E-FUSES FOR STORING SECURITY VERSION DATA

US 20080310622A1
Filed: 03/26/2008
Published: 12/18/2008
Est. Priority Date: 07/15/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of handling secure data in a secure system, wherein the secure data is passed between a processor and memory external to the processor, comprising:

maintaining a security version parameter in persistent storage on the processor, wherein blocks of secure data are encrypted as a function of the security version parameter; and

dynamically changing the security version parameter by modifying the contents of the persistent storage.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and devices that may be utilized in systems to dynamically update a security version parameter used to encrypt secure data are provided. The version may be maintained in persistent storage located on a device implementing the encryption, such as a system on a chip (SOC). The persistent storage does not require battery backing and, thus, the cost and complexity associated with conventional systems utilizing battery backed storage may be reduced.

Citations

12 Claims

1. A method of handling secure data in a secure system, wherein the secure data is passed between a processor and memory external to the processor, comprising:
- maintaining a security version parameter in persistent storage on the processor, wherein blocks of secure data are encrypted as a function of the security version parameter; and
  
  dynamically changing the security version parameter by modifying the contents of the persistent storage.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the security version parameter is dynamically changed while the secure system is running.
  - 3. The method of claim 1, further comprising:
    - dynamically updating the privileges of a user;
      
      encrypting a data structure containing privilege information indicating the updated privileges; and
      
      generating an integrity check value on the data structure, wherein at least one of the encrypting or the generating is affected by the security version parameter.
  - 4. The method of claim 1, wherein dynamically changing the security version parameter comprises blowing a fuse.
  - 5. The method of claim 1, wherein dynamically changing the security version parameter comprises only one of increasing or decreasing the security version.

6. A method of handling secure data in a secure system, wherein the secure data is passed between a processor and memory external to the processor, comprising:
- maintaining a security version parameter and master key data in persistent storage on the processor;
  
  encrypting a block of secure data;
  
  generating an integrity check value for the block of secure data, wherein at least one of the encrypting and the generating is performed as a function of the security version parameter;
  
  storing the encrypted block of secure data in the external memory; and
  
  dynamically changing the security version parameter by modifying the contents of the persistent storage.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, wherein the encrypting and generating is performed in software.
  - 8. The method of claim 6, wherein encrypting a block of secure data is affected by at least one of:
    - the master key data, one or more keys derived from the master key data, and one or more keys protected by the master key data.
  - 9. The method of claim 6, further comprising encrypting the security version parameter and storing the security version parameter in external memory with the block of secure data.
  - 10. The method of claim 9, further comprising:
    - retrieving the encrypted block of secure data and security version parameter from external memory;
      
      decrypting the encrypted block of secure data and security version parameter retrieved from external memory; and
      
      comparing the security version parameter retrieved from external memory with the security version parameter stored in persistent storage.
  - 11. The method of claim 10, further comprising:
    - generating a security exception if the retrieved security version parameter and the security version parameter maintained in the persistent storage are not equal.
  - 12. The method of claim 6, wherein the master key information and security version parameter are stored in different types of persistent storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines SA (International Business Machines Corporation)
Original Assignee
International Business Machines SA (International Business Machines Corporation)
Inventors
DREHMEL, ROBERT A., HALL, WILLIAM E., HOOVER, RUSSELL D.

Application Number

US12/055,647
Publication Number

US 20080310622A1
Time in Patent Office

Days
Field of Search
US Class Current

380/29
CPC Class Codes

G06F 21/72   in cryptographic circuits

G11C 17/16   using electrically-fusible ...

H04L 9/3236   using cryptographic hash fu...

E-FUSES FOR STORING SECURITY VERSION DATA

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

E-FUSES FOR STORING SECURITY VERSION DATA

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links