ENCRYPTION APPARATUS AND METHOD THEREFOR
First Claim
1. :
- An encryption apparatus having a reset port at which a reset signal is applied, said apparatus comprising;
a memory for storing a ciphertext key;
a first key register for storing a first plaintext key;
a second key register for storing a second plaintext key;
an encryption processor coupled to said first and second key registers;
a random number generator coupled to said first key register; and
a controller coupled to said random number generator, said memory, and said encryption processor, said controller being configured to cause said first plaintext key to be formed using said random number generator and stored in said first key register in response to activation of said reset signal and configured to cause a second plaintext key to be generated by said encryption processor from said ciphertext key using said first plaintext key and to be stored in said second key register.
27 Assignments
0 Petitions
Accused Products
Abstract
An encryption apparatus (14) includes an integrated circuit (34) having a secure processing section (30). A plaintext reset epoch key (154) is stored in the secure processing section (30) and configured to have a short life. A plaintext master key (160) is stored in the secure processing section (30) and configured to have a long life. A multiplicity of active keys (172) are generated, encrypted using a weaker but faster cryptographic algorithm (68) and the reset epoch key (154), then stored in a high-capacity key magazine (86) portion of unsecured memory (16, 18, 28). Some keys and data are also encrypted using a stronger but slower cryptographic algorithm (70) and the master key (160), then stored in unsecured memory (16, 18, 28). Keys (272, 372) may be converted between weaker, faster encryption and stronger, slower encryption.
-
Citations
20 Claims
-
1. :
- An encryption apparatus having a reset port at which a reset signal is applied, said apparatus comprising;
a memory for storing a ciphertext key; a first key register for storing a first plaintext key; a second key register for storing a second plaintext key; an encryption processor coupled to said first and second key registers; a random number generator coupled to said first key register; and a controller coupled to said random number generator, said memory, and said encryption processor, said controller being configured to cause said first plaintext key to be formed using said random number generator and stored in said first key register in response to activation of said reset signal and configured to cause a second plaintext key to be generated by said encryption processor from said ciphertext key using said first plaintext key and to be stored in said second key register. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- An encryption apparatus having a reset port at which a reset signal is applied, said apparatus comprising;
-
10. :
- A method of operating an encryption apparatus which receives resets and which performs cryptographic operations using keys stored in unsecured memory, said method comprising;
generating a first plaintext key in a secure processing section of said encryption apparatus in response to a reset; saving said first plaintext key in a first key register located within said secure processing section; retrieving a second ciphertext key from said unsecured memory to an encryption engine located within said secure processing section; decrypting said second ciphertext key using said first plaintext key to form a recovered second plaintext key; storing said recovered second plaintext key in a second key register located within said secure processing section; and performing one of said cryptographic operations in said secure processing section using said recovered second plaintext key. - View Dependent Claims (11, 12, 13, 14, 15)
- A method of operating an encryption apparatus which receives resets and which performs cryptographic operations using keys stored in unsecured memory, said method comprising;
-
16. :
- A method of operating an encryption apparatus having a secure processing section and having a high-capacity key magazine stored in unsecured memory, said method comprising;
generating, in said secure processing section, a first plaintext key; storing said first plaintext key in a first key register within said secure processing section, said first key register being configured as a volatile register; generating, in said secure processing section, a multiplicity of independent second plaintext keys; encrypting, using said first plaintext key, each of said multiplicity of second plaintext keys to form a corresponding multiplicity of second ciphertext keys; storing said multiplicity of second ciphertext keys in said unsecured memory to form said high-capacity key magazine; identifying one of said multiplicity of second ciphertext keys to use in performing a cryptographic operation; retrieving said one of said multiplicity of second ciphertext keys to said secure processing section; decrypting said one of said multiplicity of second ciphertext keys to form a recovered second plaintext key; retaining said recovered second plaintext key in a second key register within said secure processing section; and performing said cryptographic operation in said secure processing section using said recovered second plaintext key. - View Dependent Claims (17, 18, 19, 20)
- A method of operating an encryption apparatus having a secure processing section and having a high-capacity key magazine stored in unsecured memory, said method comprising;
Specification