processor 210 for use within one or more of applications 233 such as a cryptographic service hosted at computing device 200. In other words, processor 210 requests key 245 at memory control module 240, uses key 245 to perform a cryptographic process based on instructions or codes stored at memory 230, and discards key 245.

FIG. 3 illustrates a computing device and a memory control module with an integrated memory in communication with the computing device. Computing device 300 includes processor 310, communication interface 320, and memory 330.

Processor 310 is operatively coupled to communications interface 320, and memory 330. Typically, as illustrated in FIG. 3, memory 330 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 310 during operation of computing device 310 similar to those discussed above in relation to FIG. 2. Moreover, communications interface 320 is an interface accessible to processor 310 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link as discussed above in relation to FIG. 2.

110351 Memory control module 340 is separate (or separable) from computing device 300 and includes memory controller 344 and memory 341 at which key 345 is stored. Memory controller 344 includes circuitry, software hosted at that circuitry, or a combination thereof to implement a process to prevent memory imprinting at memory 341. For example, memory controller 344 may be a processor at memory control module 340. Memory controller 344 periodically moves key 345 (i.e., data values of key 345), for example as discussed below in relation to FIGS. 6A-6F, 7A-7F, and 8A-8F, within memory 341 to prevent memory imprinting of key 345 at memory 341.

Selector 350 may be controlled by memory controller 244 and is synchronized to with the movement of the data values of the key 246 in memory.

Key 345 is a data set such as a cryptographic key that is accessed by computing device 300 for use within one or more of applications 333 such as a cryptographic service hosted at computing device 300. For example, computing device 300 may be in communication with memory control module 340 via an interface (not shown) such as a USB interface, a network (e.g., Ethernet) interface, or some other interface. In other words, processor 310 requests key 345 at memory control module 340, uses key 345 to perform a cryptographic process based on instructions or codes stored at memory 330, and discards key 345.

FIG. 4 illustrates a computing device hosting a memory control module. Computing device 400 includes processor 410, communication interface 420, and memory 430. Processor 410 is operatively coupled to communications interface 420, and memory 430. Communications interface 420 is an interface accessible to processor 410 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link as discussed above in relation to FIG. 2. Moreover, as illustrated in FIG. 4, memory 430 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 410 during operation of computing device 410 similar to those discussed above in relation to FIG. 2.

Memory 430 also includes memory control module 440, selector 450, and key 445. That is, memory control module 440 is hosted at processor 410. In other words, instructions or codes that define memory control module 440 are accessed at memory 430 by processor 410 and executed or interpreted by processor 410 to perform a process to prevent memory imprinting at memory 430 and output data values in order in real time. For example, computing device 400 hosts memory control module 440 to prevent key 445 from becoming imprinted within memory 430. As a specific example, memory control module 440 periodically moves key 445 (i.e., data values of key 445), for example as discussed below in relation to FIGS. 6A-6F, 7A-7F, and 8A-8F, within memory 430 to prevent memory imprinting of key 445 at memory 430, and selector 450 is synchronized with the movement of the data values of key 445 to facilitate output of data values in order in real time.

FIG. 5 illustrates a computing device including a memory control module. Computing device 500 includes processor 510, communication interface 520, memory 530, and memory control module 540. Processor 510 is operatively coupled to communications interface 520 and memory control module 540. Communications interface 520 is an interface accessible to processor 510 to communicate with (i.e., transmit symbols representing data to and receive such symbols from) other processors or computing devices via a communications link as discussed above in relation to FIG. 2. Moreover, as illustrated in FIG. 5, memory 530 includes instructions or codes (e.g., computer codes or object codes) defining software modules that are executed by processor 510 during operation of computing device 510 similar to those discussed above in relation to FIG. 2.

Memory control module 540 includes circuitry, software hosted at that circuitry, or a combination thereof to implement a process to prevent memory imprinting at memory 540. As a specific example, memory control module 540 periodically moves key 545 (i.e., data values of key 545), for example as discussed below in relation to FIGS. 6A-6F, 7A-7F, and 8A-8F, within memory 530 to prevent memory imprinting of key 545 (e.g., a cryptographic key) at memory 530. That is, memory control module 540 moves key 545 and/or other data values stored at memory locations of memory 530 to prevent those data values from becoming imprinted at memory 530. Memory control module 540 may further control the selector to be in synchronization with the movement of the data values in memory.

Processor 510 accesses memory 530 via memory control module 540. More specifically, processor 510 requests access to data values at memory 530 from (or at) memory control module 540. That is, processor 510 provides a request for data values to memory control module 540, memory control module 540 accesses those data values at memory 530, and provides the requested data values to processor 510.

FIG. 6 is an example illustration of non-imprinting memory, a selector, and real-time output, according to an implementation. As shown in FIG. 6, non-imprinting memory 610 includes three memory locations 612, 614 and 616. P1618 represents the position of data values in memory locations 612, 614 and 616 at a first time in a first position. In accordance with one movement pattern data values may be rotated sequentially between the memory locations. When the data is rotated at a next point in time, the data values are stored in memory locations 612, 614 and 616 in a second position as shown in P2620. When the data is rotated at a further point in time, the data values are stored in memory locations 612. 614 and 616 in a third position as shown in P3622. Movement of the data values between the memory locations 612, 614 and 616 may be controlled via a memory controller or memory control module as discussed herein.

