US 11,687,681 B2
Multi-tenant cryptographic memory isolation
Shay Gueron, Haifa (IL); Siddhartha Chhabra, Hillsboro, OR (US); and Nadav Bonen, Ofer (IL)
Assigned to INTEL CORPORATION, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Sep. 14, 2020, as Appl. No. 17/20,486.
Application 17/020,486 is a continuation of application No. 15/720,360, filed on Sep. 29, 2017, granted, now 10,776,525.
Prior Publication US 2021/0103682 A1, Apr. 8, 2021
Int. Cl. H04L 29/00 (2006.01); G06F 21/79 (2013.01); G06F 21/75 (2013.01); G06F 21/76 (2013.01); G06F 12/14 (2006.01); G06F 21/62 (2013.01)
CPC G06F 21/79 (2013.01) [G06F 12/14 (2013.01); G06F 21/75 (2013.01); G06F 21/76 (2013.01); G06F 21/6218 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A device for multi-tenant cryptographic memory isolation, the device comprising:
storage that includes a key table;
interface circuitry to facilitate an interface to form an interconnect between memory hardware and a user of the memory hardware; and
processing circuitry to:
receive, on the interface:
a write request, by a tenant of several tenants, for the memory hardware from the user of the memory hardware; and
data corresponding to the write request;
extract a tenant identifier (ID) from the write request;
obtain a nonce for the tenant from the key table using the tenant ID as an index, the key table being writable to store new keyed-nonces; and
encrypt the data, creating encrypted data, using the nonce for storage in the memory hardware, wherein, to encrypt the data using the nonce, the processing circuitry is configured to:
combine the nonce with the tenant ID and physical address from the write request to create a tweak; and
encrypt the data using the tweak.