Support for additional cryptographic algorithms using inline cryptography hardware components

JP2025531678A5Pending Publication Date: 2026-07-02QUALCOMM INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
QUALCOMM INC
Filing Date
2023-07-20
Publication Date
2026-07-02

Smart Images

  • Figure 00000000_0000_ABST
    Figure 00000000_0000_ABST
Patent Text Reader

Abstract

Systems and techniques for offloading cryptographic services are described herein. For example, a method may include receiving a request to provide a cryptographic service type and initiating a cryptographic algorithm in a cryptographic hardware component, the cryptographic algorithm being associated with the cryptographic service type. The method may further include applying a cryptographic operation to the data to obtain a cryptographic result. The cryptographic operation is associated with the cryptographic algorithm. The method may further include storing at least a portion of the cryptographic result in a hardware register of the cryptographic hardware component. The cryptographic result is configured for use in performing a cryptographic action.
Need to check novelty before this filing date? Find Prior Art

Description

[Technical Field]

[0001]

[0001] The present disclosure relates generally to encryption and decryption of data. In some examples, aspects of the disclosure relate to systems and techniques for offloading certain aspects of integrity verification, authenticated encryption, and / or data decryption to cryptographic hardware components. [Background technology]

[0002]

[0002] There are various scenarios in which the integrity of data can be verified or in which it is desirable to perform authenticated encryption and / or authenticated decryption on data. Such operations generally relate to, for example, helping to ensure that data has not been altered before the data is to be consumed or otherwise used by a computing device.

[0003] For example, integrity verification may be performed as part of a secure boot process to ensure the integrity of a loaded image or to verify the integrity of data blocks that store all or any portion of a file system. As another example, authenticated encryption and decryption may be performed to provide data confidentiality and data integrity verification of runtime data. Such operations are generally performed using the computational resources (e.g., software running on a processor) of a particular computing device that are also used to perform other functionality of the device. Thus, such operations may adversely affect the performance characteristics of the device because the device's computational resources are used for integrity verification and / or authenticated encryption / decryption when they might otherwise be performing other operations. Summary of the Invention

[0004] In some examples, systems and techniques for providing offloaded services are described. According to at least one illustrative example, a method for offloading cryptographic services is provided. The method includes receiving a request to provide a cryptographic service type, initiating a cryptographic algorithm associated with the cryptographic service type at a cryptographic hardware component, applying a cryptographic operation associated with the cryptographic algorithm to data to obtain a cryptographic result, and storing at least a portion of the cryptographic result in a hardware register of the cryptographic hardware component, the cryptographic result configured for use in performing the cryptographic action.

[0005] In another example, an apparatus for offloading cryptographic services is provided that includes at least one memory, at least one processor, and a cryptographic hardware component coupled to the at least one memory and the at least one processor. The cryptographic hardware component is configured to receive a request to provide a cryptographic service type, initiate a cryptographic algorithm associated with the cryptographic service type at the cryptographic hardware component, apply a cryptographic operation associated with the cryptographic algorithm to data to obtain a cryptographic result, and store at least a portion of the cryptographic result in a hardware register of the cryptographic hardware component that is configured for use in performing the cryptographic action.

[0006]

[0006] In another example, a non-transitory computer-readable medium is provided having instructions stored thereon that, when executed by one or more processors, cause the one or more processors to receive a request to provide a cryptographic method service type, initiate a cryptographic method algorithm associated with the cryptographic method service type in a cryptographic method hardware component, apply a cryptographic method operation associated with the cryptographic method algorithm to data to obtain a cryptographic method result, and store at least a portion of the cryptographic method result in a hardware register of the cryptographic method hardware component configured for use in performing the cryptographic method action.

[0007]

[0007] In another example, an apparatus for offloading cryptographic techniques services is provided, the apparatus including means for receiving a request to provide a cryptographic technique service type, means for initiating a cryptographic technique algorithm associated with the cryptographic technique service type in a cryptographic technique hardware component, means for applying a cryptographic technique operation associated with the cryptographic technique algorithm to data to obtain a cryptographic technique result, and means for storing at least a portion of the cryptographic technique result in a hardware register of the cryptographic technique hardware component, the cryptographic technique result configured to be used to perform the cryptographic technique action.

[0008] In some aspects, one or more of the devices described herein are, are part of, and / or include a mobile or wireless communication device (e.g., a mobile phone or other mobile device), an extended reality (XR) device or system (e.g., a virtual reality (VR) device, an augmented reality (AR) device, or a mixed reality (MR) device), a wearable device (e.g., a network-connected watch or other wearable device), a vehicle or computing device or component of a vehicle, a camera, a personal computer, a laptop computer, a server computer or device (e.g., an edge or cloud-based server, a personal computer acting as a server device, a mobile device such as a mobile phone acting as a server device, an XR device acting as a server device, a vehicle acting as a server device, a network router, or other device acting as a server device), any combination thereof, and / or other types of devices. In some aspects, the device includes a camera or multiple cameras for capturing one or more images. In some aspects, the device includes a display for displaying one or more images, notifications, and / or other displayable data. In some aspects, the device may include one or more sensors (e.g., one or more inertial measurement units (IMUs), such as one or more gyroscopes, one or more gyrometers, one or more accelerometers, any combination thereof, and / or other sensors).

[0009]

[0009] This Summary is not intended to identify key or essential features of the claimed subject matter, nor is it intended to be used independently to determine the scope of the claimed subject matter, which subject matter should be understood by reference to the entire specification of this patent, any or all drawings, and appropriate portions of each claim.

[0010]

[0010] The above, together with other features and examples, will become more apparent with reference to the following specification, claims, and accompanying drawings. [Brief explanation of the drawings]

[0011]

[0011] Illustrative examples of the present application are described in detail below with reference to the following figures: [Figure 1]

[0012] FIG. 1 is a block diagram illustrating a computing device, according to some examples. [Figure 2]

[0013] FIG. 1 is a block diagram illustrating cryptography hardware components, according to some examples. [Figure 3]

[0014] FIG. 1 is a flow diagram illustrating an example of a process for offloading data integrity verification, according to some examples. [Figure 4]

[0015] FIG. 1 is a flow diagram illustrating an example of a process for offloading authenticated encryption, according to some examples. [Figure 5]

[0016] FIG. 10 is a flow diagram illustrating another example of a process for offloading authenticated encryption, according to some examples. [Figure 6]

[0017] FIG. 1 is a flow diagram illustrating an example of a process for offloading authenticated decryption, according to some examples. [Figure 7]

[0018] FIG. 1 is a flow diagram illustrating an example of a process for offloading decryption of an encrypted software image on another device, according to some examples. [Figure 8]

[0019] FIG. 10 is a flow diagram illustrating another example of a process for offloading decryption of an encrypted software image on another device, according to some examples. [Figure 9]

[0020] FIG. 1 illustrates an example of a computing system for implementing certain aspects described herein. DETAILED DESCRIPTION OF THE INVENTION

[0012]

[0021] Specific aspects and examples of the present disclosure are provided below. As will be apparent to one skilled in the art, some of these aspects and examples may be applied independently, and some of them may be applied in combination. In the following description, for purposes of explanation, specific details are set forth in order to provide a thorough understanding of the examples of the present application. However, it will be apparent that various examples may be practiced without these specific details. The figures and descriptions are not intended to be limiting. Additionally, certain details known to those skilled in the art may be omitted to avoid obscuring the description.

[0013]

[0022] In the following description of the figures, in various examples described herein, any component described with respect to a figure may be equivalent to one or more similarly named components described with respect to any other figure. For brevity, the description of these components may not be repeated in their entirety with respect to each figure. Accordingly, each and every instance of a component in each figure is incorporated by reference and is assumed to be optionally present in all other figures having one or more similarly named components. Furthermore, according to various examples described herein, any description of a component in a figure should be construed as an optional example, which may be implemented in addition to, together with, or instead of the example described with respect to the corresponding similarly named component in any other figure.

[0014]

[0023] The following description provides illustrative examples only and is not intended to limit the scope, applicability, or configuration of the present disclosure. Rather, the following description of illustrative examples provides those skilled in the art with an enabling description for implementing the illustrative examples. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the present application, as set forth in the appended claims.

[0015]

[0024] Computing devices, such as mobile devices, may include various types of storage devices (e.g., flash storage). Such storage devices are often used to store data. To help ensure device security, all or any portion of the data may be subjected to various cryptographic techniques, such as encrypting sensitive data that is decrypted when the data is needed. To support data encryption and decryption, computing devices may include interfaces (e.g., host controller interfaces) used to provide an interface between the storage device and other components of the computing device. The interfaces may be configured to comply with particular standards (e.g., the Joint Electron Device Engineering Council (JEDEC) Universal Flash Storage Host Controller Interface (UFSHCI) standard and / or other standards), which are designed to provide common techniques for implementing various functionalities associated with storage devices, such as encryption and decryption of data stored on the storage device. Accordingly, components in the data path between the storage device and other components of the computing device (e.g., memory) are often designed to comply with such standards.

[0016]

[0025] An example of a component in a data path between a storage device and other components of a computing device may be a cryptography hardware component. In some examples, the cryptography hardware component is a hardware component separate from one or more processors of the computing device that provides inline cryptography services for data passed to and from a storage device of the computing device, thereby offloading at least a portion of the cryptography services from one or more processors of the computing device and allowing the processors to perform other operations. Such offloading may improve the performance of the computing device because it allows the one or more processors of the computing device to perform other operations.

[0017]

[0026] To further improve the performance of a computing device, systems and techniques are needed for offloading additional cryptographic operations from one or more processors of the computing device to cryptographic hardware components of the computing device. However, such cryptographic hardware components that comply with interface standards (e.g., JEDEC, etc.) may not enable such additional offloading of cryptographic techniques if the standard lacks support for a particular cryptographic algorithm.

[0018]

[0027] Described herein are systems, apparatuses, processes (also referred to as methods), and computer-readable media (collectively referred to as “systems and techniques”) for offloading one or more cryptographic techniques to cryptographic hardware components. In one illustrative example, the one or more additional cryptographic techniques or services may include integrity verification. Integrity verification is a technique for determining whether stored data has been modified in an unauthorized or unexpected manner. As one example, integrity verification may be performed during a secure boot process to verify the integrity of an image (e.g., an operating system image, a software image, etc.) being loaded (e.g., into memory). If the integrity is verified, the image, or a portion thereof, may be loaded. If the integrity cannot be verified, the image may not be loaded. As another example, techniques such as using Merkle trees (sometimes referred to as hash trees) may be performed to verify the integrity of blocks of stored data before the data is moved from a storage device to memory, where it is used by the computing device (e.g., manipulated using the computing device's processor).

[0019]

[0028] In some examples, integrity verification involves the use of an algorithm for hashing (e.g., a secure hash algorithm (SHA)). Such an algorithm operates on input data to generate an output, which may be referred to as a digest. In some examples, the generated digest may be referred to as a cryptographic result. The digest may be a fixed size (e.g., a fixed number of bits) regardless of the size of the data on which the hash algorithm operates. The digest generated by a hash algorithm for a given data item is highly unlikely to be the same as a digest generated using any other data as input to the hash algorithm. Thus, a digest corresponding to data may be considered unique for the data, within the practical constraints of time, computational resources, and a variety of potential input data. In some examples, generating a digest of data using a hash algorithm allows the digest to be compared to previously generated digests for the data; a match indicates an integrity check pass (e.g., the integrity of the data is verified). Performing such a comparison may be an example of performing a cryptographic action using a cryptographic result.

[0020]

[0029] The one or more cryptographic techniques or services may additionally or alternatively include authenticated encryption and authenticated decryption (sometimes collectively referred to as authenticated encryption). In some examples, authenticated encryption is a technique for ensuring both confidentiality and authenticity of data. Authenticated encryption may be performed using an authenticated encryption algorithm (e.g., Advanced Encryption Standard Galois / Counter Mode (AES-GCM)). In some examples, when used to authenticate encryption of data, the authenticated encryption algorithm produces as output encrypted data and a message authentication code (MAC) that corresponds to the encrypted data (or plaintext data). In some examples, the MAC may be referred to as a cryptographic result. In some examples, the MAC may be stored in one or more registers of a cryptographic hardware component and / or may additionally or alternatively be stored in other storage of the computing device. In some examples, storing the MAC in a cryptographic hardware component and / or other storage of the computing device may be an example of performing a cryptographic action using the cryptographic result. In some examples, when an authenticated encryption algorithm is used for authenticated decryption, the encrypted data (or plaintext data) is used to generate a MAC (e.g., a cryptographic result), and then the MAC is compared to a previously generated MAC for the data. In some examples, comparing the MAC to a previously generated MAC may be an example of performing a cryptographic action using the cryptographic result. If the MACs match, the data may be considered authenticated (e.g., authentication check passes). If the MACs do not match, the data is not authenticated (e.g., authentication check fails). Authenticated encryption can be used for any data for which both encryption and authentication are desired.For example, when a computing device is hibernated (e.g., suspended), system state information from the computing device's memory may be used as input for an authenticated encryption algorithm, such that the system state information is encrypted before being written to a storage device, and a MAC is generated corresponding to the encrypted system state information. Later, when the computing device is taken out of hibernation (e.g., restored), the authenticated encryption algorithm is used again to generate a MAC and decrypt the data. The MAC generated during the decryption process may be compared to the MAC generated during the encryption process to ensure the authenticity of the system state information.

