Browse Prior Art Database

Memory Encryption Method

IP.com Disclosure Number: IPCOM000022197D
Publication Date: 2004-Mar-01
Document File: 6 page(s) / 1M

Publishing Venue

The IP.com Prior Art Database

Related People

Hidekazu Watanabe: INVENTOR

Abstract

Sometimes we need to put a secret information to the system memory and need to keep it secret. This invention provides the methodology for it.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 56% of the total text.

         Sony Corporation

         Sony Electronics Inc.

         IPD Case #50R4931

Title:

Memory Encryption Method

Abstract:

Sometimes we need to put a secret information to the system memory and need to keep it secret. This invention provides the methodology for it.

Inventor:

Hidekazu Watanabe

Invention Disclosure Data Sheet:

1.      We sometimes need to save a secret information to its system memory when we consider some system or equipment such as cellular phone. But some guy such as cracker, may attack the system and will know those secret information. Especially, if system is integrated in one chip (IC), normally it has a debug port and every memory information can be read through the port.

We can add some security feature to debug port, however, once cracker succeeds to open the port, he/she can access to stored information freely. Or if the system has External Bus Interface (EBIF), cracker may be able to observe a secret memory or program data through EBIF or debug port. (See Fig-1). So that some information or application need to add more security and actually this invention can add security using data encryption method or data filtering.

2.      Basic idea of this invention is blocking secret data or storing the data by encrypted format.

Fig-2 shows the method which prevent the secret data output to chip outside. Security control block is a hidden function from general user and it controls data filtering. We assume that secret data is stored in the certain portion of internal memory address, for example, memory address range of 0x1000 - 0x1100 contain secret data. When security control block is enabled, it monitors CPU access address and if the address is between this range, it prevents the data out or it output false data. Fig-5 shows these processes.

#1 Assume memory has secret information, in this case it is put on the address range of 0x1000 - 0x1100.

#2 CPU enables security circuit. Actually application program (software) enables this function, and to do it, how to enable or disable it should be secret, also. So that the program should be put on the secured portion of memory.

#3 Security control circuit monitors address bus or even CPU debug port activity, and if its access range points out within secured portion, control circuit send the signal for data filtering. If DMA (Direct Memory Access) module is sitting on the bus, and it try to get the secured information from memory and output it through EBIF, Security control monitors bus address and detects it.

#4 Data filter circuit prevents secret data out to chip outside by order of security control circuit.

Fig- 3 shows another idea of security-enhanced system, and it uses encryption and decryption technology. Though debug port side data filter position is different from

Fig-2, its function is almost same. And the difference is cryptograph portion to encrypt and decrypt data.

Secured data is stored within the certain range of memory address as same as the case of Fig-2. However when the data is moved from CPU to m...