It may be appreciated that the data may be moved between memory locations in accordance with one or more patterns or schema. For example, the data may be rotated randomly in accordance with a predetermined formula, sequentially through memory locations, non-sequentially through memory locations, etc.

Selector 630 includes switches 632, 634 and 636. Switches 632, 634 and 636 may be controlled via a memory controller or memory control module as discussed herein. Switches 632, 634 and 636 may be controlled with the same control signal used to control movement of data values between the memory locations, or via a different control signal.

For example, at P1, switch 632 connects to memory location 612. At P2, switch 632 connects to memory location 614. At P3, switch 632 connects to memory location 616.

At P1, switch 634 connects to memory location 614. At P2, switch 634 connects to memory location 616. At P3, switch 634 connects to memory location 612.

At P1, switch 636 connects to memory location 616. At P2, switch 636 connects to memory location 612. At P3, switch 636 connects to memory location 614.

Output 650 includes output AAA 652, output BBB 654 and output CCC 656. As the data values are moved between the memory locations 612, 64 and 616, the switches 632, 634 and 636 are adjusted as noted above to match the state of the data values in memory such that output 652 always outputs AAA, output 654 always outputs BBB and output 656 always outputs CCC.

FIG. 7 is an example illustration of non-imprinting memory, a selector, and real-time output, according to an implementation. As shown in FIG. 7, non-imprinting memory 710 includes four memory locations 712, 714, 716, and 718, storing Byte 0, Byte 1, Byte 2 and Byte 3, respectively. In accordance with one movement pattern, data values may be rotated sequentially between the memory locations. Movement of the data values between the memory locations 712, 714, 716, and 718, may be controlled via a memory controller or memory control module as discussed herein.

Selector 720 includes a plurality of multiplexers (MUXs) 722, 724, 726 and 728. MUXs 722, 724, 726, and 728, may be controlled via a MUX control 721. As may be seen in FIG. 7, MUX control 721 has control lines 723, 725, 727 and 729 controlling MUXs 722, 724, 726, and 728, respectively. MUX control 721 controls the MUXs 722, 724, 726 and 728 in synchronization with the movement of the data values in non-imprinting memory 710. In other words, the state of the MUXs matches the state of the position of data values in non-imprinting memory 710.

Output 740 is provided representing the output value by the selector 740 as controlled by MUX control 721. Output 740 includes including output byte 0742 from MUX 722, output byte 1744 output from MUX 724, output byte 2746 output from MUX 726 and output byte 3748 output from MUX 728. MUX control 721 controls the MUXs 722, 724, 726 and 728 in such a manner that regardless of the position of the data values in memory locations 722, 714, 716 and 718, the output of the data values, namely byte 0, byte 1, byte 2, and byte 3 are always output in order.

Alternatively, MUXs 722, 724, 726 and 728may be controlled with the same control signal used to control movement of data values between the memory locations.

It may be appreciated that the number of MUXs in selector 720 may be equal to the number of memory locations in non-imprinting memory 710.

FIG. 8 is an example illustration of a multiplexer (MUX) and an optional latch in accordance with an implementation. As shown in FIG. 8, input values 802 are input into MUX 820. An output of the MUX 820 may be output via output 850.

Input values 802 include X0804, X1806, In A 810, In B 812, In C 814, In 816, and Enable 818.

X0804 and X1806 represent input control lines to control operation of the MUX 820.

A 810, In B 812, In C 814, In D 816 represent input data values from a ion-imprinting memory.

Input Enable 818 represents a distributed enable signal such that when the enable signal is HIGH, the MUX 820 works normally. When the enable signal is LOW, the values of the input In A 810, In B 812, In C 814, In D 816, are inhibited from propagating further. Enable 818 and control signal G may be controlled by an encryption engine as discussed in FIG. 9.

It may be appreciated that, alternatively, Enable 818 may enable MUX 820 output to operate in three states, where the third state is a high impedance, or disable, state, as discussed with regarding to FIG. 9.

In other words, the operation of Enable 818 enables the data values to be read only for a shortest instant needed, and then disabled. Since imprinting of data values in memory is time-dependent, keeping the total duration of the enabled time to a minimum will minimize the chances of imprinting outside the memory.

X0804 and X1806 control the MUX 820 in synchronization with the movement of data values in non-imprinting memory such that the output of the MUX 820 matches state with the position of the data value in non-imprinting memory, as the data value moves between memory locations. X0804 and X1806 select which one of the input In A 810, In B 812, In C 814, In D 816 is copied to a MUX output gate 820 via NAND gates 822, 824, 826 and 828 corresponding to In A 810, In B 812, In C 814, In D 816, respectively. Outputs of NAND gates 822, 824, 826 and 828 are controlled via X0804 and X1806 to output gate 850. Output gate 850 outputs the data value in order.

