Secure method for processing content stored within a component, and corresponding component

US 10,389,530 B2
Filed: 01/05/2018
Issued: 08/20/2019
Est. Priority Date: 11/12/2009
Status: Active Grant

First Claim

Patent Images

1. A method for processing content stored on a component, the method comprising:

modifying a first partition of a first memory with a first key, the first partition comprising booting instructions to be executed in response to the component being powered up;

modifying a second partition of the first memory with a second key, the second partition being different from the first partition, the second key being different from the first key, the second partition comprising protected user data;

storing the first key in a protected storage register of the component;

storing the second key in a first location of a non-volatile memory, the non-volatile memory being different from the first memory; and

storing a memory address of the first location of the non-volatile memory in the first partition of the first memory.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for processing content stored on a component is disclosed. A first partition of a first memory is encrypted with a first encryption key and a second partition of the first memory is encrypted with a second encryption key. The second encryption key is different from the first encryption key. The first encryption key is stored in a storage register of the component and the second encryption key is stored in a first location of a non-volatile memory. A memory address of the first location is stored in the first partition of the first memory.

Citations

20 Claims

1. A method for processing content stored on a component, the method comprising:
- modifying a first partition of a first memory with a first key, the first partition comprising booting instructions to be executed in response to the component being powered up;
  
  modifying a second partition of the first memory with a second key, the second partition being different from the first partition, the second key being different from the first key, the second partition comprising protected user data;
  
  storing the first key in a protected storage register of the component;
  
  storing the second key in a first location of a non-volatile memory, the non-volatile memory being different from the first memory; and
  
  storing a memory address of the first location of the non-volatile memory in the first partition of the first memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein a value of the first key is configured to reset the protected storage register.
  - 3. The method of claim 1, wherein the first key and the second key comprise a first encryption key and a second encryption key.
  - 4. The method of claim 3, wherein modifying the first partition of the first memory with the first key comprises:
    - encrypting the booting instructions with the first encryption key; and
      
      storing the booting instructions in encrypted form in the first partition of the first memory.
  - 5. The method of claim 3, wherein modifying the second partition of the first memory with the second key comprises:
    - encrypting the protected user data with the second encryption key; and
      
      storing the protected user data in encrypted form in the second partition of the first memory.
  - 6. The method of claim 1, wherein the first key and the second key comprise a first scrambling key and a second scrambling key.
  - 7. The method of claim 1, wherein storing the second key in the first location of the non-volatile memory comprises:
    - modifying the second key with the first key; and
      
      storing the second key in modified form in the first location of the non-volatile memory.
  - 8. The method of claim 7, further comprising:
    - obtaining the memory address of the first location of the non-volatile memory in the first partition of the first memory using the first key;
      
      after the memory address of the first location is obtained, retrieving the second key from the first location of the non-volatile memory based on the memory address of the first location; and
      
      after the second key from the first location is retrieved, obtaining the protected user data stored in the second partition of the first memory using the second key.
  - 9. The method of claim 8, wherein retrieving the second key from the first location of the non-volatile memory comprises:
    - obtaining the second key in modified form from the first location of the non-volatile memory; and
      
      after the second key in modified form is obtained, retrieving the second key in clear form from the second key in modified form using the first key.
  - 10. The method of claim 1, wherein storing the memory address of the first location of the non-volatile memory in the first partition of the first memory comprises:
    - modifying the memory address of the first location of the non-volatile memory with the first key; and
      
      storing the memory address of the first location of the non-volatile memory in modified form in the first partition of the first memory.
  - 11. The method of claim 1, wherein the non-volatile memory comprises a first partition and a second partition, wherein the first partition of the non-volatile memory includes the first location, wherein the second partition of the non-volatile memory is modified with a third key different from the first key and the second key, and wherein the third key is modified with the second key and stored in the second partition of the first memory in modified form.
  - 12. The method of claim 11, further comprising:
    - obtaining the memory address of the first location of the non-volatile memory from the first partition of the first memory using the first key;
      
      after the memory address of the first location of the non-volatile memory is obtained, retrieving the second key from the first location of the non-volatile memory;
      
      after retrieving the second key from the first location of the non-volatile memory, obtaining the third key in clear form from the second partition of the first memory using the second key; and
      
      after obtaining the third key in clear form, obtaining content of the second partition of the non-volatile memory in clear form using the third key.

