Method for securing content in dynamically allocated memory using different domain-specific keys

摘要

A method operational within a memory controller is provided for securing content stored in memory. The memory controller may allocate logical memory regions within a memory device to different domains. A different domain-specific key is obtained for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information. During write operations, content/data is encrypted, at the memory controller, as it is written into each logical memory region using a domain-specific key corresponding to a domain providing the content and to which the logical memory region is allocated. Similarly, during read operations, content/data is decrypted, at the memory controller, as it is read from each memory region using a domain-specific key corresponding to a domain requesting the content and to which the logical memory region, where the content is stored, is allocated.

主权项

1. A method operational within a memory controller for securing content comprising:
allocating, at the memory controller, logical memory regions within a memory device to different domains, the memory device being external to the memory controller; defining, at the memory controller, access permissions within access control settings for one or more masters within a domain, the access permissions specifying at least one of read and/or write access for the one or more masters within the domain; obtaining, at the memory controller, a different domain-specific key for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information, the domain-specific information including the access permissions that specify at least one of read and/or write access for the one or more masters within the domain; storing the domain-specific keys at a secure memory space that is separate from and independent of the memory device; updating a domain-specific key stored at the secure memory space when a change to access control settings for one or more masters within a domain is detected; and encrypting content, at the memory controller, written into each logical memory region using a domain-specific key corresponding to a domain to which each logical memory region is allocated.