Integrated circuit chip for encryption and decryption having a secure mechanism for programming on-chip hardware
First Claim
1. An integrated circuit chip for providing cryptographic functionality, said chip comprising:
- a first, volatile random access memory;
at least one processor;
at least one cryptographic engine for performing encryption and decryption;
an interface for receiving externally supplied requests and data and for returning results;
at least one fixed cryptographic key present on said chip; and
a flow control circuit, having at least a portion thereof comprising programmable hardware, said flow control circuit being connected to said interface for routing data between said interface, said at least one processor, said random access memory, and said at least one cryptographic engine in a manner in which encrypted instructions are supplied through said interface in encrypted form and are decrypted by said at least one cryptographic engine using said fixed cryptographic key and are used to program said portion of said flow control circuit having programmable hardware.
1 Assignment
0 Petitions
Accused Products
Abstract
An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using cryptographic keys that are present in hard coded form on the chip. In particular the flow control circuit includes a programmable hardware portion which is configurable in a secure manner to create a flexible internal chip architecture. The chip also includes a volatile memory disposed on a voltage island on which is maintained either through a battery backup or from a fixed power source (mains). The chip is thus enabled to securely perform cryptographic operations with the processors controlling the cryptographic engines through the flow control circuit.
-
Citations
30 Claims
-
1. An integrated circuit chip for providing cryptographic functionality, said chip comprising:
-
a first, volatile random access memory;
at least one processor;
at least one cryptographic engine for performing encryption and decryption;
an interface for receiving externally supplied requests and data and for returning results;
at least one fixed cryptographic key present on said chip; and
a flow control circuit, having at least a portion thereof comprising programmable hardware, said flow control circuit being connected to said interface for routing data between said interface, said at least one processor, said random access memory, and said at least one cryptographic engine in a manner in which encrypted instructions are supplied through said interface in encrypted form and are decrypted by said at least one cryptographic engine using said fixed cryptographic key and are used to program said portion of said flow control circuit having programmable hardware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
- 18. A system for providing secure access to data processor functions, said system comprising a single chip having a cryptographic engine and a data processor whose functions are invokable only through encrypted signals supplied to said chip and decrypted by said cryptographic engine.
-
20. A system for providing cryptographic functionality, said system comprising a single chip including at least one cryptographic engine and at least one data processor whose functions are invokable only through encrypted signals supplied to said chip and decrypted by said at least one cryptographic engine.
-
21. An integrated circuit chip for providing cryptographic functionality, said chip comprising:
-
a first, volatile random access memory;
a power controller for assuring persistence of data stored within said volatile random access memory when power is available and for assuring erasure of said data when power is not available;
at least one processor;
a second random access memory connected to said at least one processor;
at least one cryptographic engine for performing encryption and decryption;
an interface for receiving externally supplied requests and data and for returning results;
a private chip cryptographic key present on said chip;
a public cryptographic key present on said chip; and
a flow control circuit, having at least a portion thereof comprising programmable hardware, said flow control circuit being connected to said interface for routing data between said interface, said at least one processor, said random access memory, and said at least one cryptographic engine in a manner in which encrypted instructions are supplied through said interface in encrypted form and are decrypted by said at least one cryptographic engine using said private cryptographic key and said public cryptographic key and in which said decrypted instructions are used to program said portion of said flow control circuit having programmable hardware.
-
-
22. A method for providing cryptographic functionality, said method comprising the steps of:
-
providing requests and encrypted data to an integrated circuit chip which includes at least one cryptographic engine having access to a private cryptographic key disposed on said chip and a public cryptographic key disposed on said chip;
processing said requests using a processor disposed on said chip, said processor being connected to a random access memory containing instructions supplied to said chip in encrypted form and decrypted by said at least one cryptographic engine using said private and public keys and stored in said random access memory; and
decrypting said data using said at least one cryptographic engine operating under control of said processor. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification