Encryption Apparatus with Diverse Key Retention Schemes
First Claim
1. An encryption apparatus with diverse key retention schemes comprising:
- a first key register, configured as a non-volatile, read-only register, for storing a permanent cryptographic key;
a second key register, configured as a read-write register, for storing one of a blank key and an erasable cryptographic key;
a combining circuit coupled to said first and second key registers for generating an operating cryptographic key from said permanent cryptographic key and said one of said blank key and said erasable cryptographic key; and
an encryption engine coupled to said combining circuit and configured to encrypt plaintext data into ciphertext data using said operating cryptographic key and to decrypt said ciphertext data into said plaintext data using said operating cryptographic key.
31 Assignments
0 Petitions
Accused Products
Abstract
An encryption apparatus (14) includes a secure processing system (12) in the form of an integrated circuit. The secure processing system (12) includes an on-chip secure memory system (30). The secure memory system (30) includes a non-volatile, read-only, permanent key register (62) in which a permanent cryptographic key (64) is stored. The secure memory system (30) also includes a non-volatile, read-write, erasable key register (56) in which an erasable cryptographic key (60) is stored. Symmetric cryptographic operations take place in an encryption engine (46) using an operating cryptographic key (68) formed by combining (96) the permanent and erasable keys (64, 60). A tamper detection circuit (70) detects tampering and erases the erasable key (60) when a tamper event is detected.
85 Citations
20 Claims
-
1. An encryption apparatus with diverse key retention schemes comprising:
-
a first key register, configured as a non-volatile, read-only register, for storing a permanent cryptographic key; a second key register, configured as a read-write register, for storing one of a blank key and an erasable cryptographic key; a combining circuit coupled to said first and second key registers for generating an operating cryptographic key from said permanent cryptographic key and said one of said blank key and said erasable cryptographic key; and an encryption engine coupled to said combining circuit and configured to encrypt plaintext data into ciphertext data using said operating cryptographic key and to decrypt said ciphertext data into said plaintext data using said operating cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of operating an encryption apparatus with diverse key retention schemes, said method comprising:
-
storing a permanent cryptographic key in a first non-volatile key register, said first key register being a read-only register; storing an erasable cryptographic key in a second non-volatile key register, said second register being a read-write register; generating an operating cryptographic key from said permanent cryptographic key and said erasable cryptographic key; encrypting plaintext data into ciphertext data using said operating cryptographic key; decrypting said ciphertext data into said plaintext data using said operating cryptographic key; monitoring for a tamper event; and erasing said erasable cryptographic key when said tamper event is detected so that said second key register then stores a blank key. - View Dependent Claims (16, 17, 18)
-
-
19. An encryption apparatus with diverse key retention schemes comprising:
-
a first key register, configured as a non-volatile, read-only register, for storing a permanent cryptographic key; a second key register, configured as a non-volatile, read-write register, for storing an erasable cryptographic key; a tamper detection circuit coupled to said second key register and configured to erase said erasable cryptographic key to form a blank key upon the detection of a tamper event; a combining circuit coupled to said first and second key registers for generating a first operating cryptographic key from said permanent cryptographic key and said erasable cryptographic key and for generating a second operating cryptographic key from said permanent cryptographic key and said blank key; and an encryption engine coupled to said combining circuit and configured to encrypt plaintext data into ciphertext data using said first operating cryptographic key, to successfully decrypt said ciphertext data into said plaintext data when using said first operating cryptographic key, and to unsuccessfully decrypt said ciphertext data when using said second operating cryptographic key. - View Dependent Claims (20)
-
Specification