Cryptographic chip and related methods
First Claim
1. A chip for performing cryptographic operations, the chip comprising:
- a key storage module configured to store one or more cryptographic keys;
a rule storage module configured to store one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation;
an interface module configured to receive a rule execution request, wherein the rule execution request comprises a rule identifier to identify a specific rule of the one or more rules to be executed; and
a cryptographic module configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request;
wherein the chip is configured such that the cryptographic keys and the cryptographic module may only be used by executing rules from the one or more rules in response to associated rule execution requests received by the interface module;
wherein the interface module is configured to receive the rule execution request from other circuitry included on the chip or from externally of the chip and wherein the interface module is further configured to assess whether the rule execution request is allowable;
wherein the cryptographic module is configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request having been assessed as allowable by the interface module and not execute the specific rule in response to the rule execution request having been assessed as not allowable by the interface module.
1 Assignment
0 Petitions
Accused Products
Abstract
There is described a chip for performing cryptographic operations. The chip comprises a key storage module, a rule storage module, an interface module and a cryptographic module. The key storage module is configured to store one or more cryptographic keys. The rule storage module is configured to store one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation. The interface module is configured to receive a rule execution request, wherein the rule execution request comprises a rule identifier to identify a specific rule of the one or more rules to be executed. The cryptographic module is configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request. The chip is configured such that the cryptographic keys and the cryptographic module may only be used by executing rules from the one or more rules in response to associated rule execution requests received by the interface module. There is also described a set top box comprising the chip, a chip-implemented method of performing a cryptographic operation, and a method of loading a new rule into a rule storage module of a chip.
-
Citations
17 Claims
-
1. A chip for performing cryptographic operations, the chip comprising:
-
a key storage module configured to store one or more cryptographic keys; a rule storage module configured to store one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation; an interface module configured to receive a rule execution request, wherein the rule execution request comprises a rule identifier to identify a specific rule of the one or more rules to be executed; and a cryptographic module configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request; wherein the chip is configured such that the cryptographic keys and the cryptographic module may only be used by executing rules from the one or more rules in response to associated rule execution requests received by the interface module; wherein the interface module is configured to receive the rule execution request from other circuitry included on the chip or from externally of the chip and wherein the interface module is further configured to assess whether the rule execution request is allowable; wherein the cryptographic module is configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request having been assessed as allowable by the interface module and not execute the specific rule in response to the rule execution request having been assessed as not allowable by the interface module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A set top box comprising a chip for performing cryptographic operations, the chip comprising:
-
a key storage module configured to store one or more cryptographic keys; a rule storage module configured to store one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation; an interface module configured to receive a rule execution request, wherein the rule execution request comprises a rule identifier to identify a specific rule of the one or more rules to be executed; and a cryptographic module configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request; wherein the chip is configured such that the cryptographic keys and the cryptographic module may only be used by executing rules from the one or more rules in response to associated rule execution requests received by the interface module; wherein the interface module is configured to receive a rule execution request from other circuitry included on the chip or from externally of the chip and wherein the interface module is further configured to assess whether the rule execution request is allowable; wherein the cryptographic module is configured to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request having been assessed as allowable by the interface module and not execute the specific rule in response to the rule execution request having been assessed as not allowable by the interface module.
-
-
14. A chip-implemented method of performing a cryptographic operation, the chip comprising a key storage module configured to store one or more cryptographic keys, the chip further comprising a rule storage module configured to store one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation, the method comprising:
-
(i) receiving a rule execution request, wherein the rule execution request comprises a rule identifier to identify a specific rule of the one or more rules to be executed; and (ii) using a cryptographic module to execute the specific rule so as to perform the respective predetermined cryptographic operation in response to the rule execution request; wherein the chip is configured such that the cryptographic keys and the cryptographic module may only be used by executing rules from the one or more rules in response to associated rule execution requests; and wherein the rule execution request is received from other circuitry included on the chip or from externally of the chip; and wherein step (ii) comprises assessing whether the rule execution request is allowable and, in response to the rule execution request having been assessed as allowable, using the cryptographic module to execute the specific rule so as to perform the respective predetermined cryptographic operation and in response to the rule execution request having been assessed as not allowable, not executing the specific rule. - View Dependent Claims (15)
-
-
16. A method, implemented by one or more processors, of loading a new rule into a rule storage module of a chip, the chip further comprising a key storage module storing one or more cryptographic keys, the rule storage module storing one or more rules, each rule comprising respective rule data, the rule data identifying a respective predetermined cryptographic operation associated with the rule and further identifying at least one of the one or more cryptographic keys to be used in the respective predetermined cryptographic operation, the method comprising:
-
(a) receiving a rule loading request, wherein the rule loading request comprises a new rule identifier to identify the new rule to be loaded and further comprises new rule data defining the new rule, the new rule data identifying a specific cryptographic operation associated with the new rule and further identifying at least one of the one or more cryptographic keys to be used in the specific cryptographic operation; (b) assessing whether the rule loading request is allowable; and (c) in response to the rule loading request having been assessed as allowable, loading the new rule into a programmable portion of the rule storage module such that the new rule becomes one of the one or more rules and in response to the rule loading request having been assessed as not allowable, not loading the new rule into the programmable portion. - View Dependent Claims (17)
-
Specification