A novel method for efficiently protecting hardware-managed unified cryptographic engine keys while preventing data-at-rest attacks.

JP2026519340APending Publication Date: 2026-06-16QUALCOMM INC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
QUALCOMM INC
Filing Date
2024-03-05
Publication Date
2026-06-16

Smart Images

  • Figure 2026519340000001_ABST
    Figure 2026519340000001_ABST
Patent Text Reader

Abstract

Various embodiments include methods performed in the processor for managing cryptographic keys of the integrated cryptographic engine. Embodiments may include detecting a cryptographic key access control event, determining whether the cryptographic key access control event is for invalidating cryptographic key access in the cryptographic key memory of the integrated cryptographic engine, disabling cryptographic key access in the cryptographic key memory in response to determining that the cryptographic key access control event is for invalidating cryptographic key access in the cryptographic key memory, and maintaining one or more cryptographic keys in the cryptographic key memory where cryptographic key access has been disabled. Embodiments may further include enabling cryptographic key access in the cryptographic key memory in response to determining that the cryptographic key access control event is not for invalidating cryptographic key access in the cryptographic key memory.
Need to check novelty before this filing date? Find Prior Art

Claims

1. A method performed in a processor for managing the cryptographic keys of an integrated cryptographic engine, Detecting cryptographic key access control events, Determining whether the aforementioned cryptographic key access control event is intended to invalidate cryptographic key access in the cryptographic key memory of the integrated cryptographic engine, In response to determining that the encryption key access control event is for disabling encryption key access in the encryption key memory, the encryption key access in the encryption key memory is disabled, Maintaining one or more encryption keys in the encryption key memory where encryption key access has been disabled, Methods that include...

2. Following the disabling of cryptographic key access in the aforementioned cryptographic key memory, Receiving data requests and, Attempting to retrieve the encryption key from the aforementioned encryption key memory, Sending an error response, The method according to claim 1, further comprising:

3. The method according to claim 1, wherein disabling encryption key access in the encryption key memory includes setting one or more encryption key access indicators associated with one or more encryption keys to an invalid value.

4. The method according to claim 1, further comprising enabling cryptographic key access in the cryptographic key memory in response to determining that the cryptographic key access control event is not intended to invalidate cryptographic key access in the cryptographic key memory.

5. Following the enabling of cryptographic key access in the aforementioned cryptographic key memory, Receiving data requests and, Attempting to retrieve the encryption key from the aforementioned encryption key memory, Transmitting the aforementioned encryption key, This also includes, The method according to claim 4.

6. The method according to claim 4, wherein enabling cryptographic key access in the cryptographic key memory includes setting one or more cryptographic key access indicators associated with one or more cryptographic keys to an enabled value.

7. Receiving cryptographic key access control policy parameters for one or more cryptographic keys, configured to enable the cryptographic key access control policy, In response to receiving the aforementioned cryptographic key access control policy parameters, enable the cryptographic key access control policy for one or more cryptographic keys, The method according to claim 1, further comprising:

8. The method according to claim 7, wherein enabling the cryptographic key access control policy for the one or more cryptographic keys includes associating the one or more cryptographic keys with one or more cryptographic key access indicators.

9. A computing device comprising a processor, the processor Detect encryption key access control events, Determine whether the aforementioned cryptographic key access control event is intended to invalidate cryptographic key access in the cryptographic key memory of the integrated cryptographic engine. In response to determining that the encryption key access control event is for disabling encryption key access in the encryption key memory, encryption key access in the encryption key memory is disabled. Maintaining one or more encryption keys in the encryption key memory where encryption key access is disabled. It is structured in such a way. Computing device.

10. The aforementioned processor, Receive data request, An attempt is made to retrieve the encryption key from the encryption key memory, which has encryption key access disabled. Send error response. It is further structured in such a way. The computing device according to claim 9.

11. The computing device according to claim 9, wherein the processor is further configured to set one or more cryptographic key access indicators associated with the one or more cryptographic keys to a disabled value.

12. The computing device according to claim 9, wherein the processor is further configured to enable cryptographic key access in the cryptographic key memory in response to determining that the cryptographic key access control event is not for invalidating cryptographic key access in the cryptographic key memory.

13. The aforementioned processor, Receive data request, An attempt is made to retrieve the encryption key from the encryption key memory, for which encryption key access has been enabled. The encryption key is transmitted. It is further structured in such a way. The computing device according to claim 12.

14. The computing device according to claim 12, further configured to set one or more cryptographic key access indicators associated with the one or more cryptographic keys to an active value.

