CIRCUIT ARRANGEMENT AND METHOD FOR STARTING UP A CIRCUIT ARRANGEMENT

US 20080082828A1
Filed: 10/01/2007
Published: 04/03/2008
Est. Priority Date: 09/29/2006
Status: Abandoned Application

First Claim

Patent Images

1. A circuit arrangement, comprising:

at least one crypto unit configured to provide at least one cryptographic function; and

an access monitoring interface configured to check an access request from an application computer program to a cryptographic function of the crypto unit, wherein the access monitoring interface is configured such that;

it checks whether the application computer program is authorized to access the cryptographic function of the crypto unit, by checking whether the application computer program contains a valid certificate which allows that application computer program use of the cryptographic function, if the application computer program is authorized to access the cryptographic function of the crypto unit, the cryptographic function is called, and if the application computer program is not authorized to access the cryptographic function of the crypto unit, the access request is refused.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A circuit arrangement has a crypto unit which provides at least one cryptographic function. An access monitoring interface is also provided in order to check an access request from an application computer program to a cryptographic function of the crypto unit. The access monitoring interface is designed such that it checks whether the application computer program is authorized to access the cryptographic function, and the cryptographic function is called only if it is authorized to do so.

100 Citations

View as Search Results

25 Claims

1. A circuit arrangement, comprising:
- at least one crypto unit configured to provide at least one cryptographic function; and
  
  an access monitoring interface configured to check an access request from an application computer program to a cryptographic function of the crypto unit, wherein the access monitoring interface is configured such that;
  
  it checks whether the application computer program is authorized to access the cryptographic function of the crypto unit, by checking whether the application computer program contains a valid certificate which allows that application computer program use of the cryptographic function, if the application computer program is authorized to access the cryptographic function of the crypto unit, the cryptographic function is called, and if the application computer program is not authorized to access the cryptographic function of the crypto unit, the access request is refused.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The circuit arrangement as claimed in claim 1, further comprising:
    - an application processor configured to execute the application computer program.
  - 3. The circuit arrangement as claimed in claim 1, further comprising:
    - a first boot memory configured to store a first partial boot routine that boots the circuit arrangement.
  - 4. The circuit arrangement as claimed in claim 3, wherein the boot memory is a read only memory.
  - 5. The circuit arrangement as claimed in claim 3, wherein at least one cryptographic function is also stored in the boot memory.
  - 6. The circuit arrangement as claimed in claim 5, wherein the at least one cryptographic function which is stored in the boot memory contains at least one of the following cryptographic functions:
    - a symmetrical encryption function, an asymmetric encryption function, and a hash function.
  - 7. The circuit arrangement as claimed in claim 1, further comprising:
    - a first key memory configured to store a first public key (GROMPuK) of a trustworthy instance.
  - 8. The circuit arrangement as claimed in claim 1, further comprising:
    - fuse links which contain information about whether access to the crypto unit is possible.

9. A method for starting up a circuit arrangement, comprising:
- checking whether a user who is starting up the circuit arrangement is authorized to use at least one function provided by the circuit arrangement; and
  
  starting up the circuit arrangement, if the user is not authorized to use the at least one function provided by the circuit arrangement, in a first mode, in which the user has no access to the at least one function provided by the circuit arrangement.
- View Dependent Claims (10)
- - 10. The method as claimed in claim 9, further comprising:
    - starting up the circuit arrangement, if the user is authorized to use the at least one function provided by the circuit arrangement, in a second mode in which the user has access to the at least one function provided by the circuit arrangement.

11. A method for starting up a circuit arrangement, comprising:
- checking whether a user who is starting up the circuit arrangement is authorized to use at least one cryptographic function provided by the circuit arrangement;
  
  starting up the circuit arrangement, if the user is not authorized to use the at least one cryptographic function provided by the circuit arrangement, in a first mode in which the user has no access to the at least one cryptographic function provided by the circuit arrangement; and
  
