An apparatus and method of controlling access to data stored in a non-trusted memory

摘要

Message authentication codes (MAC) are generated for data blocks stored in a non-trusted memory 40. The authentication codes may be stored in a trusted memory 65 or in the non-trusted memory or in both. The authentication codes stored in trusted memory are shorter than those stored in non-trusted memory. The authentication codes may be generated using secret data. The secret data used for authentication codes stored in the trusted memory may be different from those stored in the non-trusted memory. The authentication code stored in the trusted memory may be generated by truncating the authentication code stored in the non-trusted memory. An authentication code may be evicted from the trusted memory. In this case, the authentication code for the non-trusted memory may be generated, if it is not already in the non-trusted memory. When reading data from the non-trusted memory, the authentication code in non-trusted memory may be used to generate an authentication code to be used in trusted memory. This may be compared with the authentication code generated from the data to authenticate the data.