13. A component, comprising:
- a first memory, comprising;
  
  a first partition encrypted with a first key, the first partition comprising booting instructions to be executed in response to the component being powered up; and
  
  a second partition different from the first partition and encrypted with a second key, the second key different from the first key, the second partition comprising protected user data;
  
  a protected storage register storing the first key, wherein a value of the first key is configured to reset the protected storage register; and
  
  a non-volatile memory comprising the second key stored in encrypted form in a first location of the non-volatile memory, wherein a memory address of the first location of the non-volatile memory is stored in the first partition of the first memory.
- View Dependent Claims (14, 15)
- - 14. The component of claim 13, wherein the second key is encrypted with the first key.
  - 15. The component of claim 13, further comprising:
    - a first processor configured to decrypt the first partition of the first memory using the first key;
      
      a second processor configured to decrypt the second partition of the first memory using the second key; and
      
      a controller configured to;
      
      retrieve the first key from the protected storage register;
      
      activate the first processor with the first key;
      
      obtain the memory address of the first location of the non-volatile memory from the first partition of the first memory via the first processor;
      
      obtain the second key in clear form from the first location of the non-volatile memory and via an auxiliary processor structurally identical to the first processor and configured to decrypt the second key using the first key; and
      
      activate the second processor with the second key in clear form.

16. An integrated circuit card, comprising:
- a component, comprising;
  
  a first memory comprising a first partition encrypted with a first key, and a second partition encrypted with a second key, the second key different from the first key;
  
  a storage register configured to store the first key, the first partition comprising booting instructions to be executed in response to the component being powered up, the second partition comprising protected user data;
  
  a non-volatile memory different from the first memory and the storage register and comprising a first partition and a second partition, the second partition encrypted with a third key different from the first key and the second key, wherein;
  
  the second key is stored in a first location of the first partition of the non-volatile memory;
  
  a memory address of the first location is stored in the first partition of the first memory; and
  
  the third key is stored in the second partition of the first memory; and
  
  a processor configured to decrypt the first partition of the first memory using the first key, decrypt the second partition of the first memory using the second key, and decrypt the second partition of the non-volatile memory using the third key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The integrated circuit card of claim 16, wherein:
    - the first key comprises a first scrambling key and the first partition of the first memory is scrambled with the first scrambling key;
      
      the second key comprises a second scrambling key and the second partition of the first memory is scrambled with the second scrambling key;
      
      the third key comprises a third scrambling key and the second partition of the non-volatile memory is scrambled with the third scrambling key; and
      
      the processor is configured to descramble the first partition of the first memory using the first scrambling key, descramble the second partition of the first memory using the second scrambling key, and descramble the second partition of the non-volatile memory using the third scrambling key.
  - 18. The integrated circuit card of claim 16, wherein:
    - the first key comprises a first encryption key and a first scrambling key, and the first partition of the first memory is encrypted with the first encryption key and scrambled with the first scrambling key;
      
      the second key comprises a second encryption key and a second scrambling key, and the second partition of the first memory is encrypted with the second encryption key and scrambled with the second scrambling key;
      
      the third key comprises a third encryption key and a third scrambling key, and the second partition of the non-volatile memory is encrypted with the third encryption key and scrambled with the third scrambling key; and
      
      the processor is configured to descramble and decrypt the first partition of the first memory using the first scrambling key and the first encryption key, descramble and decrypt the second partition of the first memory using the second scrambling key and the second encryption key, and descramble and decrypt the second partition of the non-volatile memory using the third scrambling key and the third encryption key.
  - 19. The integrated circuit card of claim 16, wherein the non-volatile memory is selected from the group consisting of a memory of an electrically programmable and erasable type, and FLASH memory.
  - 20. The integrated circuit card of claim 16, wherein a value of the first key is configured to reset the storage register.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stmicroelectronics Rousset SAS (STMicroelectronics NV)
Original Assignee
Stmicroelectronics Rousset SAS (STMicroelectronics NV)
Inventors
Marinet, Fabrice, Lisart, Mathieu
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Mejia, Feliciano S

Application Number

US15/862,962
Publication Number

US 20180131508A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1458   Management of the backup or...

G06F 12/1408   by using cryptography for d...

G06F 21/62   Protecting access to data v...

G06F 21/77   in smart cards

G06F 21/78   to assure secure storage of...

G06F 2212/402   Encrypted data

G06F 3/0623   in relation to content

G06F 3/0644   Management of space entitie...

G06F 3/0688   Non-volatile semiconductor ...

H04L 9/088   Usage controlling of secret...

Secure method for processing content stored within a component, and corresponding component

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure method for processing content stored within a component, and corresponding component

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links