[0021]

[0030] In some examples, providing integrity verification or authenticated encryption using a computing device's processor requires processor cycles that could otherwise be used to perform other operations, thereby reducing device performance. Accordingly, examples described herein provide cryptography hardware components configured to perform integrity verification or authenticated encryption, thereby at least partially offloading services from the computing device's processor. Using such cryptography hardware components to perform integrity verification or authenticated encryption can improve the performance of the computing device (e.g., by improving the time it takes to perform a secure boot, improving the time it takes to restore a device from a hibernation state, allowing the computing device's processor to perform other operations while a digest of a data block is being generated, etc.).

[0022]

[0031] In some examples, the cryptography hardware component may be configured to perform integrity verification algorithms (e.g., algorithms of the SHA family) and authenticated encryption algorithms (e.g., AES-GCM) and may be extended to include hardware registers for storing at least a portion of the output of such algorithms. In some examples, for an integrity verification algorithm, the cryptography hardware component includes a hardware register for storing a digest corresponding to the data being integrity verified, as well as one or more error registers for storing an indication of an integrity check failure. In some examples, for an authenticated encryption algorithm, the cryptography hardware component includes a hardware register for storing a MAC corresponding to the data being encrypted or decrypted, and one or more error registers for storing an indication of an authentication check failure. In some examples, support for related cryptography algorithms (e.g., SHA, AES-GCM, etc.) is added to a storage interface standard (e.g., JEDEC, etc.) to facilitate offloading of integrity verification and authenticated encryption to the cryptography hardware component while remaining compliant with the standard. For example, support for one or more cryptography algorithms (e.g., AES-GCM, SHA, etc.) may be added to the JDEC specification when implementing one or more examples described herein (e.g., when data from storage is processed by a cryptography hardware component).

[0023]

[0032] In some aspects, the one or more cryptographic services may additionally or alternatively include providing in-line decryption of data (e.g., a software image) that was encrypted (e.g., on another computing device) before being stored on the computing device's storage device. As an example, the software image may be encrypted using an encryption algorithm (e.g., AES-CBC, etc.) running on a remote computing device. The encrypted software image may then be transmitted to the computing device and stored on the computing device's storage device (e.g., a UFS device, etc.). To use the software image, the software image must be decrypted. However, decrypting the software image may require a cryptographic key and possibly an initialization vector (IV). Thus, decrypting the software image may require moving the encrypted software image from the storage device to a memory device, and one or more processors to execute an encryption algorithm to decrypt the data. Executing the encryption algorithm may include generating an IV (e.g., using a sequence number (SN) of a particular data block). Decrypting a software image encrypted in such a manner consumes, for example, computational resources (eg, processor cycles) of the computing device that could be used for other operations.

[0024]

[0033] The examples described herein address such computational resource usage by offloading decryption to a hardware cryptography component that provides in-line decryption of encrypted software image data before the decrypted data is loaded into the memory of a computing device. Specifically, the cryptography hardware component may include one or more hardware storage components for storing data items to perform the in-line decryption. For example, the cryptography key and IV used to encrypt the data may be obtained from the device that encrypted the data and stored by the cryptography hardware component, allowing the cryptography hardware component to perform in-line decryption of the data before transferring the decrypted data to the memory of the computing device. This may eliminate the need to use other computational resources (e.g., one or more processors) to decrypt the data after moving it to memory in encrypted form. Obtaining the decrypted data may be referred to as obtaining a cryptography result. Transferring the decrypted data to memory may be referred to as performing a cryptography action using the cryptography result.

[0025]

[0034] Various aspects of the techniques described herein are discussed below with reference to the figures. Figure 1 is a block diagram illustrating an example of a computing device 100. As shown, computing device 100 includes a processor 102, a universal flash storage (UFS) device 104, a cryptography hardware component 106, a memory device 108, and an additional storage device 110. Each of these components is described below.

[0026]

[0035] Computing device 100 is any device, part of a device, or any set of devices capable of electronically processing instructions and may include, without limitation, one or more processors (e.g., components including integrated circuits such as processor 102), memory (e.g., memory device 108), input / output devices (not shown), non-volatile storage hardware (e.g., UFS device 104, additional storage device 110), one or more physical interfaces, any number of other hardware components (not shown), and / or any combination thereof. Examples of computing devices include, but are not limited to, mobile devices (e.g., laptop computers, smartphones, personal digital assistants, tablet computers, automotive computing systems, and / or any other mobile computing devices), Internet of Things (IoT) devices, servers (e.g., blade servers in a blade server chassis, rack servers in a rack, etc.), desktop computers, storage devices (e.g., disk drive arrays, Fibre Channel storage devices, Internet Small Computer Systems Interface (iSCSI) storage devices, tape storage devices, flash storage arrays, network-attached storage devices, etc.), network devices (e.g., switches, routers, multi-layer switches, etc.), wearable devices (e.g., VR headsets, AR headsets, AR glasses, network-connected watches or smartwatches, or other wearable devices), robotic devices, televisions, and / or any other type of computing device having the foregoing requirements. In one or more examples, any or all of the foregoing examples can be combined to create a system of such devices, and such devices may collectively be referred to as a computing device. Other types of computing devices may be used without departing from the scope of the examples described herein.

[0027]

[0036] In some examples, processor 102 is any component that includes circuitry for executing instructions (e.g., of a computer program). As an example, such circuitry may be an integrated circuit implemented, at least in part, using transistors that implement such components as arithmetic logic units, control units, logic gates, registers, etc. In some examples, the processor may include additional components, such as, for example, cache memory. In some examples, the processor fetches and decodes instructions, which are then executed. Executing instructions may include operating on data, which may include reading and / or writing data. In some examples, instructions and data used by the processor are stored in memory (e.g., memory device 108) of computing device 100. The processor may perform various operations to execute software, such as an operating system, an application, etc. Processor 102 may cause data to be written to storage from the memory of computing device 100 and / or read from storage via the memory. Examples of processors include, but are not limited to, central processing units (CPUs), graphics processing units (GPUs), neural processing units, tensor processing units, data processing units (DPUs), digital signal processors (DSPs), etc. The processor 102 may be operatively connected to the memory device 108 and any storage of the computing device 100 (e.g., the UFS device 104, the additional storage device 110). As used herein, the phrase operatively connected or operatively connected means that there is a direct or indirect connection between elements / components / devices that allows the elements to interact with each other in some way.For example, the phrase "operably connected" may refer to any direct (e.g., a direct wired connection between two devices or components) or indirect (e.g., wired and / or wireless connections between any number of devices or components connecting the operably connected devices) connection. Thus, any path along which information may travel may be considered an operative connection. Although FIG. 1 shows computing device 100 with one processor 102, the computing device may have any number of processors without departing from the scope of the examples described herein.

[0028]

[0037] In some examples, computing device 100 includes UFS device 104. In some examples, UFS device 104 is a flash storage device that conforms to the UFS specification. UFS device 104 may be used to store any type of data. Data may be written to and / or read from UFS device 104. As an example, UFS device 104 may store operating system images, software images, application data, etc. UFS device 104 may store any other type of data without departing from the scope of the examples described herein. In some examples, UFS device 104 includes NAND flash storage. UFS device 104 may use any other type of storage technology without departing from the scope of the examples described herein. In some examples, UFS device 104 is capable of relatively faster data rates than other storage devices of computing device 100 (e.g., additional storage device 110). UFS device 104 may be operably connected to processor 102, cryptography hardware component 106, memory device 108, and / or additional storage device 110. 1 shows a computing device 100 with a single UFS device 104, the computing device may include any number of UFS devices without departing from the scope of the examples described herein. Additionally, although FIG. 1 shows a UFS device 104, the computing device 100 may include any other type of flash storage device without departing from the scope of the examples described herein.

[0029]

[0038] In some examples, computing device 100 includes additional storage device 110. In some examples, the additional storage device is a non-volatile storage device. Additional storage device 110 may be, for example, a persistent memory device. In some examples, additional storage device 110 may be any type of computer storage. Examples of types of computer storage include, but are not limited to, hard disk drives, solid-state drives, flash storage, tape drives, removable disk drives, Universal Serial Bus (USB) storage devices, secure digital (SD) cards, optical storage devices, read-only memory devices, etc. Although FIG. 1 illustrates additional storage device 110 as part of computing device 100, the additional storage device may be separate from computing device 100 and operably connected to computing device 100 (e.g., an external drive array, cloud storage, etc.). In some examples, additional storage device 110 operates at a relatively slower data rate than UFS device 104. In some examples, additional storage device 110 is also a UFS storage device. In some examples, additional storage device 110 is operably connected to processor 102, UFS device 104, cryptography hardware component 106, and / or memory device 108. Although Figure 1 shows computing device 100 with a single additional storage device 110, computing device 100 may have any number of additional storage devices without departing from the scope of the examples described herein.

[0030]

[0039] In some examples, computing device 100 includes memory device 108. The memory device may be any type of computer memory. In some examples, memory device 108 is a volatile storage device. As an example, memory device 108 may be random access memory (RAM). In one or more examples, data stored in memory device 108 is located at a memory address and is therefore accessible to processor 102 using the memory address. Similarly, processor 102 can write data to memory device 108 using the memory address. Memory device 108 may be used to store any type of data, such as, for example, a computer program, a computation result, etc. In some examples, memory device 108 is operably connected to processor 102, UFS device 104, additional storage device 110, and / or cryptography hardware component 106. Although FIG. 1 illustrates computing device 100 with a single memory device 108, computing device 100 may have any number of memory devices without departing from the scope of the examples described herein.

[0031]

[0040] In some examples, computing device 100 includes cryptography hardware component 106. The cryptography hardware component may be any hardware component capable of performing various cryptography services. In some examples, cryptography hardware component 106 is a sub-chip hardware component of a system on a chip (SoC), which may include other components shown in FIG. 1 , such as processor 102. Any other components of computing device 100 may also be included as part of the SoC without departing from the scope of the examples described herein. In some examples, cryptography hardware component 106 resides in a data path between a storage device (e.g., UFS storage device 104, additional storage device 110) and memory device 108. Thus, cryptography hardware component 106 may be considered an “in-line” cryptography hardware component. In some examples, cryptography hardware component 106 is configured to perform various cryptography service types on data read from or written to a storage device (e.g., UFS device 104, additional storage device 110) of computing device 100. In some examples, all data passing from memory to storage or from storage to memory of computing device 100 passes through cryptography hardware component 106. In other examples, only a portion of data passing from memory to storage or from storage to memory of computing device 100 passes through cryptography hardware component 106. In some examples, the cryptography hardware component is designed and configured to comply with one or more relevant industry standards (e.g., JEDEC). Support for one or more cryptography algorithms (e.g., AES-GCM, SHA, etc.) may be added to the JDEC specification when implementing one or more examples described herein.

[0032]

[0041] Examples of cryptographic service types that may be performed include, but are not limited to, encrypting data, decrypting data, performing data integrity verification, and performing authenticated encryption and decryption. In some examples, cryptographic hardware component 106 is configured to perform one or more cryptographic algorithms, thereby performing various cryptographic service types. As one example, to perform encryption and decryption, the cryptography hardware component 106 may be configured to execute one or more of the Advanced Encryption Standard XOR-encrypt-XOR Tweakable Block Ciphertext Stealing (AES-XTS) algorithm, the AES-Cypher Block Chaining (AES-CBC) algorithm, the AES-Electronic Codebook (AES-EBC) algorithm, the Encrypted Salt-Sector Initialization Vector-AES-CBC (ESSIV-AES-CBC) algorithm, etc. (including any variants of such algorithms (e.g., 128, 192, 256, etc.)). As another example, to perform integrity verification, the cryptography hardware component 106 may be configured to execute a hashing algorithm, such as, for example, one or more members of the SHA family of hashing algorithms. As another example, to perform authenticated encryption, cryptography hardware component 106 may be configured to implement the AES-GCM algorithm. Cryptography hardware component 106 may be configured to perform any other encryption algorithm without departing from the scope of the examples described herein. In some examples, cryptography hardware component 106 is operably connected to one or more storage devices (e.g., UFS device 104, additional storage device 110) and memory device 108 of computing device 100.1 shows computing device 100 with a single cryptography hardware component 106, computing device 100 may have any number of cryptography hardware components without departing from the scope of the examples described herein. Cryptography hardware components are further described in the description of FIG. 2 below.