15. The computing device, Receiving cryptographic key access control policy parameters for one or more cryptographic keys, configured to enable the cryptographic key access control policy, In response to receiving the aforementioned cryptographic key access control policy parameters, enable the cryptographic key access control policy for one or more cryptographic keys. The computing device according to claim 9, further configured as follows.

16. The computing device according to claim 9, further configured to associate one or more cryptographic keys with one or more one or more cryptographic key access indicators.

17. A computing device, A means for detecting cryptographic key access control events, Means for determining whether the aforementioned cryptographic key access control event is for invalidating cryptographic key access in the cryptographic key memory of the integrated cryptographic engine, In response to determining that the encryption key access control event is for disabling encryption key access in the encryption key memory, means for disabling encryption key access in the encryption key memory, Means for maintaining one or more encryption keys in the encryption key memory where encryption key access has been disabled, A computing device equipped with [a certain feature].

18. Means for receiving data requests, A means for attempting to retrieve the encryption key from the encryption key memory from which encryption key access has been disabled, Means for sending an error response, The computing device according to claim 17, further comprising the following:

19. The computing device according to claim 17, wherein the means for disabling encryption key access in the encryption key memory includes means for setting one or more encryption key access indicators associated with one or more encryption keys to an invalid value.

20. The computing device according to claim 17, further comprising means for enabling cryptographic key access in the cryptographic key memory in response to determining that the cryptographic key access control event is not for disabling cryptographic key access in the cryptographic key memory.

21. Means for receiving data requests, A means for attempting to retrieve an encryption key from the encryption key memory, which has encryption key access enabled, means for transmitting the aforementioned encryption key, The computing device according to claim 20, further comprising the above.

22. The computing device according to claim 20, wherein the means for enabling cryptographic key access in the cryptographic key memory includes means for setting one or more cryptographic key access indicators associated with one or more cryptographic keys to an enabled value.

23. Means for receiving cryptographic key access control policy parameters for one or more cryptographic keys, configured to enable the cryptographic key access control policy, Means for enabling the encryption key access control policy for one or more encryption keys in response to receiving the encryption key access control policy parameters, The computing device according to claim 17, further comprising the following:

24. The computing device according to claim 23, wherein the means for enabling the encryption key access control policy for the one or more encryption keys includes means for associating the one or more encryption keys with one or more encryption key access indicators.

25. A non-temporary processor-readable medium storing processor-executable instructions configured to cause a computing device's processor to perform an operation, wherein the operation is Detecting cryptographic key access control events, The determination of whether the aforementioned cryptographic key access control event is intended to invalidate cryptographic key access in the cryptographic key memory of the integrated cryptographic engine, In response to determining that the encryption key access control event is for disabling encryption key access in the encryption key memory, the encryption key access in the encryption key memory is disabled, Maintaining one or more encryption keys in the encryption key memory where encryption key access has been disabled, including, Non-temporary processor-readable medium.

26. The stored processor-executable instructions are configured to cause the processor to execute an operation, and the operation is After disabling access to the encryption key in the aforementioned encryption key memory, Receiving data requests and, Attempting to retrieve the encryption key from the aforementioned encryption key memory, Sending an error response, This also includes, The non-temporary processor-readable medium according to claim 25.

27. The non-temporary processor-readable medium according to claim 25, wherein the stored processor-executable instructions are configured to cause the processor to perform an operation, and disabling cryptographic key access in the cryptographic key memory includes setting one or more cryptographic key access indicators associated with the one or more cryptographic keys to a disabled value.

28. The non-temporary processor-readable medium according to claim 25, further comprising the following: the stored processor-executable instruction is configured to cause the processor to perform an operation, the operation enabling cryptographic key access in the cryptographic key memory in response to the determination that the cryptographic key access control event is not for invalidating cryptographic key access in the cryptographic key memory.

29. The stored processor-executable instructions are configured to cause the processor to execute an operation, and the operation is After enabling access to the encryption key in the aforementioned encryption key memory, Receiving data requests and, Attempting to retrieve the encryption key from the aforementioned encryption key memory, Transmitting the aforementioned encryption key, This also includes, The non-temporary processor-readable medium according to claim 28.

30. The non-temporary processor-readable medium according to claim 28, wherein the stored processor-executable instructions are configured to cause the processor to perform an operation, and enabling cryptographic key access in the cryptographic key memory includes setting one or more cryptographic key access indicators associated with one or more cryptographic keys to an enabled value.