Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. WO2020197824 - ATTESTATION DE DONNÉES EN MÉMOIRE

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

What is Claimed is:

1. An apparatus, comprising:

a memory; and

circuitry configured to:

detect a power off of the apparatus;

generate a run-time cryptographic hash; and

compare the run-time cryptographic hash with a cryptographic hash in response to detecting the power off, wherein the cryptographic hash is stored in a portion of the memory.

2. The apparatus of claim 1, wherein the circuitry is configured to generate the run-time cryptographic hash by reading data stored in the portion of the memory and using a hash function to hash the data.

3. The apparatus of claim 1, wherein the portion of the memory is a secure portion of the memory.

4. The apparatus of any of claims 1-3, wherein the portion of the memory is defined by one or more registers.

5. The apparatus of claim 1, further comprising a first counter and a second counter.

6. The apparatus of claim 5, wherein the first counter is incremented for each power on of the apparatus and the second counter is incremented for each power off of the apparatus.

7. The apparatus of any of claims 4-6, wherein the first counter and the second counter are monotonic counters.

8. A method of data attestation in memory, comprising:

detecting a power off of the memory;

generating a run-time cryptographic hash;

determining if the run-time cryptographic hash is equal to a

cryptographic hash in response to detecting the power off, wherein the cryptographic hash is stored in a portion of the memory; and

incrementing a power off counter in response to the run-time cryptographic hash and the cryptographic hash being equal.

9. The method of claim 8, further comprising:

setting the portion of the memory to read only mode in response to incrementing the power off counter and prior to powering off the apparatus.

10. The method of any of claims 8-9, further comprising:

incrementing a power on counter in response to powering on the apparatus.

11. The method of claim 10, further comprising:

determining, in response to incrementing the power on counter, if the power on counter is equal to the power off counter

12. The method of claim 11, further comprising:

setting the portion of the memory to read and write mode in response to the power on counter and the power off counter being equal.

13. The method of any of claims 11-12, further comprising:

providing an error flag in response to the power on counter and the power off counter being unequal.

14. A method of data attestation in memory, comprising:

detecting a host is idle;

generating a run-time cryptographic hash from data stored in a portion of a memory coupled to the host; and

comparing the run-time cryptographic hash with a cryptographic hash in response to detecting the host is idle, wherein the cryptographic hash is stored in the portion of the memory.

15. The method of claim 14, wherein the cryptographic hash of the data stored in the portion of the memory comprises a SHA-256 cryptographic hash.

16. The method of claiml4, further comprising:

triggering a validation flag in response to the run-time cryptographic hash and the cryptographic hash being equal.

17. The method of claim 14, further comprising:

powering on the memory.

18. The method of claim 17, further comprising:

clearing the validation flag in response to powering on the memory.

19. A system, comprising:

a host;

a memory; and

circuitry configured to:

detect when the host is idle;

generate a run-time cryptographic hash by reading data stored in a portion of the memory and using a hash function to hash the data in response to detecting the host is idle; and

comparing the run-time cryptographic hash with a cryptographic hash in response to generating the run-time cryptographic hash, wherein the cryptographic hash is stored in the portion of the memory.

20. The system of claim 19, wherein a validation flag is removed in response to a write operation on the portion of the memory prior to powering off the system.