Integrated circuit chip for encryption and decryption having a secure mechanism for programming on-chip hardware

US 20060059372A1
Filed: 09/10/2004
Published: 03/16/2006
Est. Priority Date: 09/10/2004
Status: Abandoned Application

First Claim

Patent Images

1. An integrated circuit chip for providing cryptographic functionality, said chip comprising:

a first, volatile random access memory;

at least one processor;

at least one cryptographic engine for performing encryption and decryption;

an interface for receiving externally supplied requests and data and for returning results;

at least one fixed cryptographic key present on said chip; and

a flow control circuit, having at least a portion thereof comprising programmable hardware, said flow control circuit being connected to said interface for routing data between said interface, said at least one processor, said random access memory, and said at least one cryptographic engine in a manner in which encrypted instructions are supplied through said interface in encrypted form and are decrypted by said at least one cryptographic engine using said fixed cryptographic key and are used to program said portion of said flow control circuit having programmable hardware.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using cryptographic keys that are present in hard coded form on the chip. In particular the flow control circuit includes a programmable hardware portion which is configurable in a secure manner to create a flexible internal chip architecture. The chip also includes a volatile memory disposed on a voltage island on which is maintained either through a battery backup or from a fixed power source (mains). The chip is thus enabled to securely perform cryptographic operations with the processors controlling the cryptographic engines through the flow control circuit.

Citations

30 Claims

1. An integrated circuit chip for providing cryptographic functionality, said chip comprising:
- a first, volatile random access memory;
  
  at least one processor;
  
  at least one cryptographic engine for performing encryption and decryption;
  
  an interface for receiving externally supplied requests and data and for returning results;
  
  at least one fixed cryptographic key present on said chip; and
  
  a flow control circuit, having at least a portion thereof comprising programmable hardware, said flow control circuit being connected to said interface for routing data between said interface, said at least one processor, said random access memory, and said at least one cryptographic engine in a manner in which encrypted instructions are supplied through said interface in encrypted form and are decrypted by said at least one cryptographic engine using said fixed cryptographic key and are used to program said portion of said flow control circuit having programmable hardware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The integrated circuit chip of claim 1 in which said flow control circuit includes a command processor for receiving requests and data.
  - 3. The integrated circuit chip of claim 2 in which said command processor decrypts, checks authorization and loads programming into said programmable hardware.
  - 4. The integrated circuit chip of claim 1 in which said cryptographic key is a chip private key.
  - 5. The integrated circuit chip of claim 1 further including a chip public key.
  - 6. The integrated circuit chip of claim 1 further including another party'"'"'s public key.
  - 7. The integrated circuit chip of claim 1 in which said cryptographic key is a chip private key and in which said chip further includes a chip public key and another party'"'"'s public key.
  - 8. The integrated circuit chip of claim 7 in which said keys comprise fused elements.
  - 9. The integrated circuit chip of claim 8 in which said keys comprise electrically fused elements.
  - 10. The integrated circuit chip of claim 8 in which said keys comprise optically fused elements.
  - 11. The integrated circuit chip of claim 1 in which said cryptographic key comprises a fused element.
  - 12. The integrated circuit chip of claim 1 further including a second random access memory which is not volatile.
  - 13. The integrated circuit chip of claim 1 in which said volatile random access memory is located on a voltage island on said chip.
  - 14. The integrated circuit chip of claim 13 in which said voltage island is provided with power from a battery.
  - 15. The integrated circuit chip of claim 13 further including a power controller for supplying power to said voltage island from at least two independent sources.
  - 16. The integrated circuit chip of claim 15 in which one of said at least two independent sources is a battery.
  - 17. The integrated circuit chip of claim 1 in which said programmable hardware portion is programmed with decrypted information supplied through said interface.

18. A system for providing secure access to data processor functions, said system comprising a single chip having a cryptographic engine and a data processor whose functions are invokable only through encrypted signals supplied to said chip and decrypted by said cryptographic engine.
- View Dependent Claims (19)
- - 19. The system of claim 18 in which said chip includes a tamper boundary.

20. A system for providing cryptographic functionality, said system comprising a single chip including at least one cryptographic engine and at least one data processor whose functions are invokable only through encrypted signals supplied to said chip and decrypted by said at least one cryptographic engine.

21. An integrated circuit chip for providing cryptographic functionality, said chip comprising:
- a first, volatile random access memory;
  
  a power controller for assuring persistence of data stored within said volatile random access memory when power is available and for assuring erasure of said data when power is not available;
  
  at least one processor;
  
  a second random access memory connected to said at least one processor;
  
  at least one cryptographic engine for performing encryption and decryption;
  
  an interface for receiving externally supplied requests and data and for returning results;
  
  a private chip cryptographic key present on said chip;
  
  a public cryptographic key present on said chip; and
  
  a flow control circuit, having at least a portion thereof comprising programmable hardware, said flow control circuit being connected to said interface for routing data between said interface, said at least one processor, said random access memory, and said at least one cryptographic engine in a manner in which encrypted instructions are supplied through said interface in encrypted form and are decrypted by said at least one cryptographic engine using said private cryptographic key and said public cryptographic key and in which said decrypted instructions are used to program said portion of said flow control circuit having programmable hardware.

22. A method for providing cryptographic functionality, said method comprising the steps of:
- providing requests and encrypted data to an integrated circuit chip which includes at least one cryptographic engine having access to a private cryptographic key disposed on said chip and a public cryptographic key disposed on said chip;
  
  processing said requests using a processor disposed on said chip, said processor being connected to a random access memory containing instructions supplied to said chip in encrypted form and decrypted by said at least one cryptographic engine using said private and public keys and stored in said random access memory; and
  
  decrypting said data using said at least one cryptographic engine operating under control of said processor.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The method of claim 22 in which said data is decrypted using other cryptographic keys stored in a second, volatile random access memory on said chip.
  - 24. The method of claim 23 in which said second, volatile random access memory is maintained via a power controller having at least two sources of electrical power.
  - 25. The method of claim 24 in which one of the sources of electrical power is a battery.
  - 26. The method of claim 22 in which said provided data is encrypted using a public key stored on said chip and another party'"'"'s private key.
  - 27. The method of claim 22 in which said requests and said encrypted data are supplied through a PCI compatible interface.
  - 28. The method of claim 22 in which communication between said at least one cryptographic engine, said processor, said cryptographic keys and said random access memory is controlled through a flow control switch.
  - 29. The method of claim 22 in which said flow control switch includes a portion thereof which is programmable.
  - 30. The method of claim 29 in which said programmable portion of said flow control switch is selected from the group consisting of a field programmable gate array and a programmable logic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Sutter, Siegfried, Li, John K., Fayar, Camil

Application Number

US10/938,773
Publication Number

US 20060059372A1
Time in Patent Office

Days
Field of Search
US Class Current

713/192
CPC Class Codes

G06F 21/72 in cryptographic circuits

G06F 21/79 in semiconductor storage me...

Integrated circuit chip for encryption and decryption having a secure mechanism for programming on-chip hardware

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated circuit chip for encryption and decryption having a secure mechanism for programming on-chip hardware

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links