[0033]

[0042] 1 depicts a particular number of components in a particular configuration, those skilled in the art will understand that computing device 100 may include more or fewer components and / or components arranged in any number of alternative configurations without departing from the scope of the examples described herein. Additionally, although not depicted in FIG. 1, those skilled in the art will understand that computing device 100 may execute any amount or type of software or firmware (e.g., boot loader, operating system, hypervisor, virtual machine, computer application, mobile device app, etc.) upon powering on. Thus, the examples disclosed herein should not be limited to the configuration of components depicted in FIG. 1.

[0034]

[0043] Figure 2 shows a block diagram of cryptography hardware components. In some examples, cryptography hardware components 200 are the same as cryptography hardware components 106 shown in Figure 1 and described above. As shown in Figure 2, cryptography hardware components 200 include a data receiver 202, an algorithm execution device 204, a data transmitter 206, an algorithm result register 208, an error register 210, a cryptography key storage device 212, and a sequence number (SN) / initialization vector (IV) storage device 214. Each of these components is described below.

[0035]

[0044] 1, cryptography hardware component 200 is a hardware component that resides in the data path between one or more storage devices of a computing device and one or more memory devices of the computing device. In some examples, cryptography hardware component 200 is a sub-chip of an SoC. In some examples, cryptography hardware component 200 is configured to provide various cryptography service types for data passing between memory and storage of the computing device through cryptography hardware component 200.

[0036]

[0045] In some examples, the cryptography hardware component 200 includes a data receiver 202. The data receiver 202 may be any component capable of receiving data from other components of a computing device, such as a storage and / or memory device. As an example, the data receiver 202 may be a first-in-first-out (FIFO) buffer. In some examples, the data receiver 202 is configured to perform direct memory access (DMA). In some examples, the data receiver 202 is configured to receive data (e.g., from memory or storage) and provide the received data to an operably connected algorithm execution device (described below). Although FIG. 2 illustrates a cryptography hardware component with a single data receiver 202, the cryptography hardware component may include any number of data receivers without departing from the scope of the examples described herein.

[0037]

[0046] In some examples, the cryptography hardware component 200 includes an algorithm-executing device 204. The algorithm-executing device 204 may be any component or set of components configured to execute one or more cryptography algorithms. As an example, the algorithm-executing device 204 may include separate circuits configured to each execute one or more cryptography algorithms. As another example, the algorithm-executing device 204 may include a reconfigurable circuit (e.g., a field programmable gate array (FPGA)) that can be configured to execute one or more cryptography algorithms. In some examples, the algorithm-executing device 204 is configured to provide encryption and decryption of data by executing any number of algorithms, such as AES-XTS, AES-ECB, AES-CBC, ESSIV-AES-CBC, etc. In some examples, the algorithm-executing device 204 is configured to provide integrity verification via execution of a hash algorithm (e.g., one or more members of the SHA family of hash algorithms). In some examples, the algorithm executing device 204 is configured to provide authenticated encryption and / or decryption services through execution of one or more authenticated encryption algorithms (e.g., AES-GCM). In some examples, the algorithm executing device 204 is operably connected to a data receiver 202, a data transmitter 206, an algorithm result register 208, an error register 210, and a cryptographic key storage device 212.

[0038]

[0047] In some examples, the algorithm execution device 204 is configured to perform a hash function (e.g., of the SHA family) cryptography service type as part of data integrity verification (e.g., during a secure boot process). In some examples, performing a hash algorithm involves receiving data as input (e.g., from the data receiver 202) and applying a mathematical hash function to the data to obtain a fixed-length digest output, which may then be stored in one or more algorithm result registers 208 (described below) of the cryptography hardware component 200. As an example, the data receiver 202 may obtain image data from a storage device (e.g., the UFS device 104 shown in FIG. 1) during a secure boot process, and the data, or any portion thereof, may be used as input for the hash function, and the output digest of the hash function may be stored in one or more of the algorithm result registers 208 of the cryptography hardware component 200.

[0039]

[0048] In some examples, the digest generated during integrity verification may be referred to as a cryptographic result. In some examples, to verify the integrity of data, the digest generated by the hash algorithm and stored in the algorithm result register 208 of the cryptographic hardware component 200 is compared to a previously generated digest for the data to determine whether the digest and the previously generated digest match. The previously generated digest may be obtained from any suitable location (e.g., stored in a hash table associated with the data, stored in another storage device of the computing device, etc.). In one or more examples, the comparison of the digest and the previously generated digest is performed by a component of the cryptographic hardware component 200. Alternatively, the comparison may be performed by another component of the computing device, such as a processor. In some examples, performing the comparison may be referred to as performing a cryptographic action. In some examples, if the digest and the previously generated digest match, the integrity of the data corresponding to the digest passes, which represents at least a partial integrity check pass. In some examples, if the digest does not match a previously generated digest, the integrity check fails. In some examples, if the integrity check fails, at least one of the error registers 210 (described below) is updated with an indication of the failure.

[0040]

[0049] In some examples, the algorithm executing device 204 is configured to execute an authenticated encryption algorithm (e.g., AES-GCM) cryptography service type when performing authenticated encryption (e.g., during a hibernation / suspend process) or authenticated decryption (e.g., during resumption from a hibernation / suspend process).

[0041]

[0050] In some examples, executing an authenticated encryption algorithm when performing authenticated encryption may include receiving data (e.g., from the data receiver 202) as input for the authenticated encryption algorithm and executing the authenticated encryption algorithm to obtain the encrypted data and a MAC corresponding to the data. The encryption and generation of the MAC may be performed in any number of ways. As one example, input plaintext data may be encrypted and then a hash function may be applied to the encrypted data to obtain a MAC corresponding to the encrypted data. As another example, a hash function may be applied to the plaintext data to generate a MAC, and then the plaintext data may be encrypted. As another example, the MAC may be generated by applying a hash function to the plaintext data and then encrypting the combination of the plaintext data and the MAC. In some examples, the MAC is stored in one or more algorithm result registers 208 of the cryptography hardware component 200. In some examples, the plaintext data to be encrypted is retrieved from a memory device (e.g., RAM) of the computing device, and the encrypted data output from the authenticated encryption algorithm is stored in a storage device (e.g., a UFS device).

[0042]

[0051] In some examples, executing an authenticated encryption algorithm when performing authenticated decryption may include receiving encrypted data (e.g., from the data receiver 202) as input for the authenticated encryption algorithm and executing the authenticated encryption algorithm to obtain decrypted plaintext data and a MAC corresponding to the data. In some examples, the decryption and generation of the MAC are performed in a manner consistent with how the data was previously encrypted and how the MAC was generated. For example, if the MAC was created using encrypted data, during decryption, the MAC is generated again from the received encrypted data before the data is decrypted to obtain the plaintext data. In some examples, the MAC generated during authenticated decryption is stored in the algorithm result register 208 of the cryptography hardware component. In some examples, the encrypted data is obtained from a storage device (e.g., the UFS storage device 104 shown in FIG. 1 ), and the decrypted plaintext data output from the authenticated encryption algorithm is transferred to a memory device of the computing device (e.g., the memory device 108 shown in FIG. 1 ).

[0043]

[0052] In some examples, the MAC generated during authenticated encryption and the encrypted data may be referred to as a cryptographic result and stored in algorithm result registers 208. The MAC may then be transferred to other storage (e.g., persistent memory) for later comparison during authenticated decryption. In some examples, storing the MAC in a register and / or other storage may be referred to as performing a cryptographic action. In some examples, the MAC and the decrypted data generated by authenticated decryption may be referred to as a cryptographic result. In some examples, to verify the authenticity of the data, the MAC generated by the authenticated encryption algorithm and stored in algorithm result registers 208 of the cryptographic hardware component 200 is compared with a MAC previously generated for the data during the authenticated encryption process. The previously generated MAC may be obtained from any suitable location (e.g., stored in another storage device of the computing device). In one or more examples, the comparison of the MAC to the previously generated MAC is performed by a component of the cryptographic hardware component 200. Alternatively, the comparison may be performed by another component of the computing device, such as a processor. In some examples, obtaining the previously generated MAC and performing the comparison may be referred to as performing a cryptographic action. In some examples, if the MAC and the previously generated MAC match, the authenticity of the data corresponding to the MAC passes, which represents at least a partial authentication check pass. In some examples, if the MAC and the previously generated MAC do not match, the authentication check fails. In some examples, if the authentication check fails, at least one of the error registers 210 (described below) is updated with an indication of the failure.

[0044]

[0053] In some examples, the cryptographic hardware component 200 is requested to perform a cryptographic service type (e.g., integrity verification, authenticated encryption, authenticated decryption, etc.). The request may be received from any suitable entity. As one example, the request may be received from a boot loader during a secure boot process. As another example, the request may be received from an operating system or other component or application when a computing device is suspended to or resumed from a hibernation state. The request may also be received in other manners (e.g., from an application, based on receiving data of a particular type or state, etc.). In some examples, the request determines (e.g., specifies) which cryptographic service algorithm is to be executed by the algorithm executing device 204. Although FIG. 1 illustrates the cryptographic hardware component 200 including a single algorithm executing device 204, the cryptographic hardware component may include any number of algorithm executing devices without departing from the scope of the examples described herein.

[0045]

[0054] In some examples, the cryptographic hardware component 200 includes a cryptographic key storage device 212. The cryptographic key storage device 212 may be any type of storage (see the above description of FIG. 1). The cryptographic key storage device 212 may be a single storage device or any number of separate storage components. In some examples, the cryptographic key storage device 212 is configured to store one or more cryptographic keys to be used when performing authenticated encryption algorithms during authenticated encryption, authenticated decryption, and / or any other cryptographic service type. The cryptographic key storage device 212 may store any number of cryptographic keys, and each key may be of any length (e.g., 128 bits, 256 bits, 512 bits, etc.). In some examples, the cryptographic key storage device 212 is operably connected to the algorithm execution device 204.

[0046]

[0055] In some examples, the cryptography hardware component 200 includes a SN / IV storage device 214. The SN / IV storage device 214 may be any type of storage (see the above description of FIG. 1). The SN / IV storage device 214 may be a single storage device or any number of separate storage components. In some examples, the SN / IV storage device 214 is configured to store one or more SNs (e.g., for performing an inline encryption service) and / or one or more IVs (e.g., when performing an inline decryption service). The SN / IV storage device 214 may store any number of SNs and / or IVs. Such SNs and IVs may be obtained using any technique. As an example, an IV corresponding to an encrypted software image stored on a storage device of a computing device may be received from a separate device that encrypted the software image. In some examples, the SN / IV storage device 214 is operably connected to the algorithm execution device 204.

[0047]

[0056] In some examples, the cryptographic hardware component 200 includes a data transmitter 206. The data transmitter 206 may be any component capable of receiving data from the algorithm executing device 204 and / or the algorithm result register 208. As an example, the data transmitter 206 may be a first-in, first-out (FIFO) buffer. In some examples, the data transmitter 206 is configured to perform direct memory access (DMA). In some examples, the data transmitter 206 is configured to receive and transfer encrypted data to a storage device (e.g., a UFS storage device), transfer decrypted data to a memory device (e.g., RAM), and / or transfer cryptographic results (e.g., MACs, digests, etc.) to another component of the computing device (e.g., an additional storage device). In some examples, the data transmitter 206 is operably coupled to the algorithm executing device 204 and / or the algorithm result register 208. Although FIG. 2 illustrates a cryptographic hardware component with a single data transmitter 206, the cryptographic hardware component may include any number of data transmitters without departing from the scope of the examples described herein.

[0048]

[0057] In some examples, the cryptographic hardware component 200 includes any number of algorithm result registers 208. The algorithm result registers 208 may be hardware registers for storing at least a portion of a cryptographic result (e.g., a digest, a MAC, etc.). The algorithm result registers 208 may be configured to store data of any size (e.g., 128 bits, 256 bits, 512 bits, 1024 bits, 16 bytes, etc.). In some examples, the algorithm result registers 208 are operably connected to the algorithm executing device 204 and / or the data transmitter 206.

