Integrated Cryptographic Security Module for a Network Node
First Claim
Patent Images
1. A system comprising:
- a controller including a processor and a memory device having program instructions stored therein that, when executed by the processor, cause the controller to generate a request for a cryptographic operation, said request including one or more descriptors of the cryptographic operation;
a cryptographic unit communicatively linked to the controller, the cryptographic unit including;
a random number generator configured to generate random values;
a non-volatile memory device having values generated by the random number generator stored therein;
a restrictor device comprised of hardware logic, said restrictor logic causing the restrictor device to prevent access to the values stored in the non-volatile memory device based on the one or more descriptors of the requested cryptographic operation;
a cryptographic accelerator comprised of hardware logic, the accelerator logic causing the cryptographic accelerator to perform the requested cryptographic operation using one or more of the values stored in the non-volatile memory device that correspond to the requested cryptographic operation;
a finite state device comprised of hardware logic, said finite state logic causing the finite state device to enter one of a plurality of states based on a command received from the controller, wherein the states include a first state that allows the cryptographic accelerator to retrieve values stored in the non-volatile recording device and prevents changes to said values.
3 Assignments
0 Petitions
Accused Products
Abstract
A system that provides a cryptographic unit that generates secret keys that are not directly accessible to software executed by a controller. The cryptographic unit can include a restrictor device, a finite state machine, a random number generator communicatively and a memory. The memory stores values generated by the random number generator. The restrictor device and the finite state machine include hardware logic that restricts access or changes to the contents of the memory.
77 Citations
24 Claims
-
1. A system comprising:
-
a controller including a processor and a memory device having program instructions stored therein that, when executed by the processor, cause the controller to generate a request for a cryptographic operation, said request including one or more descriptors of the cryptographic operation; a cryptographic unit communicatively linked to the controller, the cryptographic unit including; a random number generator configured to generate random values; a non-volatile memory device having values generated by the random number generator stored therein; a restrictor device comprised of hardware logic, said restrictor logic causing the restrictor device to prevent access to the values stored in the non-volatile memory device based on the one or more descriptors of the requested cryptographic operation; a cryptographic accelerator comprised of hardware logic, the accelerator logic causing the cryptographic accelerator to perform the requested cryptographic operation using one or more of the values stored in the non-volatile memory device that correspond to the requested cryptographic operation; a finite state device comprised of hardware logic, said finite state logic causing the finite state device to enter one of a plurality of states based on a command received from the controller, wherein the states include a first state that allows the cryptographic accelerator to retrieve values stored in the non-volatile recording device and prevents changes to said values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A memory device comprising a read/write memory and a finite state machine that links the read/write memory to a processor, wherein said finite state machine includes hardware logic that causes the finite state machine to perform the following operations:
-
retrieve, in response to a command issued by the processor, a value from a predefined location of the read/write memory; determine whether the retrieved value is equal to a predefined value; and when the retrieved value is determined to be equal the predefined value, enter a first state that allows retrieval of other values stored in the read/write memory and prevents changes to said values. - View Dependent Claims (13, 14, 15)
-
-
16. A memory device comprising:
-
a read/write memory; a random number generator device; and a finite state machine that links the read/write memory to a processor, wherein the finite state machine includes hardware logic that causes the finite state machine to enter one of a plurality of states based on a value recorded in a predetermined location of the read/write memory, said states including; when the finite state machine determines that the value is equal to a first predefined value, the finite state machine enters a first state in which the finite state machine enables access to information in the read/write memory and prevents changes to said information; and when the finite state machine determines that the value is not equal to a predefined second value, the finite state machine enters a second state in which the finite state machine enables the information in the read/write memory to be overwritten with values generated by the random number generator device. - View Dependent Claims (17)
-
-
18. A cryptographic device comprising:
-
a finite state machine having a plurality of states; a random number generator device communicatively linked to the finite state machine; and a read/write memory communicatively linked to the finite state machine, said memory device storing a key value generated by the random number generator and storing a value in a predetermined location of the read/write memory. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
a controller including means for requesting for a cryptographic operation, said request including one or more descriptors of the cryptographic operation; and a cryptographic unit communicatively linked to the controller, wherein the cryptographic unit includes; random number generator means for generating random values; read/write memory means for storing values generated by the random number generator means; restrictor means for preventing access to the values stored in the read/write memory means based on the one or more descriptors of the requested cryptographic operation; cryptographic accelerator means for performing the requested cryptographic operation using one or more of the values stored in the read/write memory means that correspond to the requested cryptographic operation; and access control means for entering one of a plurality of states based on a command received from the controller, wherein the states include a first state that allows the cryptographic accelerator to retrieve values stored in the read/write memory means and prevents changes to said values.
-
Specification