Abstract: The disclosure provides a Galois hash authentication-based circuit. An additional authentication data calculation circuit receives the first data block in the data stream and performs calculation according to the first data block, and shifts the calculation result to the left to generate a first output. A ciphertext calculation circuit includes k first calculation units, used to receive in parallel the second data blocks in the data stream in each round of calculation of the ciphertext calculation circuit, and perform parallel calculation on each data block received to generate a second output. The bubble processing circuit receives the first quantity of the third data blocks after the last round of calculation of the ciphertext calculation circuit and performs calculation to generate a third output. A message authentication code is calculated according to the first output, the second output, and the third output.

Abstract: A data padding method comprises: determining a length of a space occupied by remaining data in the register; comparing the length of the space occupied; performing, when the length of the space occupied by the remaining data is less than the length of the unit input data, following operations: receiving a unit input data and storing it continuously with the remaining data in the register; determining a length of a unit output data to be output; intercepting a portion of data with a length of N words from data formed by padding the remaining data buffered in the register and the unit input data and starting from an address space of a lowest bit of the register, as the unit output data and outputting it; and shifting the data remaining in the register as a whole to an address space in the register starting from the lowest bit.

Abstract: A hardware resource mapping system and method; the system includes a host with a user space and external devices connected to the host, containing multiple hardware resources divided into M clusters; M is a positive integer; the user space includes n virtual functions and N virtual resources, with a first mapping relationship existing between them, where n and N are positive integers; a second mapping relationship exists between the N virtual resources and the M clusters, ensuring the number of virtual resources mapped to each cluster is greater than or equal to n, and the virtual resources mapped to each cluster correspond to the n virtual functions; for each cluster, a third mapping relationship exists between the virtual resources mapped to the cluster and the hardware resources included in the cluster, ensuring that each virtual resource is mapped to all hardware resources included in the cluster.

Abstract: A data security method and data security system configured to applied to a memory controller are provided. The data security method comprises: receiving a data writing request, wherein the data writing request comprises data to be written to a storage module and a storage address of the data; acquiring verification information of the data; and writing the data into the storage address, and writing the verification information into a redundant ECC bit corresponding to the data. The data security method and data security system according to the present disclosure can achieve the secure storage and reading of the data without extra space overhead, while maintaining high bandwidth and throughput.

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

Abstract: A data compression method includes: storing data to be written into a first address and a second address into a data buffer in response to a data write request to the first address and the second address of a memory module from a host; according to a relationship between the first address and the second address, selecting a compression scheme from pre-configured compression schemes, and attempting to compress the data to be written into the first address and the second address into compressed data that can be stored into either the first address or the second address by using a pre-defined compression method, if the attempt to compress successes, storing the compressed data into the first address or the second address of the memory module, and identifying the compressed data by using redundant ECC bits to form first identification information.

Abstract: The disclosure provides a Galois hash authentication-based circuit. An additional authentication data calculation circuit receives the first data block in the data stream and performs calculation according to the first data block, and shifts the calculation result to the left to generate a first output. A ciphertext calculation circuit includes k first calculation units, used to receive in parallel the second data blocks in the data stream in each round of calculation of the ciphertext calculation circuit, and perform parallel calculation on each data block received to generate a second output. The bubble processing circuit receives the first quantity of the third data blocks after the last round of calculation of the ciphertext calculation circuit and performs calculation to generate a third output. A message authentication code is calculated according to the first output, the second output, and the third output.

Abstract: A data padding method comprises: determining a length of a space occupied by remaining data in the register; comparing the length of the space occupied; performing, when the length of the space occupied by the remaining data is less than the length of the unit input data, following operations: receiving a unit input data and storing it continuously with the remaining data in the register; determining a length of a unit output data to be output; intercepting a portion of data with a length of N words from data formed by padding the remaining data buffered in the register and the unit input data and starting from an address space of a lowest bit of the register, as the unit output data and outputting it; and shifting the data remaining in the register as a whole to an address space in the register starting from the lowest bit.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: This application relates to the field of memory technology, in particular to a method and a system for remapping a row address on a multichannel DIMM. The method is applied to a memory controller, comprising: receiving a first read/write access address and extracting a first channel row address from the first read/write access address; encrypting and mapping the first channel row address through a key-based mapping method to obtain a second channel row address that corresponds to the first channel row address within a predetermined address range; forming a second read/write access address based on the second channel row address and unextracted address information in the first read/write access address, and performing read/write access to the DIMM based on the second read/write access address. The present application can alleviate side channel attack without causing degradation of read/write performance.

Abstract: A data security method and data security system configured to applied to a memory controller are provided. The data security method comprises: receiving a data writing request, wherein the data writing request comprises data to be written to a storage module and a storage address of the data; acquiring verification information of the data; and writing the data into the storage address, and writing the verification information into a redundant ECC bit corresponding to the data. The data security method and data security system according to the present disclosure can achieve the secure storage and reading of the data without extra space overhead, while maintaining high bandwidth and throughput.

Abstract: A data compression method includes: storing data to be written into a first address and a second address into a data buffer in response to a data write request to the first address and the second address of a memory module from a host; according to a relationship between the first address and the second address, selecting a compression scheme from pre-configured compression schemes, and attempting to compress the data to be written into the first address and the second address into compressed data that can be stored into either the first address or the second address by using a pre-defined compression method, if the attempt to compress successes, storing the compressed data into the first address or the second address of the memory module, and identifying the compressed data by using redundant ECC bits to form first identification information.

Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: An example apparatus includes a scan manager to add a portion of a page of physical memory from a first sequence of mappings to a second sequence of mappings in response to determining the second sequence includes an address corresponding to the portion of the page of physical memory, and a scanner to scan the first sequence and the second sequence to determine whether at least one of first data in the first sequence or second data in the second sequence includes a pattern indicative of malware.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.

Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.