[0049]

[0058] In some examples, the cryptography hardware component 200 includes any number of error registers 210. The error registers 210 may be hardware registers for storing an indication of either an integrity check failure or an authentication check failure. The error registers 210 may be of any size (e.g., 8 bits, 16 bits, etc.). In some examples, the error registers 210 are operably connected to the algorithm execution device 204.

[0050]

[0059] 2 depicts a particular number of components in a particular configuration, those skilled in the art will appreciate that cryptography hardware components 200 may include more or fewer components and / or components arranged in any number of alternative configurations without departing from the scope of the examples described herein. Thus, the examples disclosed herein should not be limited to the configuration of components depicted in FIG.

[0051]

[0060] As described above, using cryptography hardware component 200 to perform cryptographic service types such as integrity verification and authenticated encryption and storing the cryptographic results obtained therefrom in hardware registers of cryptography hardware component 200 effectively offloads operations from one or more processors of a computing device. Therefore, offloading cryptography algorithm execution improves the performance of a computing device whenever a storage operation (e.g., reading data from storage, writing data to storage) requires the enhanced security provided by integrity verification and authenticated encryption. Examples of improved performance include, but are not limited to, improved key performance indicators (e.g., improved boot time) seen when performing integrity checks during a secure boot process, enabling cryptography hardware component 200 to perform processes such as Linux device mapper (dm) verity (dm-verity) integrity verification of block storage devices, thereby allowing other computational resources (e.g., processors) of the computing device to perform other operations, and enabling computational resources of the computing device to perform other operations during authenticated encryption and decryption operations (e.g., performed during a suspend or resume process). As an example, if 1.5 gigabytes (GB) of data in the memory of a computing device needs to be captured and written to storage during a suspend process, and the block size of the data is 4 kilobytes (KB), there will be 384,000 blocks of data, each of which must be manipulated by one or more processors of the computing device to provide authenticated encryption of the data (e.g., data encryption and MAC generation) without the examples described herein.However, the examples described herein allow all of the operations to be performed in cryptographic hardware components instead, thereby freeing one or more processors to perform other operations, which may improve the amount of time required to place a computing device into hibernation.

[0052]

[0061] 3 is a flow diagram illustrating an example of a process 300 for performing an integrity verification process using a hash algorithm, according to examples described herein. Process 300 may be performed, at least in part, by a cryptography hardware component, such as, for example, cryptography hardware component 106 shown in FIG. 1 and cryptography hardware component 200 shown in FIG. 2.

[0053]

[0062] At block 302, process 300 includes receiving a request to provide an integrity cryptography service type. In some examples, the request is received by a cryptography hardware component (e.g., the cryptography hardware component 200 shown in FIG. 2 and described above). In some examples, the request is received from any entity (e.g., hardware, software, firmware, or any combination thereof) that seeks to perform integrity verification of previously stored data. As an example, when implementing a secure boot of an operating system on a computing device, a boot loader may request integrity verification of an operating system image. As another example, an operating system, via a processor, may request integrity verification of previously stored data to help ensure that loading the data into memory does not pose a security risk that the computing device is somehow compromised. In some examples, the request specifies an algorithm to be executed that the cryptography hardware component is configured to execute (e.g., using the algorithm execution device 204 shown in FIG. 2 and described above). In some examples, the cryptography algorithm specified in the request is the same as the algorithm previously used on the data. As an example, the data may have previously had a hash generated using a SHA-family algorithm, and the request may specify the same SHA-family algorithm executed by a cryptographic hardware component so that the resulting digest (e.g., cryptographic result) can be compared to a previously generated digest for the same data, which may be included, for example, in a hash table containing hashes for various segments of the data. In some examples, comparing a digest to a previously generated digest may be referred to as performing a cryptographic action.

[0054]

[0063] At block 304, process 300 includes initiating a hash algorithm in response to the request. In some examples, the hash algorithm is executed using an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, initiating execution of the hash algorithm includes configuring hardware (e.g., circuitry), software, or a combination thereof, of the algorithm execution device to execute the hash algorithm specified in the request received at block 302.

[0055]

[0064] At block 306, process 300 includes obtaining data on which the hash algorithm will run. As an example, the data may be received at a data receiver (e.g., data receiver 202 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2) and provided therefrom to an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2). The data may be obtained from any storage device of the computing device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1, etc.). In some examples, the data on which the hash algorithm operates is a portion of the data for which integrity verification is desired. Thus, the data may be received in a series of discrete units (e.g., blocks, segments, etc.), and each such discrete unit of data may be used separately as an input to the hash algorithm to generate a set of digests for the data as a whole.

[0056]

[0065] At block 308, process 300 includes executing a hash algorithm using the data obtained at block 306 as input to generate a digest corresponding to the data. As an example, an algorithm executing device (e.g., algorithm executing device 204 shown in FIG. 2) may execute a hash algorithm using the data. In some examples, executing a hash algorithm includes executing a hash function. In some examples, executing a hash function includes inputting the data into the hash function to obtain a digest as an output. In some examples, the digest is a fixed size regardless of the size of the input data. In some examples, the fixed size of the digest is determined by the particular hash algorithm being executed. Any hash function may be executed without departing from the scope of the examples described herein, and the particular hash function being executed is determined by the hash algorithm being executed. As an example, when the hash algorithm SHA-256 is being implemented, the digest size is 256 bits, and the hash function that generates the digest appends a binary number to the binary string representing the input data, pads the data with additional zeros, appends a binary representation of an integer representing the length of the input data, creates a set of initial hash values, creates a set of constants, creates a message schedule using the data, performs a series of rotations and logical operations, compresses the result to the correct size, and performs some additional final corrections, thereby obtaining a digest corresponding to the input data.

[0057]

[0066] At block 310, process 300 includes storing in a hardware register the digest obtained as output from the hashing algorithm executed at block 308. As an example, the digest may be stored in a hardware register (e.g., one of the algorithm result registers 208 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2).

[0058]

[0067] At block 312, process 300 includes obtaining an expected digest for the data. As one example, the expected digest for the data may be stored in a hash table associated with the data. As another example, the expected digest may be obtained from a storage device of the computing device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1). In some examples, the expected digest is obtained by a cryptographic hardware component or any other component of the computing device that will compare the output digest with the expected digest.

[0059]

[0068] At block 314, process 300 includes performing a comparison between the digest stored in a hardware register of the cryptography hardware component and the expected digest obtained at block 312. In some examples, performing the comparison includes determining whether a difference exists between the digest in the hardware register and the expected digest. The digest corresponding to a particular data item is highly likely to be unique, meaning that the likelihood of two different data items corresponding to the same digest (e.g., a hash collision) is very low. Additionally, even small changes to the data significantly alter the digest. Thus, if the digest and the expected digest match, the data for which integrity verification is desired is likely not modified since it was previously stored (e.g., the integrity of the data is verified). Thus, integrity verification can improve the security of a computing device by ensuring that no other changes, malicious or otherwise, have been made to the stored data.

[0060]

[0069] At block 316, process 300 includes making a determination as to whether the digest and the expected digest match. As an example, a cryptographic hardware component (e.g., cryptographic hardware component 200 shown in FIG. 2 ), or a different component of the computing device, can make the determination using the digest and the expected digest from hardware registers of the cryptographic hardware component. In some examples, if the digest and the expected digest are identical, the digest and the expected digest match. In some examples, if the digest and the expected digest match, at least a partial integrity check pass occurs. The integrity check pass may be partial if there are additional data units whose data integrity must be verified to obtain a complete integrity check pass, with each other data unit being subjected to process 300. In some examples, if the digest and the expected digest are not identical, the integrity check fails and the integrity of the data is not verified. In some examples, if the determination is an integrity check failure, process 300 proceeds to block 320. In some examples, if the determination is that the integrity check passes, the process 300 proceeds to block 318 .

[0061]

[0070] At block 318, process 300 includes providing an integrity check pass indication. As an example, the component that performed the comparison of the digest to the expected digest (e.g., the cryptography hardware component 200 shown in FIG. 2) may provide the integrity check pass indication to the entity that requested the cryptography hardware component to perform the hash algorithm at block 302. In some examples, the integrity check pass indication allows the integrity-verified data to be transferred from a storage device (e.g., the UFS device 104 shown in FIG. 1, the additional storage device 110 shown in FIG. 1) to the memory of the computing device (e.g., the memory device 108 shown in FIG. 1), where the data may otherwise be manipulated to continue performing a process (e.g., a secure boot process).

[0062]

[0071] At block 320, process 300 includes updating an error register of a cryptography hardware component with the indication of the integrity check failure. As an example, cryptography hardware component 200 shown in FIG. 2 may update one of error registers 210 shown in FIG. 1 with the indication of the integrity check failure. The indication may be in any form without departing from the scope of the examples described herein. As an example, the state of one or more bits in the error register may be changed, thereby indicating an integrity check failure.

[0063]

[0072] 4 is a flow diagram illustrating an example of a process 400 for performing an authenticated encryption process using an authenticated encryption algorithm, according to examples described herein. Process 400 may be performed, at least in part, by a cryptography hardware component, such as, for example, cryptography hardware component 106 shown in FIG. 1 and cryptography hardware component 200 shown in FIG. 2.

[0064]

[0073] At block 402, process 400 includes receiving a request to provide a cryptographic service type. In some examples, the request is received by a cryptographic hardware component (e.g., cryptographic hardware component 200 shown in FIG. 2 and described above). In some examples, the request is received from any entity (e.g., hardware, software, firmware, or any combination thereof) that seeks to perform integrity verification of previously stored data. The requested cryptographic service type may also be any other cryptographic service type (e.g., authenticated encryption, authenticated decryption, etc.) without departing from the scope of the examples described herein.

[0065]

[0074] At block 404, process 400 includes initiating a cryptography algorithm in a cryptography hardware component, the cryptography algorithm being associated with the cryptography service type. In some examples, the cryptography algorithm is executed using an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2) of the cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). Examples of cryptography algorithms include, but are not limited to, SHA, AES-GCM, AES-XTS, AES-ECB, AES-CBC, and ESSIV-AES-CBC. Other cryptography algorithms may be initiated without departing from the scope of the examples described herein.

[0066]

[0075] At block 406, process 400 includes applying a cryptographic operation to the data to obtain a cryptographic result, the cryptographic operation being associated with a cryptographic algorithm. In some examples, the cryptographic operation is applied by a cryptographic hardware component (e.g., cryptographic hardware component 200 shown in FIG. 2 and described above). Examples of cryptographic results include, but are not limited to, a digest, a MAC, encrypted data, decrypted data, etc.

[0067]

[0076] At block 408, process 400 includes storing at least a portion of the cryptographic result in a hardware register (e.g., algorithm result register 208 of FIG. 2) of a cryptographic hardware component (e.g., cryptographic hardware component 200 of FIG. 2), where the cryptographic result is configured to be used to perform a cryptographic action. Examples of cryptographic actions include, but are not limited to, storing the digest, performing a comparison between the digest and an expected digest, providing an indication of an integrity check pass, updating an error register (e.g., error register 210 of FIG. 2) with an indication of an integrity check failure, storing a MAC in a hardware register, storing the MAC to a storage device, storing the encrypted data to a storage device, performing a comparison between the MAC and the expected MAC, providing an indication of an authenticated decryption pass, updating an error register with an authenticated decryption failure indication, storing the decrypted data to a memory device, etc.

[0068]

[0077] 5 is a flow diagram illustrating another example of a process 500 for performing an authenticated encryption process using an authenticated encryption algorithm, according to examples described herein. Process 500 may be performed, at least in part, by a cryptography hardware component, such as, for example, cryptography hardware component 106 shown in FIG. 1 and cryptography hardware component 200 shown in FIG. 2.

[0069]

[0078] At block 502, process 500 includes receiving a request to provide an authenticated encryption cryptography service type. In some examples, the request is received by a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2 and described above). In some examples, the request is received from any entity (e.g., hardware, software, firmware, or any combination thereof) seeking to perform authenticated encryption of data for any purpose. As an example, when a computing device is suspended to a hibernation state, certain system state information from the computing device's memory (e.g., memory device 108 shown in FIG. 2) and / or other data storage (e.g., storage devices, registers, etc.) is written to storage (e.g., UFS storage device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1). In some examples, to help ensure the security of the computing device when it is later resumed from a hibernation state, the system state information may be encrypted and a MAC may be generated for later use in authenticating the data. The encrypted data and MAC may be considered part of the cryptography result. In some examples, the request specifies an algorithm that the cryptography hardware component is configured to execute (e.g., using the algorithm execution device 204 shown in FIG. 2 and described above). As an example, the request may specify the use of AES-GCM to perform authenticated encryption.

