Programmable security platform

US 20060117177A1
Filed: 11/29/2005
Published: 06/01/2006
Est. Priority Date: 11/29/2004
Status: Active Grant

First Claim

Patent Images

1. A dynamically programmable security device comprising:

a secure nonvolatile read only memory (NVMROM) for securely storing a unique device cipher key;

a secure interface for dynamically loading authenticated application code;

a cryptographic engine for encrypting, decrypting data and authenticating the application code;

a secure random access memory (RAM) for storing the authenticated application code and application data; and

a processor for executing the authenticated application code.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A dynamically programmable security device. The device includes: a secure nonvolatile read only memory (NVMROM) for securely storing a unique device cipher key; a secure interface for dynamically loading authenticated application code; a cryptographic engine for encrypting, decrypting data and authenticating the application code; a secure random access memory (RAM) for storing the authenticated application code and application data; and a processor for executing the authenticated application code.

Citations

20 Claims

1. A dynamically programmable security device comprising:
- a secure nonvolatile read only memory (NVMROM) for securely storing a unique device cipher key;
  
  a secure interface for dynamically loading authenticated application code;
  
  a cryptographic engine for encrypting, decrypting data and authenticating the application code;
  
  a secure random access memory (RAM) for storing the authenticated application code and application data; and
  
  a processor for executing the authenticated application code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 20)
- - 2. The security device of claim 1 further comprising an application key cache for storing active cryptographic keys in write-only locations, wherein the cryptographic keys of one application cannot be read by another application.
  - 3. The security device of claim 1 wherein the RAM includes hardware protection circuit for separating the application code and the application data.
  - 4. The security device of claim 1 further comprising an address decoder for re-mapping a base address to the RAM after the application code is loaded in the RAM.
  - 5. The security device of claim 1 wherein the cryptographic engine includes a DES/3DES acceleration block, a SHA-1 acceleration block, and random number generator.
  - 6. The security device of claim 1 further comprising a key generator for generating public keys from the securely stored cipher key.
  - 7. The security device of claim 1 wherein the loaded application code performs services of a trusted platform module.
  - 8. The security device of claim 1 wherein the loaded application code performs credit card transaction services for a mobile phone.
  - 9. The security device of claim 1 wherein the loaded application code performs security functions of a set-top box.
  - 20. The client security device of claim 1 wherein the RAM includes hardware protection circuit for separating the application code and the application data for each of the first and second application codes.

10. A method for securely executing a dynamically loaded application code in a security module, the method comprising:
- storing at least one cipher key in a secure memory in the security module;
  
  authenticating the application code using the least one cipher key;
  
  dynamically loading the authenticated application code in the security module;
  
  switching the security module to an execution mode wherein, hardware configuration of the security module cannot be changed by the application code;
  
  securely executing the application code; and
  
  protecting the application data within a security boundary.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the loading the authenticated application code comprises loading a secure application key;
    - and loading the application code using the loaded key.
  - 12. The method of claim 10, further comprising generating public keys from the stored at least one cipher key.
  - 13. The method of claim 10, further comprising storing active cryptographic keys for executing applications and preventing reading the cryptographic keys of one application by another application.
  - 14. The method of claim 10, wherein the securely executing the application code comprises performing services of a trusted platform module.
  - 15. The method of claim 10, wherein the securely executing the application code comprises performing credit card transaction services for a mobile phone.
  - 16. The method of claim 10, wherein the securely executing the application code comprises performing security functions of a set-top box.
  - 17. The method of claim 10, further comprising authenticating a second application code, and dynamically loading the second authenticated application code in the security module.

18. A client security module device capable of performing different dynamically loaded security functions, comprising:
- a secure memory for storing a device identity key in a secure memory in the security module;
  
  a cryptographic engine for authenticating a first and second application codes for a first and second security functions using the least one cipher key;
  
  a secure interface for dynamically loading the authenticated first and second application code in a secure random access memory (RAM) in the client security module;
  
  a processor for executing the authenticated first application code within a first security boundary and executing the authenticated second application code within a second security boundary, wherein the secure interface dynamically loads the authenticated second application code while the first application code is being executed by the processor.
- View Dependent Claims (19)
- - 19. The client security device of claim 18 further comprising an application key cache for storing active cryptographic keys for the first and second application codes in write-only locations, wherein the cryptographic keys of the first application code cannot be read by the second application code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Broadcom Corporation (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark L.

Granted Patent

US 7,987,356 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

H04L 2209/127   Trusted platform modules [TPM]

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/083   involving central third par...

H04L 9/0897   involving additional device...

H04L 9/3242   involving keyed hash functi...

Programmable security platform

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Programmable security platform

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links