Optionally, the output of MUX 820 maybe input to latch 860. Where output of a data value is needed for a very short period of time, for example, a nanosecond, MUX 820 may be sufficient. Where the data value may be provided continuously, transparent latch 860 may be utilized. Latch 860 may include input G 862 such that when G 862 is HIGH, the input is copied to the output, and when G 862 is LOW, whatever data value was on the output is latched, or held constant.

FIG. 9 depicts an illustration of a circuit design including non-imprinting memory 902, selector 910, and encryption engine 970, according one implementation. Non-imprinting memory 902 stores value A 904, value B 906 and value C 908 in a non-imprinting manner, as discussed above. Each of value A 904, value B 906 and value C 908 may store one or more data values representing for example, a key, a data value, etc., such that the circuit depicted in FIG. 9 outputs one of the values of value A 904, value B 906 and value C 908. This output may be in response to a read request.

Selector 910 includes MUX 912 for value A 904, MUX 914 for value B 906 and MUX 916 for value C 908. MUXs 912, 914 and 916 may be set forth in accordance with the structure and functionality as discussed with FIG. 8. In other words, MUX 912 is configured to output the data values stored in value A 904 in an order regardless of the order of the data values as stored in non-imprinting memory 902. MUX 914 is configured to output the data values stored in value B 906 in an order regardless of the order of the data values as stored in non-imprinting memory 902. MUX 916 is configured to output the data values stored in value C 908 in an order regardless of the order of the data values as stored in non-imprinting memory 902.

The circuit shown in FIG. 9 may include logic operating as a wired OR at 942 such, that only one of the values A 904, B 906 and C 908 output from MUXs 912, 914 and 916, respectively, is provided to encryption engine via signal 944.

Additional values may be stored in non-imprinting memory 902 and additional MUXs, corresponding to the additional values, in selector 910 may be provided and connected to the data values.

Encryption engine 970 may be implemented in hardware, software, or a combination of hardware and software. Encryption engine 970 may receive input at input 980 and output values at output 982. Encryption engine 970 may further include a plurality of MUX enable signals 930 to enable output or disable output at MUXs 912, 914 and 916. By providing for enable signals 930, MUXs 912, 914 and 916 may be disabled until a value from non-imprinting memory 902 is needed. This may avoid imprinting of the value at the output gates in the MUXs.

Encryption engine 970 may further include latch 984 to store a value output from one of MUXs 912, 914 and 916, as controlled by control signal G 988. Encryption engine 970 may further include crypto core 986 to receive the value from latch 984, encrypt the value, and output the encrypted value at output 982.

If a data value from MUXs 912, 914 and 916 is not needed, for example, there is no outstanding read request for the data values, MUXs 912, 914 and 916 may be disabled, for example, gated internally. Internal gating may be, for example, controlled by enable signals 930 from encryption engine 970 in such a way that constant data never exists on the output gates. In one embodiment, when the values are not needed, the output stage of the output gates in MUXs 912, 914 and 916, may be tri-stated. This allows the wired-OR circuit topology noted above and allows the MUXs 912, 914 and 916 to avoid imprinting of the data values in the MUXs.

Selector 910 may be configured in an integrated circuit in close proximity to non-imprinting memory 902, thus keeping the amount of traces minimized.

When the encryption engine 970 is preparing to operate on some data, the encryption engine may assert one of the enable signals 930 corresponding to the value desired. The enabled MUX will output the value and, OR signal 942 will pass the value via 944 to encryption engine 970. The output value will be passed to latch 984. Encryption engine 970 may further assert control signal G 988, which will then hold the value inside the latch 984 in encryption engine 970. Encryption engine 970 may then release the enable signal 930, thereby disabling the enabled MUX.

As the MUXs 912.914 and 916 are disabled for the majority of the time, the data stored therein will not easily imprint on their output gates.

In addition, as different values are being moved through latch 984, it is not likely that imprinting may occur at latch 984.

Alternatively, when not in use, encryption engine 970 may reset its input, load all 0s or 1s or load a random number to mitigate the imprinting of the values.

By configuring the circuit as described with respect to FIG. 9, the output gates of the respective MUX may be disabled, thus avoiding imprinting at the MUXs while latch 984 stores the requested value. Encryption engine 970 may access a requested value in real time without imprinting of any of the values within the circuit.

FIG. 10 is a flowchart of a process to access a data set at a memory, according to an implementation. Process 1000 may be implemented as a hardware module, as a software module hosted at a computing device, or as a combination thereof. For example, process 1000 may be implemented as application-specific circuitry or as a software module including instructions stored at a memory and executed at a processor in communication with the memory. More specifically, for example, process 1000 may be implemented at a memory control module.

A request for a data set stored at a memory is received, for example, at a memory control module at block 1010. The memory control module determines at block 1020 the output of the selector coupled to the non-imprinting memory. At block 1030, the output of the selector is provided, for example, to a client device.

SELECTOR SYNCRONIZED WITH MOVEMENT OF DATA IN MEMORY

Information

Publication Number

Date Filed

Date Published

Inventors

CPC

US Classifications

International Classifications

Abstract

Description

Claims

CROSS-REFERENCE TO RELATED APPLICATIONS

PCT Information

Provisional Applications (1)