[0070]

[0079] At block 504, process 500 includes initiating an authenticated encryption algorithm in response to the request. In some examples, the authenticated encryption algorithm is executed using an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, initiating execution of the authenticated encryption algorithm includes configuring hardware (e.g., circuitry), software, or a combination thereof, of the algorithm execution device to execute the authenticated encryption algorithm specified in the request received at block 302.

[0071]

[0080] At block 506, process 500 includes obtaining data on which the authenticated encryption algorithm is to be performed. As an example, the data may be received at a data receiver (e.g., data receiver 202 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2) and provided therefrom to an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2). The data may be obtained from any data location on the computing device (e.g., memory device 108 shown in FIG. 1, UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1, registers, etc.). In some examples, the data on which the authenticated encryption algorithm operates is a portion of the data for which authenticated encryption is required. Thus, the data may be received in a series of discrete units (e.g., blocks, segments, etc.), and each such discrete unit of data may be separately used as an input to the authenticated encryption algorithm to generate a set of MACs for the data as well as the encrypted data.

[0072]

[0081] At block 508, process 500 includes executing an authenticated encryption algorithm using the data obtained at block 506 as input to generate encrypted data and a MAC corresponding to the encrypted data or the plaintext data, depending on the particular authenticated encryption algorithm being executed. As an example, a user may attempt to hibernate a computing device, or the computing device may be configured to hibernate after a period of inactivity or in response to low battery power. In such a scenario, the operating system of the computing device may request authenticated encryption for data currently in the device's memory, which is used as input for the authenticated encryption algorithm specified in the request received at block 502. In some examples, executing the authenticated encryption algorithm generates as output the encrypted data and a MAC (e.g., a cryptographic result) corresponding to the data or the encrypted data. In some examples, a cryptographic key (e.g., obtained from the cryptographic key storage device 212 shown in FIG. 2) is used to encrypt the data. The same key or a different key may be used when generating the MAC (which may also be referred to as an authentication tag). In some examples, performing the authenticated encryption algorithm includes using and / or generating other items of information, such as, for example, an initialization vector, additional authenticated data, the values ​​of one or more counters, etc.

[0073]

[0082] At block 510, process 500 includes storing in a hardware register the MAC obtained as output from the authenticated encryption algorithm executed in block 508. As an example, the MAC may be stored in a hardware register (e.g., one of the algorithm result registers 208 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, storing the MAC in a hardware register may be at least part of performing a cryptography action.

[0074]

[0083] At block 512, process 500 includes storing the MAC obtained as output from the authenticated encryption algorithm performed at block 508 in a storage device. As an example, the MAC may be stored in a storage device, such as persistent memory or any other storage device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1). In some examples, the MAC is transferred from a hardware register of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2) to the storage device. In some examples, storing the MAC in a storage device may be referred to as performing at least a portion of a cryptography action. In some examples, the MAC is later used as an expected MAC when performing authenticated decryption of data.

[0075]

[0084] At block 514, process 500 includes storing the encrypted data obtained as output from the authenticated encryption algorithm performed at block 508 in a storage device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1). In some examples, the encrypted data is used later when authenticated decryption is required for the data (e.g., during a resume process). In some examples, storing the encrypted data in a storage device may be referred to as performing at least a portion of a cryptographic action.

[0076]

[0085] 6 is a flow diagram illustrating an example of a process 600 for performing an authenticated decryption process using an authenticated encryption algorithm, according to examples described herein. Process 600 may be performed, at least in part, by a cryptography hardware component, such as, for example, cryptography hardware component 106 shown in FIG. 1 and cryptography hardware component 200 shown in FIG. 2.

[0077]

[0086] At block 602, process 600 includes receiving a request to provide an authenticated decryption cryptography service type. In some examples, the request is received by a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2 and described above). In some examples, the request is received from any entity (e.g., hardware, software, firmware, or any combination thereof) seeking to perform authenticated decryption of data for any purpose. As an example, when a computing device is suspended to a hibernation state, certain system state information from the computing device's memory (e.g., memory device 108 shown in FIG. 2) and / or other data storage (e.g., storage devices, registers, etc.) is written as encrypted data to storage (e.g., UFS storage device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1), and a MAC corresponding to the data is generated. In such a scenario, when the computing device resumes operation, a request may be received to provide authenticated decryption, including decrypting the encrypted data, generating a MAC corresponding to the data, and verifying that the MAC generated during the authenticated encryption matches the MAC generated during decryption, thereby authenticating the data. The decrypted data and MAC may be considered part of the cryptographic result. In some examples, the request specifies an algorithm to be executed that the cryptographic hardware component is configured to execute (e.g., using the algorithm execution device 204 shown in FIG. 2 and described above). As an example, the request may specify the use of AES-GCM to perform the authenticated decryption. In some examples, the authenticated encryption algorithm used to perform the authenticated decryption corresponds to the authenticated encryption algorithm previously used to perform authenticated encryption on the data.

[0078]

[0087] At block 604, process 600 includes initiating an authenticated encryption algorithm in response to the request. In some examples, the authenticated encryption algorithm is executed using an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, initiating execution of the authenticated encryption algorithm includes configuring hardware (e.g., circuitry), software, or a combination thereof, of the algorithm execution device to execute the authenticated encryption algorithm specified in the request received at block 602.

[0079]

[0088] At block 606, process 600 includes obtaining data on which an authenticated encryption algorithm is to be performed. As an example, the data may be received at a data receiver (e.g., data receiver 202 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2) and provided therefrom to an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2). The data may be obtained from any storage device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1, etc.). In some examples, the data on which the authenticated encryption algorithm operates is a portion of the data for which authenticated decryption is required. Thus, the data may be received in a series of discrete units (e.g., blocks, segments, etc.), and each such discrete unit of data may be used separately as an input to the authenticated decryption algorithm to generate a set of MACs for the data as a whole.

[0080]

[0089] At block 608, process 600 includes executing an authenticated encryption algorithm using the data obtained at block 506 as input to generate decrypted data and a MAC corresponding to the decrypted data or the plaintext data, depending on the particular authenticated encryption algorithm being executed. Generating the decrypted data and / or a MAC may be referred to as obtaining a cryptographic result. As an example, a user may attempt to resume a computing device from a hibernation state. In such a scenario, the operating system or any other component of the computing device may request authenticated decryption for data currently residing in a storage device of the computing device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1), which is used as input for the authenticated encryption algorithm specified in the request received at block 602. In some examples, executing the authenticated encryption algorithm generates, as output, the decrypted data and a MAC corresponding to the data or the encrypted data. In some examples, a cryptographic key (e.g., obtained from cryptographic key storage device 212 shown in FIG. 2) is used to decrypt the data. The same or a different key may be used when generating the MAC (sometimes referred to as the authentication tag). In some examples, performing the authenticated encryption algorithm includes using and / or generating other items of information, such as, for example, an initialization vector, additional authenticated data, the values ​​of one or more counters, etc.

[0081]

[0090] At block 610, process 600 includes storing in a hardware register the MAC obtained as output from the authenticated encryption algorithm executed in block 608. As an example, the MAC may be stored in a hardware register (e.g., one of the algorithm result registers 208 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, storing the MAC may be referred to as performing at least a portion of a cryptography action.

[0082]

[0091] At block 612, process 600 includes obtaining an expected MAC for the data. As one example, the expected MAC for the data may be stored in some form of persistent memory of the computing device. As another example, the expected MAC may be obtained from a storage device of the computing device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1). In some examples, the expected MAC is obtained by a cryptographic hardware component or by any other component of the computing device that will compare the output MAC with the expected MAC. In some examples, obtaining the expected MAC may be referred to as performing at least a portion of a cryptographic action.

[0083]

[0092] At block 614, process 600 includes performing a comparison between the MAC stored in a hardware register of a cryptographic hardware component and the expected MAC obtained at block 612. In some examples, performing the comparison may be referred to as performing at least a portion of a cryptographic action. In some examples, performing the comparison includes determining whether any differences exist between the MAC in the hardware register and the expected MAC. A MAC corresponding to a particular data item is highly likely to be unique, meaning that the likelihood that two different data items correspond to the same MAC is very low. Additionally, even small changes to the data significantly alter the MAC. Thus, if the MAC and the expected MAC match, it is likely that the data for which authenticated decryption is desired has not been altered since it was previously stored (e.g., the authenticity of the data is verified). Thus, authenticated decryption can improve the security of a computing device by ensuring that no malicious or other changes have been made to the stored data.

[0084]

[0093] At block 616, process 600 includes making a determination as to whether the MAC and the expected MAC match, which may be referred to as performing at least a portion of a cryptographic action. As an example, a cryptographic hardware component (e.g., cryptographic hardware component 200 shown in FIG. 2 ), or a different component of the computing device, may make the determination using the MAC and the expected MAC from a hardware register of the cryptographic hardware component. In some examples, if the MAC and the expected MAC are identical, the MAC and the expected MAC match. In some examples, when the MAC and the expected MAC match, at least a partial authentication check pass occurs. An authentication check pass may be partial if there are additional data units whose data authenticity must be verified to obtain a complete authenticity check pass, with each other data unit being subjected to process 600. In some examples, if the MAC and the expected MAC are not identical, the authentication check fails and the authenticity of the data is not verified. In some examples, if the determination is an authentication check failure, process 600 proceeds to block 620. In some examples, if the determination is an authentication check pass, process 600 proceeds to block 618.

[0085]

[0094] At block 618, process 600 includes providing an authentication check pass indication, which may be referred to as performing at least a portion of a cryptographic action. As an example, the component that performed the comparison of the MAC to the expected MAC (e.g., the cryptographic hardware component 200 shown in FIG. 2) may provide the authentication check pass indication to the entity that requested the cryptographic hardware component to perform the authenticated encryption algorithm at block 602. In some examples, the authentication check pass indication allows the authenticity-verified data to be transferred from a storage device (e.g., the UFS device 104 shown in FIG. 1, the additional storage device 110 shown in FIG. 1) to the memory of a computing device (e.g., the memory device 108 shown in FIG. 1), where the data may be otherwise manipulated.

[0086]

[0095] At block 620, process 600 includes updating an error register of a cryptography hardware component with an indication of the authentication check failure, which may be referred to as performing at least a portion of a cryptography action. As an example, the cryptography hardware component 200 shown in FIG. 2 may update one of the error registers 210 shown in FIG. 1 with the indication of the authentication check failure. The indication may be in any form without departing from the scope of the examples described herein. As an example, the state of one or more bits in the error register may be changed, thereby indicating the authentication check failure.

[0087]

[0096] 7 is a flow diagram illustrating an example of a process 700 for performing a decryption process using an encryption algorithm, according to examples described herein. Process 700 may be performed, at least in part, by a cryptography hardware component, such as, for example, cryptography hardware component 106 shown in FIG. 1 and cryptography hardware component 200 shown in FIG. 2.

[0088]

[0097] At block 702, process 700 includes receiving, at a local computing device (e.g., computing device 100 of FIG. 1 ), a request to provide a cryptographic service type that includes decryption of encrypted data, the encrypted data encrypted by a remote computing device using plaintext data, a cryptographic key, and an initialization vector (IV). In some examples, the request is received by a cryptographic hardware component (e.g., cryptographic hardware component 200 shown in FIG. 2 and described above). In some examples, the request is received from any entity (e.g., hardware, software, firmware, or any combination thereof) seeking to perform decryption of data for any purpose. As an example, a software image (or any other type of data) may have been encrypted by a remote computing device (e.g., a server) before being stored in a storage device of the local computing device (e.g., a mobile computing device). In such a scenario, the encryption may be performed, at least in part, according to any of the AES-type encryption algorithms (e.g., CBC, GCM, etc.), which encrypt the data using the cryptographic key and IV. Thus, decrypting the data uses, at least in part, the same key and IV used during the encryption process.

[0089]

[0098] At block 704, process 700 includes initiating an encryption algorithm in a cryptography hardware component of the local computing device in response to receiving the request. In some examples, the encryption algorithm is executed using an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2) of the cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, initiating execution of the encryption algorithm includes configuring hardware (e.g., circuitry), software, or a combination thereof, of the algorithm execution device to execute the encryption algorithm specified in the request received at block 802.

[0090]

[0099] At block 706, process 700 includes obtaining, by a local computing device (e.g., computing device 100 of FIG. 1 ), a cryptographic key and IV. The key and IV may be obtained using any suitable technique. As one example, the key may be obtained using any suitable key derivation and / or exchange procedure between a remote device on which the data was encrypted and a local device having a cryptographic hardware component (e.g., cryptographic hardware component 200 shown in FIG. 2 ) and storing the encrypted data. As another example, the IV may be sent from the remote device to the local device on which the encrypted data is stored.

