公开(公告)号：WO2017058414A1

公开(公告)日：2017-04-06

申请号：PCT/US2016/048697

申请日：2016-08-25

Applicant: APPLE INC.

Inventor： GULATI, Manu ,  SOKOL Jr., Joseph ,  WILCOX, Jeffrey R. ,  SEMERIA, Bernard J. ,  SMITH, Michael J.

IPC: G06F12/02 ,  G06F21/72 ,  G11C7/24

CPC classification number: G06F12/0246 ,  G06F21/78 ,  G06F2212/7206 ,  G06F2212/7208 ,  G06F2221/2143

Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

Abstract translation: 在一个实施例中，系统包括可用作主存储器系统和后备存储器（或持久存储器）两者的非易失性存储器。 在一些实施例中，非易失性存储器被分成主存储器部分和持久部分。 在一个实施例中，主存储器操作中的数据可以使用一个或多个第一密钥加密，并且持久部分中的数据可以使用一个或多个第二密钥进行加密。 主存储器的易失性行为可以通过在功率下降事件中丢弃一个或多个第一密钥或指示主存储器数据丢失的其他事件来实现，同时可以保留一个或多个第二密钥。 在一个实施例中，非易失性存储器的物理地址空间可以是来自在系统内使用的第二物理地址空间的映射。

公开(公告)号：WO2019118203A1

公开(公告)日：2019-06-20

申请号：PCT/US2018/063229

申请日：2018-11-30

Applicant: APPLE INC.

Inventor： BENSON, Wade ,  SMITH, Michael J. ,  DE CESARE, Joshua P.

IPC: G06F21/72 ,  G06F21/74 ,  G06F15/167 ,  G06F12/14

Abstract: Techniques are disclosed relating to data storage. In various embodiments, a computing device includes first and second processors and memory having stored therein a first encrypted operating system executable by the first processor and a second encrypted operating system executable by the second processor. The computing device also includes a secure circuit configured to receive, via a first mailbox mechanism of the secure circuit, a first request from the first processor for a first cryptographic key usable to decrypt the first operating system. The secure circuit is further configured to receive, via a second mailbox mechanism of the secure circuit, a second request from the second processor for a second cryptographic key usable to decrypt the second operating system, and to provide the first and second cryptographic keys.

公开(公告)号：WO2015020788A1

公开(公告)日：2015-02-12

申请号：PCT/US2014/047576

申请日：2014-07-22

Applicant: APPLE INC.

Inventor： PAASKE, Timothy R. ,  WARREN, David S. ,  SMITH, Michael J. ,  ROSS, Diarmuid P. ,  MAO, Weihua

IPC: G06F21/72 ,  G06F21/85 ,  G06F21/60 ,  G06F21/87

CPC classification number: G06F12/1408 ,  G06F21/602 ,  G06F21/72 ,  G06F21/85 ,  G06F21/87 ,  G09C1/00 ,  H04L9/12 ,  H04L2209/12

Abstract: In an embodiment, a peripheral interface controller may include an inline cryptographic engine which may encrypt data being sent over a peripheral interface and decrypt data received from the peripheral interface. The encryption may be transparent to the device connected to the peripheral interface that is receiving/supplying the data. In an embodiment, the peripheral interface controller is included in a system on a chip (SOC) that also includes a memory controller configured to couple to a memory. The memory may be mounted on the SOC in a chip-on-chip or package-on-package configuration. The unencrypted data may be stored in the memory for use by other parts of the SOC (e.g. processors, on-chip peripherals, etc.). The keys used for the encryption/decryption of data may remain within the SOC.

Abstract translation: 在一个实施例中，外围接口控制器可以包括内联密码引擎，其可以对通过外围接口发送的数据进行加密，并解密从外围接口接收的数据。 加密可能对连接到正在接收/提供数据的外设接口的设备是透明的。 在一个实施例中，外围接口控制器包括在芯片上的系统（SOC）中，该系统还包括被配置为耦合到存储器的存储器控​​制器。 存储器可以以片上芯片或封装的封装形式安装在SOC上。 未加密的数据可以存储在存储器中以供SOC的其他部分使用（例如处理器，片上外设等）。 用于加密/解密数据的密钥可能保留在SOC内。