US 11,658,808 B2
Re-encryption following an OTP update event
Andreas Lars Sandberg, Cambridge (GB); Matthias Lothar Boettcher, Cambridge (GB); and Prakash S. Ramrakhyani, Austin, TX (US)
Assigned to Arm Limited, Cambridge (GB)
Filed by Arm Limited, Cambridge (GB)
Filed on Aug. 21, 2019, as Appl. No. 16/546,596.
Prior Publication US 2021/0058237 A1, Feb. 25, 2021
Int. Cl. H04L 9/06 (2006.01); H04L 9/32 (2006.01); G06F 13/16 (2006.01); G06F 21/72 (2013.01); G06F 12/14 (2006.01)
CPC H04L 9/0656 (2013.01) [G06F 12/1408 (2013.01); G06F 13/1668 (2013.01); G06F 21/72 (2013.01); H04L 9/3242 (2013.01)] 18 Claims
OG exemplary drawing
1. An apparatus comprising:
memory control circuitry configured to control access to data stored in memory; and
memory security circuitry configured to generate encrypted data to be stored in the memory, the encrypted data being based on target data and a first one-time-pad (OTP);
the memory security circuitry is configured to be within a trust boundary of the apparatus, and data stored outside the trust boundary is accessible to external agents;
in response to an OTP update event indicating that the first OTP is to be updated to a second OTP different from the first OTP, the memory security circuitry is configured to generate a re-encryption value based on the first OTP and the second OTP, and the memory security circuitry is configured to issue a re-encryption request beyond the trust boundary to cause updated encrypted data to be generated outside the trust boundary in a downstream component based on the encrypted data and the re-encryption value and to cause the encrypted data to be replaced in the memory by the updated encrypted data; and
the updated encrypted data is generated in at least one of:
the memory, wherein the memory is outside the trust boundary;
a memory controller for controlling access to the memory, wherein the memory controller is outside the trust boundary;
at least one dynamic random access memory (DRAM) unit, wherein the at least one DRAM unit is outside the trust boundary; and
a controller associated with a three-dimensional integrated circuit comprising a plurality of memory storage integrated circuit layers, wherein the controller associated with the three-dimensional integrated circuit is outside the trust boundary.