[0091]

[0100] At block 708, the process 700 includes storing the IV in a hardware storage device of a cryptography hardware component (eg, cryptography hardware component 200 of FIG. 2).

[0092]

[0101] At block 710, process 700 includes obtaining encrypted data (e.g., a software image encrypted by a remote computing device) from a storage device of the local computing device. As an example, the encrypted data may be received at a data receiver (e.g., data receiver 202 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2) and provided therefrom to an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2). The data may be obtained from any storage device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1, etc.). In some examples, the data on which the encryption algorithm operates is a portion of the data for which decryption is desired. Thus, the data may be received in a series of discrete units (e.g., blocks, segments, etc.), and each such discrete unit of data may be used separately as an input to the decryption algorithm to decrypt the encrypted data as a whole.

[0093]

[0102] At block 712, process 700 includes running an encryption algorithm using the encrypted data, the cryptography key, and the IV to obtain decrypted data. As an example, the cryptography hardware component 200 shown in FIG. 2 may run an encryption algorithm using the encrypted data and the key and IV stored by the cryptography hardware component at block 810 to obtain decrypted data.

[0094]

[0103] At block 714, process 700 includes storing the decrypted data in a memory device (e.g., memory device 108 of FIG. 1) of a local computing device (e.g., computing device 100 of FIG. 1). In some examples, the decryption may be considered in-line decryption. Thus, decryption may be performed sequentially on individual portions of the encrypted data, for example, as the encrypted data is transferred from a storage device to one or more memory devices.

[0095]

[0104] 8 is a flow diagram illustrating an example of a process 800 for performing a decryption process using an encryption algorithm, according to examples described herein. Process 800 may be performed, at least in part, by a cryptography hardware component, such as, for example, cryptography hardware component 106 shown in FIG. 1 and cryptography hardware component 200 shown in FIG. 2.

[0096]

[0105] At block 802, process 800 includes receiving a request to provide a decryption cryptography service type. In some examples, the request is received by a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2 and described above). In some examples, the request is received from any entity (e.g., hardware, software, firmware, or any combination thereof) seeking to perform decryption of data for any purpose. As an example, a software image (or any other type of data) may have been encrypted by a remote computing device (e.g., a server) before being stored in a storage device of a local computing device (e.g., a mobile computing device). In such a scenario, the encryption may be performed, at least in part, according to any of the AES-type encryption algorithms (e.g., CBC, GCM, etc.), which encrypt the data using a cryptography key and IV. Thus, decrypting the data uses, at least in part, the same key and IV used during the encryption process.

[0097]

[0106] At block 804, process 800 includes initiating an encryption algorithm in response to the request. In some examples, the encryption algorithm is executed using an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, initiating execution of the encryption algorithm includes configuring hardware (e.g., circuitry), software, or a combination thereof, of the algorithm execution device to execute the encryption algorithm specified in the request received at block 802.

[0098]

[0107] At block 806, process 800 includes obtaining encrypted data (e.g., a software image encrypted by a remote computing device) on which the encryption algorithm will run. As an example, the encrypted data may be received at a data receiver (e.g., data receiver 202 shown in FIG. 2) of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2) and provided therefrom to an algorithm execution device (e.g., algorithm execution device 204 shown in FIG. 2). The data may be obtained from any storage device (e.g., UFS device 104 shown in FIG. 1, additional storage device 110 shown in FIG. 1, etc.). In some examples, the data on which the encryption algorithm operates is a portion of the data for which decryption is desired. Thus, the data may be received in a series of discrete units (e.g., blocks, segments, etc.), and each such discrete unit of data may be used separately as an input to the decryption algorithm to decrypt the encrypted data as a whole.

[0099]

[0108] At block 808, process 800 includes obtaining a cryptographic key and IV to be used to encrypt the data. The key and IV may be obtained using any suitable technique. As one example, the key may be obtained using any suitable key derivation and / or exchange procedure between a remote device on which the data was encrypted and a local device having a cryptographic hardware component (e.g., cryptographic hardware component 200 shown in FIG. 2) and storing the encrypted data. As another example, the IV may be sent from the remote device to the local device on which the encrypted data is stored.

[0100]

[0109] At block 810, process 800 includes storing the key and IV obtained at block 808 in one or more storage devices of a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2). In some examples, the IV is stored by the cryptography hardware component, for example, in place of a sequence number that would otherwise be used to derive the IV, thereby offloading the derivation of the IV from the computational resources of the local computing device.

[0101]

[0110] At block 812, process 800 includes executing the encryption algorithm used to encrypt the data at the remote device to obtain decrypted data (e.g., a cryptographic result). As an example, the cryptographic hardware component 200 shown in FIG. 2 may execute the encryption algorithm at block 810 using the encrypted data and the key and IV stored by the cryptographic hardware component.

[0102]

[0111] At block 814, process 800 includes storing the decrypted data obtained at block 812 in one or more memory devices of a local computing device having a cryptography hardware component (e.g., cryptography hardware component 200 shown in FIG. 2), which may be referred to as performing at least a portion of the cryptography actions. In some examples, the decryption may be considered in-line decryption. Thus, decryption may be performed sequentially on individual portions of the encrypted data, for example, as the encrypted data is transferred from a storage device to one or more memory devices.

[0103]

[0112] In some examples, processes 300, 400, 500, 600, 700, 800, or any other process described herein may be performed by a computing device or apparatus and / or one or more components therein. As an example, the processes may be performed in whole or in part by cryptography hardware component 106 of computing device 100 shown in FIG. 1. As another example, processes 300, 400, 500, 600, 700, and 800 may be performed in whole or in part by cryptography hardware component 200 shown in FIG. 2. As another example, the processes may be performed in whole or in part by computing system 900 shown in FIG. 9, which may include at least one cryptography hardware component not shown in FIG.

[0104]

[0113] The computing device may include any suitable device, such as a vehicle or a vehicle's computing device (e.g., a vehicle's driver monitoring system (DMS)), a mobile device (e.g., a mobile phone), a desktop computing device, a tablet computing device, a wearable device (e.g., a VR headset, an AR headset, AR glasses, a network-connected watch or smartwatch, or other wearable device), a server computer, a robotic device, a television, and / or any other computing device having the resource capabilities to perform the processes described herein, including processes 300, 400, 500, 600 and / or other processes described herein. In some cases, the computing device or apparatus may include various components, such as one or more input devices, one or more output devices, one or more processors, one or more microprocessors, one or more microcomputers, one or more cameras, one or more sensors, one or more cryptographic hardware components, and / or other components configured to perform the operations of the processes described herein. In some examples, a computing device may include a display, a network interface configured to communicate and / or receive data, any combination thereof, and / or other components. The network interface may be configured to communicate and / or receive Internet Protocol (IP)-based data or other types of data.

[0105]

[0114] Components of a computing device may be implemented in circuitry. For example, components may include and / or be implemented using electronic circuitry or other electronic hardware that may include one or more programmable electronic circuits (e.g., microprocessors, graphics processing units (GPUs), digital signal processors (DSPs), central processing units (CPUs), and / or other suitable electronic circuitry), and / or may include and / or be implemented at least in part using computer software, firmware, or any combination thereof to perform various operations described herein.

[0106]

[0115] Process 300 shown in FIG. 3 , process 400 shown in FIG. 4 , process 500 shown in FIG. 5 , process 600 shown in FIG. 6 , process 700 shown in FIG. 7 , and process 800 shown in FIG. 8 are illustrated as logical flow diagrams, whose operations represent sequences of operations that may be implemented in hardware, computer instructions, or a combination thereof. In the context of computer instructions, the operations represent computer-executable instructions stored on one or more computer-readable storage media that, when executed by one or more processors, perform the described operations. Generally, computer-executable instructions include routines, programs, objects, components, data structures, etc. that perform particular functions or implement particular data types. The order in which the operations are described is not intended to be construed as a limitation, and any number of the described operations can be combined in any order and / or in parallel to implement the processes.

[0107]

[0116] Additionally, processes 300, 400, 500, 600, 700, 800, and / or other processes described herein may be performed under the control of one or more computer systems comprised of executable instructions, may be implemented by hardware, or a combination thereof, as code (e.g., executable instructions, one or more computer programs, or one or more applications) that collectively execute on one or more processors. As noted above, the code may be stored on a computer-readable or machine-readable storage medium, for example, in the form of a computer program that includes instructions executable by one or more processors. The computer-readable or machine-readable storage medium may be non-transitory.

[0108]

[0117] Figure 9 illustrates an example of a system for implementing certain aspects of the present technology. In particular, Figure 9 illustrates an example of a computing system 900, which may be, for example, an internal computing system, a remote computing system, a camera, or any computing device comprising any of these components, the components of the system communicating with each other using a connection 905. The connection 905 may be a physical connection using a bus or a direct connection to a processor 910, such as in a chipset architecture. The connection 905 may also be a virtual connection, a network connection, or a logical connection.

[0109]

[0118] In some examples, computing system 900 is a distributed system in which the functionality described in this disclosure may be distributed across a data center, multiple data centers, a peer network, etc. In some examples, one or more of the system components described represent many such components, each performing some or all of the functionality for which the component is described. In some examples, the components may be physical or virtual devices.

[0110]

[0119] The exemplary system 900 includes at least one processing unit (CPU or processor) 910 and connections 905 coupling various system components to the processor 910, including system memory 915 such as read-only memory (ROM) 920 and random access memory (RAM) 925. The computing system 900 may include a cache 912 of high-speed memory connected directly to the processor 910, connected in close proximity to the processor 910, or integrated as part of the processor 910.

[0111]

[0120] Processor 910 may include any general-purpose processor, hardware or software services, such as services 932, 934, and 936 stored in storage device 930, configured to control processor 910, and special-purpose processors where software instructions are embedded in the actual processor design. Processor 910 may essentially be a completely self-contained computing system including multiple cores or processors, buses, memory controllers, caches, etc. Multi-core processors may be symmetric or asymmetric.

[0112]

[0121] To enable user interaction, computing system 900 includes input devices 945, which may represent any number of input mechanisms, such as a microphone for speech, a touch-sensitive screen for gesture or graphical input, a keyboard, a mouse, motion input, speech, etc. Computing system 900 may also include output devices 935, which may be one or more of a number of output mechanisms. In some cases, a multimodal system may enable a user to provide multiple types of input / output to communicate with computing system 900. Computing system 900 may include a communication interface 940, which may generally govern and manage user input and system output.The communications interface may be an audio jack / plug, a microphone jack / plug, a Universal Serial Bus (USB) port / plug, an Apple® Lightning® port / plug, an Ethernet port / plug, an optical fiber port / plug, a proprietary wired port / plug, a BLUETOOTH® wireless signal transmission, a BLUETOOTH® low energy (BLE) wireless signal transmission, an IBEACON® wireless signal transmission, a radio-frequency identification (RFID) wireless signal transmission, a near-field communications (NFC) wireless signal transmission, a dedicated short range communication (DSRC) wireless signal transmission, an 802.11 Wi-Fi wireless signal transmission, a wireless local area network (WLAN) signal transmission, a Visible Light Communication (VLC), a Worldwide Interoperability for Microwave Access (WLAN), a The communication device may perform or facilitate the reception and / or transmission of wired or wireless communications using wired and / or wireless transceivers, including those utilizing WiMAX (Wireless Access), Infrared (IR) communications wireless signal transmission, Public Switched Telephone Network (PSTN) signal transmission, Integrated Services Digital Network (ISDN) signal transmission, 3G / 4G / 5G / LTE cellular data network wireless signal transmission, ad hoc network signal transmission, radio wave signal transmission, microwave signal transmission, infrared signal transmission, visible light signal transmission, ultraviolet light signal transmission, wireless signal transmission along the electromagnetic spectrum, or any combination thereof.Communications interface 940 may also include one or more Global Navigation Satellite System (GNSS) receivers or transceivers used to determine the location of computing system 900 based on reception of one or more signals from one or more satellites associated with one or more GNSS systems, including, but not limited to, the U.S.-based Global Positioning System (GPS), the Russian-based Global Navigation Satellite System (GLONASS), the Chinese-based BeiDou Navigation Satellite System (BDS), and the European-based Galileo GNSS. There is no constraint to operating on any particular hardware configuration, and therefore, the basic features herein can be easily substituted for improved hardware or firmware configurations as they are developed.

