Configurable Signature for Authenticating Data or Program Code

US 20090063865A1
Filed: 08/31/2007
Published: 03/05/2009
Est. Priority Date: 08/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

retrieving configuration information from a protected first memory, wherein the configuration information specifies a plurality of non-contiguous memory locations that store a signature;

retrieving the signature from the plurality of non-contiguous memory locations of the signature based on the configuration information;

wherein the signature is useable to verify security for a system.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System and method for authenticating data or program code via a configurable signature. Configuration information is retrieved from a protected first memory, e.g., an on-chip register, where the configuration information specifies a plurality of non-contiguous memory locations that store the signature, e.g., in an on-chip memory trailer. The signature is retrieved from the plurality of non-contiguous memory locations based on the configuration information, where the signature is useable to verify security for a system. The signature corresponds to specified data and/or program code stored in a second memory, e.g., in off-chip ROM. The specified data and/or program code may be copied from the second memory to a third memory, and a signature for the specified data and/or program code calculated based on the configuration information. The calculated signature may be compared with the retrieved signature to verify the specified data and/or program code.

82 Citations

View as Search Results

20 Claims

1. A method, comprising:
- retrieving configuration information from a protected first memory, wherein the configuration information specifies a plurality of non-contiguous memory locations that store a signature;
  
  retrieving the signature from the plurality of non-contiguous memory locations of the signature based on the configuration information;
  
  wherein the signature is useable to verify security for a system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the signature corresponds to specified data and/or program code stored in a second memory, and wherein the method further comprising:
    - copying the specified data and/or program code from the second memory to a third memory;
      
      calculating a signature for the specified data and/or program code based on the configuration information; and
      
      comparing the calculated signature with the retrieved signature to verify the specified data and/or program code.
  - 3. The method of claim 2, wherein the specified data and/or program code comprises initialization code for the system.
  - 4. The method of claim 2, wherein the system comprises a main processor and an embedded controller, and wherein said copying, said calculating, and said comparing are performed by the embedded controller prior to boot-up of the main processor.
  - 5. The method of claim 2, wherein the configuration information further comprises one or more parameters for the signature, and wherein said calculating a signature for the specified data and/or program code based on the configuration information comprises calculating the signature using the one or more parameters for the signature.
  - 6. The method of claim 2, wherein the signature comprises one or more of:
    - a cyclic redundancy check (CRC);
      
      a checksum;
      
      ora hash.
  - 7. The method of claim 2,wherein the protected first memory comprises a register on a chip in the system;
    - wherein the second memory comprises an external memory located off-chip; and
      
      wherein the third memory comprises a random access memory (RAM) on the chip.
  - 8. The method of claim 2, wherein the signature comprises a multi-byte value distributed over the plurality of non-contiguous memory locations in a trailer, and wherein the configuration information specifies the location and order of each byte of the value.
  - 9. The method of claim 8, wherein the trailer is comprised in the third memory, and wherein, in addition to the plurality of non-contiguous memory locations storing the signature, the trailer comprises random values.
  - 10. The method of claim 2, wherein the first memory, the embedded controller, and the third memory are comprised in a system-on-chip (SoC) in the system.

11. A system for authenticating data or program code, comprising:
- an embedded processor; and
  
  a protected first memory coupled to the embedded processor, wherein the protected first memory stores configuration information specifying a plurality of non-contiguous memory locations that store a signature;
  
  wherein the embedded processor is operable to retrieve the signature from the plurality of non-contiguous memory locations of the signature based on the configuration information, wherein the signature is useable to verify security for a system.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, further comprising:
    - a second memory coupled to the embedded processor, wherein the second memory stores data and/or program code, and wherein the signature corresponds to the data and/or program code stored in the second memory; and
      
      a third memory coupled to the embedded processor, wherein the embedded processor is further operable to;
      
      copy the data and/or program code from the second memory to the third memory;
      
      calculate a signature for the data and/or program code based on the configuration information; and
      
      compare the calculated signature with the retrieved signature to verify the data and/or program code.
  - 13. The system of claim 12, wherein the data and/or program code comprises initialization code for the system.
  - 14. The system of claim 12, further comprising:
    - a main processor, coupled to the embedded processor;
      
      wherein the embedded processor is operable to perform said copying, said calculating, and said comparing prior to boot-up of the main processor.
  - 15. The system of claim 12, wherein the configuration information further comprises one or more parameters for the signature, and wherein said calculating a signature for the specified data and/or program code based on the configuration information comprises calculating the signature using the one or more parameters for the signature.
  - 16. The system of claim 12, wherein the signature comprises one or more of:
    - a cyclic redundancy check (CRC);
      
      a checksum;
      
      ora hash.
  - 17. The system of claim 12,wherein the protected first memory comprises a register on a chip in the system;
    - wherein the second memory comprises an external memory located off-chip; and
      
      wherein the third memory comprises a random access memory (RAM) on the chip.
  - 18. The system of claim 12, wherein the signature comprises a multi-byte value distributed over the plurality of non-contiguous memory locations in a trailer, and wherein the configuration information specifies the location and order of each byte of the value.
  - 19. The system of claim 18, wherein the trailer is comprised in the third memory, and wherein, in addition to the plurality of non-contiguous memory locations storing the signature, the trailer comprises random values.
  - 20. The system of claim 12, wherein the first memory, the embedded controller, and the third memory are comprised in a system-on-chip (SoC) in the system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microchip Technology Incorporated
Original Assignee
Standard Microsystems Corporation (Microchip Technology Incorporated)
Inventors
Berenbaum, Alan D., Weiss, Raphael

Granted Patent

US 8,006,095 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/180
CPC Class Codes

H04L 9/3247 involving digital signatures

Configurable Signature for Authenticating Data or Program Code

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Configurable Signature for Authenticating Data or Program Code

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others