  starting up the circuit arrangement, if the user is authorized to use the at least one cryptographic function provided by the circuit arrangement, in a second mode, in which the user has access to the at least one cryptographic function provided by the circuit arrangement.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method as claimed in claim 11, wherein the process of checking whether the user who is starting up the circuit arrangement is authorized to use at least one cryptographic function provided by the circuit arrangement includes checking a certificate of a public key of the user.
  - 13. The method as claimed in claim 11, wherein the process of checking whether the user who is starting up the circuit arrangement is authorized to use at least one cryptographic function provided by the circuit arrangement comprises:
    - checking a second public key;
      
      if the second public key is not valid, starting up the circuit arrangement in the first mode; and
      
      if the second public key is valid, starting up the circuit arrangement in the second mode.
  - 14. The method as claimed in claim 13, wherein the process of checking whether the user who is starting up the circuit arrangement is authorized to use at least one cryptographic function provided by the circuit arrangement, comprises:
    - forming a hash value using at least the second public key;
      
      reading a stored hash value using at least the second public key;
      
      comparing the hash value that has been formed with the hash value that has been read;
      
      if the two hash values do not match one another, starting up the circuit arrangement in the first operating mode; and
      
      if the two hash values match one another, starting up the circuit arrangement in the second mode.
  - 15. The method as claimed in claim 11, wherein the process of checking whether the user who is starting up the circuit arrangement is authorized to use at least one cryptographic function provided by the circuit arrangement comprises:
    - checking a second digital signature which is formed using an item selected from the group consisting of;
      
      at least a part of a certificate of a public key, the public key, a first digital signature, and a partial boot routine;
      
      if the second digital signature is not valid, starting up the circuit arrangement in the first mode; and
      
      if the second digital signature is valid, starting up the circuit arrangement in the second mode.

16. A method for operating a circuit arrangement, comprising:
- receiving an access request from an application computer program to a cryptographic function which is provided by the circuit arrangement;
  
  carrying out a check to determine whether the application computer program is authorized to access the cryptographic function;
  
  calling, if the application computer program is authorized to access the cryptographic function, the cryptographic function; and
  
  refusing, if the application computer program is not authorized to access the cryptographic function, the access request.

17. A circuit arrangement comprising:
- at least one first computation unit configured to execute at least one computer program;
  
  an access monitoring interface unit configured to check an access request to the first computation unit;
  
  an input/output interface which is shared by the first computation unit and the access monitoring interface unit; and
  
  a computation-unit-external bus which is coupled to the input/output interface, wherein the access monitoring interface unit is coupled to the input/output interface such that the access request is determined by it, and wherein the access monitoring interface unit is configured such that;
  
  it checks whether the access request satisfies a predetermined access criterion, if the access request satisfies the predetermined access criterion, the first computation unit is allowed to process the access request, and if the access request does not satisfy the predetermined access criterion, the access request is refused, or a predetermined action is carried out.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The circuit arrangement as claimed in claim 17, wherein the access monitoring interface unit is a second computation unit.
  - 19. The circuit arrangement as claimed in claim 17, wherein the first computation unit is a programmable processor.
  - 20. The circuit arrangement as claimed in claim 17, wherein the first computation unit is contained in a first chip.
  - 21. The circuit arrangement as claimed in claims 17, wherein the access monitoring interface unit is a programmable processor.
  - 22. The circuit arrangement as claimed in claim 17, wherein the access monitoring interface unit is contained in a second chip.
  - 23. The circuit arrangement as claimed in claim 22, wherein the access monitoring interface unit is provided in a security controller for the second chip.
  - 24. The circuit arrangement as claimed in claim 17, further comprising:
    - a computation-unit-internal bus, wherein the first computation unit and the access monitoring interface unit are coupled to the computation-unit-internal bus.
  - 25. The circuit arrangement as claimed in claim 24, wherein the computation-unit-internal bus is designed in accordance with the JTAG Standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
Jennings, Gerard, Brandl, Hans

Application Number

US11/865,205
Publication Number

US 20080082828A1
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/72   in cryptographic circuits

H04L 2209/12   Details relating to cryptog...

H04L 2209/603   Digital right managament [DRM]

H04L 2209/80   Wireless network architectu...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

CIRCUIT ARRANGEMENT AND METHOD FOR STARTING UP A CIRCUIT ARRANGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

100 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

CIRCUIT ARRANGEMENT AND METHOD FOR STARTING UP A CIRCUIT ARRANGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links