[0113]

[0122] The storage device 930 can be a non-volatile and / or non-transitory and / or computer readable memory device, such as a magnetic cassette, a flash memory card, a solid state memory device, a digital versatile disk, a cartridge, a floppy disk, a flexible disk, a hard disk, a magnetic tape, a magnetic strip / stripe, any other magnetic storage medium, flash storage, memristor memory, any other solid state memory, a compact disc read only memory (CD-ROM) optical disk, a rewritable compact disc (CD) optical disk, a digital video disk (DVD) optical disk, a Blu-ray disc (BDD) optical disk, a holographic optical disk, another optical medium, a secure digital (SD) card, a micro secure digital (microSD) card, a memory stick card, a smart card chip, an EMV chip, a subscriber identity module (SIM) card, a mini / micro / nano / pico SIM card, another integrated circuit (IC) chip / card, a random access memory (RAM), a static RAM, RAM (SRAM), dynamic RAM (DRAM), read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), flash EPROM, cache memory (L1 / L2 / L3 / L4 / L5 / L#), resistive random-access memory (RRAM / ReRAM), phase change memoryThe memory may be a hard disk or other type of computer-readable medium capable of storing data that is accessible by a computer, such as PCM, spin transfer torque RAM (STT-RAM), another memory chip or cartridge, and / or a combination thereof.

[0114]

[0123] The storage device 930 may include software services, servers, services, etc., where code defining such software, when executed by the processor 910, causes the processor to perform functions in the system. In some examples, hardware services that perform particular functions may include software components stored in computer-readable media in association with the necessary hardware components, such as the processor 910, connections 905, output devices 935, etc., to perform the functions.

[0115]

[0124] As used herein, the term "computer-readable recording medium" includes, but is not limited to, portable or non-portable storage devices, optical storage devices, and various other media capable of storing, storing, or transporting instructions and / or data. Computer-readable media may also include non-transitory media that can store data and do not include carrier waves and / or transitory electronic signals propagated wirelessly or over wired connections. Examples of non-transitory media include, but are not limited to, magnetic disks or tapes, optical storage media such as compact disks (CDs) or digital versatile disks (DVDs), flash memory, memories, or memory devices. Code and / or machine-executable instructions may be stored on a computer-readable medium, which may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or any combination of instructions, data structures, or program statements. A code segment may be coupled to another code segment or a hardware circuit by passing and / or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, etc. can be passed, forwarded, or transmitted using any suitable means including memory sharing, message passing, token passing, network transmission, etc.

[0116]

[0125] In some examples, computer-readable storage devices, media, and memories may include cable or wireless signals containing bitstreams, etc. However, when referred to, non-transitory computer-readable storage media explicitly excludes media such as energy, carrier signals, electromagnetic waves, and the signals themselves.

[0117]

[0126] Specific details are provided in the above description to provide a thorough understanding of the examples and examples provided herein. However, it will be understood by those skilled in the art that the examples may be practiced without these specific details. For clarity of explanation, in some instances, the technology may be presented as including individual functional blocks, including functional blocks comprising devices, device components, operations, steps, or routines in methods embodied in software, hardware, or a combination of hardware and software. Additional components other than those shown in the figures and / or described herein may also be used. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form so as not to obscure the examples with unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail so as to avoid obscuring the examples.

[0118]

[0127] Individual examples may be described above as a process or method that is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. While a flowchart may describe operations as a sequential process, many of the operations may be performed in parallel or simultaneously. Moreover, the order of operations may be rearranged. A process terminates when its operations are completed, but may have additional operations not included in the diagram. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination may correspond to a return of the function to the calling function or the main function.

[0119]

[0128] The processes and methods according to the above examples can be implemented using computer-executable instructions stored on or otherwise available from a computer-readable medium. Such instructions may include, for example, instructions and data that cause a general-purpose computer, special-purpose computer, or processing device to perform a particular function or group of functions, or otherwise configure a general-purpose computer, special-purpose computer, or processing device to perform a particular function or group of functions. Portions of the computer resources used may be accessible over a network. The computer-executable instructions may be, for example, binary or intermediate format instructions such as assembly language, firmware, source code, etc. Examples of computer-readable media that can be used to store instructions, information used, and / or information created during the methods according to the described examples include magnetic or optical disks, flash memory, USB devices with non-volatile memory, networked storage devices, etc.

[0120]

[0129] Devices implementing processes and methods according to these disclosures may include hardware, software, firmware, middleware, microcode, hardware description languages, or any combination thereof, and may take any of a variety of form factors. When implemented in software, firmware, middleware, or microcode, program code or code segments (e.g., a computer program product) to perform the necessary tasks may be stored in a computer-readable or machine-readable medium. A processor may perform the necessary tasks. Typical example form factors include laptops, smartphones, mobile phones, tablet devices or other small footprint personal computers, personal digital assistants, rack-mounted devices, standalone devices, etc. The functionality described herein may also be embodied in peripheral devices or add-in cards. Such functionality may also be implemented across different chips on a circuit board or across different processes running within a single device, as further examples.

[0121]

[0130] The instructions, media for communicating such instructions, computing resources for executing those instructions, and other structures for supporting such computing resources are exemplary means for providing the functionality described in this disclosure.

[0122]

[0131] While aspects of the present application have been described in the foregoing description with reference to specific examples thereof, those skilled in the art will recognize that the present application is not limited thereto. Accordingly, while illustrative examples of the present application have been described in detail herein, it should be understood that the concepts of the present application may be embodied and employed in various other ways, and that the appended claims are intended to be construed to include such variations except insofar as limited by the prior art. The various features and aspects of the present application described above may be used individually or in combination. Moreover, the examples described herein may be utilized in any number of environments and applications beyond those described herein without departing from the broader spirit and scope of the present application. Accordingly, the specification and drawings should be regarded as illustrative and not restrictive. For illustrative purposes, methods have been described in a particular order. It should be understood that, in alternative examples, methods may be performed in an order different from that described.

[0123]

[0132] Those skilled in the art will understand that the less than ("<") and greater than (">") symbols or terms used herein can be replaced with the less than or equal to ("≦") and greater than or equal to ("≧") symbols, respectively, without departing from the scope of this description.

[0124]

[0133] Where a component is described as being "configured to" perform a particular operation, such configuration may be achieved, for example, by designing electronic circuitry or other hardware to perform the operation, by programming programmable electronic circuitry (e.g., a microprocessor or other suitable electronic circuitry) to perform the operation, or any combination thereof.

[0125]

[0134] The phrase "coupled to" refers to any component that is physically connected to another component, either directly or indirectly, and / or that is in communication with another component, either directly or indirectly (e.g., connected to the other component via a wired or wireless connection and / or other suitable communication interface).

[0126]

[0135] Claim language or other language referring to "at least one of" a set and / or "one or more" of a set indicates that one member of the set or multiple members of the set (in any combination) satisfies the claim. For example, claim language reciting "at least one of A and B" or "at least one of A or B" means A, B, or A and B. As another example, claim language reciting "at least one of A, B, and C" or "at least one of A, B, or C" means A, B, C, or A and B, or A and C, or B and C, or A, B, and C. The language of "at least one of" a set and / or "one or more" of a set does not limit the set to the items listed in the set. For example, claim language reciting "at least one of A and B" or "at least one of A or B" can mean A, B, or A and B, and can additionally include items not recited within the set of A and B.

[0127]

[0136] The various illustrative logical blocks, modules, circuits, and algorithmic operations described in connection with the examples disclosed herein may be implemented as electronic hardware, computer software, firmware, or combinations thereof. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and operations have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends on the particular application and design constraints imposed on the overall system. Those skilled in the art may implement the described functionality in various ways for each particular application, and such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

[0128]

[0137] The techniques described herein may also be implemented in electronic hardware, computer software, firmware, or any combination thereof. Such techniques may be implemented in any of a variety of devices, such as a general-purpose computer, a wireless communication device handset, or an integrated circuit device having multiple uses, including applications in wireless communication device handsets and other devices. Any features described as modules or components may be implemented together in an integrated logic device, or separately as discrete but interoperable logic devices. If implemented in software, the techniques may be realized at least in part by a computer-readable data storage medium comprising program code including instructions that, when executed, perform one or more of the methods described above. The computer-readable data storage medium may also form part of a computer program product, which may include packaging materials. The computer-readable medium may include memory or data storage media, such as random access memory (RAM), such as synchronous dynamic random access memory (SDRAM), read-only memory (ROM), non-volatile random access memory (NVRAM), electrically erasable programmable read-only memory (EEPROM), FLASH memory, magnetic or optical data storage media, etc. These technologies may also, or alternatively, be implemented at least in part by a computer-readable communications medium, such as a propagated signal or wave, that carries or communicates program code in the form of instructions or data structures and that can be accessed, read, and / or executed by a computer.

[0129]

[0138] The program code may be executed by a processor, which may include one or more processors, such as one or more digital signal processors (DSPs), general-purpose microprocessors, application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuitry. Such a processor may be configured to perform any of the techniques described in this disclosure. A general-purpose processor may be a microprocessor, but alternatively, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, multiple microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Accordingly, the term “processor”, as used herein, may refer to any of the above structures, any combination of the above structures, or any other structure or apparatus suitable for implementing the techniques described herein.

[0130]

[0139] Exemplary aspects of the present disclosure include the following.

[0131]

[0140] Aspect 1: A method for offloading cryptographic services, the method including receiving a request to provide a cryptographic service type; initiating, at a cryptographic hardware component, a cryptographic algorithm associated with the cryptographic service type; applying a cryptographic operation associated with the cryptographic algorithm to data to obtain a cryptographic result; and storing at least a portion of the cryptographic result in a hardware register of the cryptographic hardware component, the cryptographic result configured for use in performing the cryptographic action.

[0132]

[0141] Aspect 2: The method of aspect 1, wherein the cryptographic service type includes an integrity service, the cryptographic algorithm is a hash algorithm, and the cryptographic result includes a digest corresponding to the data.

[0133]

[0142] Aspect 3: The method of any one of aspects 1 or 2, further comprising performing a cryptographic action using the cryptographic result.

[0134]

[0143] Aspect 4: The method of any one of Aspects 1-3, wherein performing the cryptographic action includes obtaining a cryptographic result from a hardware register of a cryptographic hardware component; and performing a comparison between the cryptographic result and the expected cryptographic result to determine whether the cryptographic result matches the expected cryptographic result.

[0135]

[0144] Aspect 5: The method of aspect 4, further including determining a match between the cryptographic method result and an expected cryptographic method result, and determining at least a partial integrity check pass for the data based on the match between the cryptographic method result and the expected cryptographic method result.

[0136]

[0145] Aspect 6: The method of aspect 4, further comprising: determining that the cryptographic method result does not match the expected cryptographic method result; and determining an integrity check failure for the data based on the cryptographic method result not matching the expected cryptographic method result.

[0137]

[0146] Aspect 7: The method of any one of aspects 6, further comprising updating an error register of a cryptography hardware component with the indication of the integrity check failure.

[0138]

[0147] Aspect 8: The method of any one of aspects 1-7, wherein the cryptographic operation is performed during a secure boot process and the data is at least a portion of an operating system image file.

[0139]

[0148] Aspect 9: The method of any one of aspects 1-8, wherein the cryptographic operation is performed during a data block integrity check and the data is at least a portion of a read-only file system.

[0140]

[0149] Aspect 10: The method of aspect 1, wherein the cryptographic service type includes an authenticated encryption service, the cryptographic algorithm is an authenticated encryption algorithm, and applying the cryptographic operation to obtain the cryptographic result includes generating a message authentication code (MAC).

[0141]

[0150] Aspect 11: The method of any one of aspects 1 or 10, wherein applying a cryptographic operation to the data to obtain a cryptographic result further includes encrypting the data using an authenticated encryption algorithm to obtain encrypted data.

[0142]

[0151] Aspect 12: The method of any one of aspects 1 and 10 or 11, further comprising performing a cryptographic action using the cryptographic result, wherein performing the cryptographic action comprises obtaining a MAC from a hardware register of a cryptographic hardware component and storing the MAC in persistent memory.

[0143]

[0152] Aspect 13: The method of any one of aspects 1 and 10-12, wherein the encrypted data includes encrypted system state information retrieved from memory, and the method further includes storing the encrypted data in a non-volatile storage device.

[0144]

[0153] Aspect 14: The method of any one of aspects 1 or 10, wherein the data is encrypted system state information retrieved from a non-volatile storage device, and performing the cryptographic action includes obtaining a MAC from a hardware register of a cryptographic hardware component, and performing a comparison between the MAC and the expected MAC to determine whether the MAC and the expected MAC match.

[0145]

[0154] Aspect 15: The method of any one of aspects 1 and 14, further including: determining that the MAC and the expected MAC match; determining an authentication check path for the data based on the match between the MAC and the expected MAC; and decrypting the data using a cryptographic algorithm based on the authentication check path.

[0146]

[0155] Aspect 16: The method of any one of aspects 1 and 14, further including: determining that the MAC and the expected MAC do not match; determining an authentication check failure for the data based on the MAC and the expected MAC not matching; and updating an error register of a cryptographic method hardware component with an indication of the authentication check failure based on the authentication check failure.

[0147]

[0156] Aspect 17: An apparatus for offloading cryptographic services, the apparatus comprising: a memory; a processor; and a cryptographic hardware component coupled to the memory and the processor, the cryptographic hardware component configured to receive a request to provide a cryptographic service type; initiate, at the cryptographic hardware component, a cryptographic algorithm associated with the cryptographic service type; apply a cryptographic operation associated with the cryptographic algorithm to data to obtain a cryptographic result; and store at least a portion of the cryptographic result in a hardware register of the cryptographic hardware component, the cryptographic operation being configured for use in performing the cryptographic action.

[0148]

[0157] Aspect 18: The apparatus of aspect 17, wherein the cryptographic service type includes an integrity service, the cryptographic algorithm is a hash algorithm, the cryptographic result includes a digest corresponding to the data, and the cryptographic hardware component is further configured to perform a cryptographic action using the cryptographic result, and to perform the cryptographic action, the cryptographic hardware component is further configured to obtain the cryptographic result from a hardware register of the cryptographic hardware component and perform a comparison between the cryptographic result and the expected cryptographic result to determine whether the cryptographic result matches the expected cryptographic result.

[0149]

[0158] Aspect 19: The apparatus of any one of aspects 17 or 18, wherein the cryptographic hardware component is further configured to determine a match between the cryptographic result and an expected cryptographic result, and determine at least a partial integrity check pass for the data based on the match between the cryptographic result and the expected cryptographic result.

[0150]

[0159] Aspect 20: The apparatus of any one of aspects 17 or 18, wherein the cryptographic hardware component is further configured to determine a mismatch between the cryptographic result and an expected cryptographic result, determine an integrity check failure for the data based on the mismatch between the cryptographic result and the expected cryptographic result, and update an error register of the cryptographic hardware component with an indication of the integrity check failure.

[0151]

[0160] Aspect 21: The apparatus of any one of aspects 17-20, wherein the cryptographic operation is performed during a secure boot process and the data is at least a portion of an operating system image file.

[0152]

[0161] Aspect 22: The apparatus of any one of aspects 17-20, wherein the cryptographic operation is performed during a data block integrity check, and the data is at least a portion of a read-only file system.

[0153]

[0162] Aspect 23: The device of any one or aspects 17 to 20, wherein the cryptographic service type includes an authenticated encryption service, the cryptographic algorithm is an authenticated encryption algorithm, and applying the cryptographic operation to obtain the cryptographic result includes generating a message authentication code (MAC).

[0154]

[0163] Aspect 24: The apparatus of any one of aspects 17 or 23, wherein applying a cryptographic operation to the data to obtain a cryptographic result further includes encrypting the data using an authenticated encryption algorithm to obtain encrypted data, and the cryptographic hardware component is further configured to perform a cryptographic action using the cryptographic result.

[0155]

[0164] Aspect 25: The apparatus of any one of Aspects 17 and 23 or 24, wherein, to perform the cryptographic action, the cryptographic hardware component is further configured to obtain a MAC from a hardware register of the cryptographic hardware component and store the MAC in persistent memory.

[0156]

[0165] Aspect 26: The apparatus of any one of aspects 17 or 23-25, wherein the encrypted data includes encrypted system state information retrieved from the memory, and the cryptography hardware component is further configured to store the encrypted data in a non-volatile storage device.

[0157]

[0166] Aspect 27: The apparatus of any one of aspects 17 or 23, wherein the data is encrypted system state information retrieved from a non-volatile storage device, and wherein, to perform the cryptographic action, the cryptographic hardware component is further configured to retrieve a MAC from a hardware register of the cryptographic hardware component and perform a comparison between the MAC and the expected MAC to determine whether the MAC and the expected MAC match.

[0158]

[0167] Aspect 28: The apparatus of any one of aspects 17 or 27, wherein the cryptography hardware component is further configured to determine that the MAC and the expected MAC match, determine an authentication check path for the data based on the match between the MAC and the expected MAC, and decrypt the data using a cryptography algorithm based on the authentication check path.

[0159]

[0168] Aspect 29: The apparatus of any one of aspects 17 or 27, wherein the cryptographic hardware component is further configured to determine that the MAC and the expected MAC do not match, determine an authentication check failure for the data based on the MAC and the expected MAC not matching, and update an error register of the cryptographic hardware component with an indication of the authentication check failure based on the authentication check failure.

[0160]

[0169] Aspect 30: A non-transitory computer-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations according to any of aspects 1-29.

[0161]

[0170] Aspect 31: An apparatus for offloading cryptographic method services, comprising one or more means for performing the operations according to any of aspects 1-29.

[0162]

[0171] Aspect 32: A method for offloading cryptographic services, the method including: receiving, at a local computing device, a request to provide a cryptographic service type including decryption of encrypted data encrypted by a remote computing device using plaintext data, a cryptographic key, and an initialization vector (IV); in response to receiving the request, initiating an encryption algorithm in a cryptographic hardware component of the local computing device; obtaining, by the local computing device, the cryptographic key and the IV; storing the IV in a hardware storage device of the cryptographic hardware component; obtaining the encrypted data from a storage device of the local computing device; executing the encryption algorithm using the encrypted data, the cryptographic key, and the IV to obtain decrypted data; and storing the decrypted data in a memory device of the local computing device.

[0163]

[0172] Aspect 33: An apparatus for offloading cryptographic services, comprising: at least one memory; and at least one processor coupled to the at least one memory, wherein the at least one processor is configured to receive a request to provide a cryptographic service type including decryption of encrypted data encrypted by a remote computing device using plaintext data, a cryptographic key, and an initialization vector (IV); and in response to receiving the request, initiate an encryption algorithm in a cryptographic hardware component of the apparatus, obtain the cryptographic key and the IV, store the IV in a hardware storage device of the cryptographic hardware component, retrieve the encrypted data from a storage device of the apparatus, perform the encryption algorithm using the encrypted data, the cryptographic key, and the IV to obtain decrypted data, and store the decrypted data in a memory device of the apparatus.

[0164]

[0173] Aspect 34: A non-transitory computer-readable medium of a local computing device having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to receive a request to provide a cryptographic service type including decryption of encrypted data encrypted by a remote computing device using plaintext data, a cryptographic key, and an initialization vector (IV); and, in response to receiving the request, initiate an encryption algorithm in a cryptographic hardware component of the local computing device, obtain the cryptographic key and the IV, store the IV in a hardware storage device of the cryptographic hardware component, retrieve the encrypted data from a storage device of the local computing device, perform the encryption algorithm using the encrypted data, the cryptographic key, and the IV to obtain decrypted data, and store the decrypted data in a memory device of the local computing device.

[0165]

[0174] Aspect 35: An apparatus for offloading cryptographic services, the apparatus comprising: means for receiving a request to provide a cryptographic service type including decryption of encrypted data encrypted by a remote computing device using plaintext data, a cryptographic key, and an initialization vector (IV); means for initiating an encryption algorithm in a cryptographic hardware component of the apparatus in response to receiving the request; means for obtaining the cryptographic key and the IV; means for storing the IV in a hardware storage device of the cryptographic hardware component; means for retrieving the encrypted data from a storage device of the apparatus; means for executing the encryption algorithm using the encrypted data, the cryptographic key, and the IV to obtain decrypted data; and means for storing the decrypted data in a memory device of the apparatus.

Claims

1. A method for offloading cryptographic services to a cryptographic hardware component operably connected to one or more storage devices and memory devices of the same local computing device, wherein data passed from the memory device to the one or more storage devices, or from the one or more storage devices to the memory device, passes through the cryptographic hardware component, and the cryptographic hardware component is configured to perform the cryptographic services on the data, and the method is Receiving a request to provide a cryptographic service type, In the aforementioned cryptographic hardware component, the cryptographic algorithm associated with the cryptographic service type is started, In order to obtain the cryptographic result, the cryptographic operation associated with the cryptographic algorithm is applied to the data, A method comprising storing at least a portion of the cryptographic result, configured to be used to perform a cryptographic action, in a hardware register of the cryptographic hardware component.

2. The method according to claim 1, wherein the cryptographic service type includes an integrity service, the cryptographic algorithm is a hash algorithm, and the cryptographic result includes a digest corresponding to the data.

3. Further includes performing the cryptographic action using the cryptographic result, Implementing the aforementioned cryptographic action means Obtaining the cryptographic result from the hardware register of the cryptographic hardware component, The method according to claim 1, further comprising: performing a comparison between the cryptographic result and the expected cryptographic result in order to determine whether the cryptographic result matches the expected cryptographic result.

4. Determining the agreement between the result of the aforementioned cryptographic method and the expected result of the aforementioned cryptographic method, The method according to claim 3, further comprising determining at least a partial integrity check pass for the data based on the match between the cryptographic result and the expected cryptographic result.

5. It is determined that the result of the aforementioned encryption method and the expected result of the aforementioned encryption method do not match. Based on the discrepancy between the result of the aforementioned encryption method and the expected result of the aforementioned encryption method, a failure in the integrity check for the data is determined. The method according to claim 3, further comprising updating the error register of the cryptographic method hardware component using the instruction for the integrity check failure.

6. The method according to claim 1, wherein the cryptographic operation is performed during a secure boot process, and the data is at least a portion of an operating system image file.

7. The method according to claim 1, wherein the cryptographic operation is performed during a data block integrity check, and the data is at least a portion of a read-only file system.

8. The method according to claim 1, wherein the cryptographic service type includes an authenticated cryptographic service, the cryptographic algorithm is an authenticated cryptographic algorithm, and applying the cryptographic operation to obtain the cryptographic result includes generating a message authentication code (MAC).

9. The method of claim 8, wherein applying the cryptographic operation to the data in order to obtain the cryptographic result further comprises encrypting the data using the authenticated cryptographic algorithm in order to obtain encrypted data.

10. The further includes performing the cryptographic action using the cryptographic result, and performing the cryptographic action is Obtaining the MAC from the hardware register of the aforementioned cryptographic method hardware component, This includes storing the MAC in persistent memory, The encrypted data includes encrypted system state information obtained from memory, and the method is The method according to claim 9, further comprising storing the encrypted data in a non-volatile storage device.

11. The aforementioned data is encrypted system state information obtained from a non-volatile storage device, and the execution of the cryptographic action is as follows: Obtaining the MAC from the hardware register of the aforementioned cryptographic method hardware component, The method of claim 8, comprising performing a comparison between the MAC and the expected MAC in order to determine whether the MAC and the expected MAC match.

12. It is determined that the MAC and the expected MAC match, Based on the matching of the MAC address and the expected MAC address, the authentication check pass for the data is determined. The method according to claim 11, further comprising decrypting the data using the cryptographic algorithm based on the authentication check pass.

13. It is determined that the MAC and the expected MAC do not match, Based on the fact that the MAC address and the expected MAC address do not match, the authentication check for the data is determined to have failed. The method according to claim 11, further comprising updating the error register of the cryptographic method hardware component using the authentication check failure instruction based on the authentication check failure.

14. A device for offloading cryptographic services, At least one memory, One or more storage devices, At least one processor, An apparatus comprising: a cryptographic hardware component coupled to the at least one memory, the one or more storage devices, and the at least one processor, and configured to perform the method according to any one of claims 1 to 13 and 15, wherein data passed from the at least one memory device to the one or more storage devices, or from the one or more storage devices to the at least one memory device, passes through the cryptographic hardware component, and the cryptographic hardware component is configured to perform the cryptographic service on the data.

15. A method for offloading cryptographic services to a cryptographic hardware component operably connected to one or more storage devices and memory devices of the same local computing device, wherein data passed from the memory device to the one or more storage devices, or from the one or more storage devices to the memory device, passes through the cryptographic hardware component, the cryptographic hardware component is configured to perform the cryptographic services on the data, and the method is The local computing device receives a request to provide a cryptographic service type that includes decrypting encrypted data, which has been encrypted by a remote computing device using plaintext data, a cryptographic key, and an initialization vector (IV). In response to receiving the aforementioned request, the encryption algorithm is started in the cryptographic method hardware component of the local computing device, The local computing device obtains the cryptographic key and the IV, The IV is stored in the hardware storage device of the cryptographic method hardware component, Obtaining the encrypted data from one or more of the aforementioned storage devices, In order to obtain the decrypted data, the encryption algorithm is executed using the encrypted data, the encryption key, and the IV, A method comprising storing the decoded data in the memory device.