Secure Computing Device with Monotonic Counter and Method Therefor
First Claim
1. A secure computing device which produces a monotonic count value in response to a read operation, said device comprising:
- a counter configured to count in response to a count signal and to provide a first portion of said monotonic count value;
a register of at least one independent one-time-programmable bit configured to provide a second portion of said monotonic count value; and
a synchronizer coupled to said counter and to said register, said synchronizer being configured to supply both of said first and second portions of said monotonic count value in response to said read operation and to prevent said counter from altering said monotonic count value between an initiation and a termination of said read operation.
27 Assignments
0 Petitions
Accused Products
Abstract
A secure computing device (14) includes a secure processing section (30) having a tamper detection circuit (58) and a monotonic counter (68). The tamper detection circuit (58) detects an event which suggests that the trust associated with the secure processing section (30) may have been compromised. When such an event is detected, a security breach is declared and trusted software (38) is disabled. After a security breach is declared, the monotonic counter (68) may be reclaimed. The monotonic counter (68) provides a monotonic count value (70) that includes an LSB portion (80) and an MSB portion (82). The LSB portion (80) is obtained from a binary counter (72). The MSB portion (82) is obtained from a register (84) of independent one-time-programmable bits. The monotonic counter (68) is reclaimed by programming one of the one-time programmable bits to guarantee that future counting of the monotonic counter will be monotonic relative to all past counting.
-
Citations
20 Claims
-
1. A secure computing device which produces a monotonic count value in response to a read operation, said device comprising:
-
a counter configured to count in response to a count signal and to provide a first portion of said monotonic count value; a register of at least one independent one-time-programmable bit configured to provide a second portion of said monotonic count value; and a synchronizer coupled to said counter and to said register, said synchronizer being configured to supply both of said first and second portions of said monotonic count value in response to said read operation and to prevent said counter from altering said monotonic count value between an initiation and a termination of said read operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of operating a secure computing device having a secure processing section which produces a monotonic count value, said method comprising:
-
controlling a counter to produce a first portion of said monotonic count value in response to a count signal; forming a second portion of said monotonic count value in a register of independent one-time-programmable bits; and supplying both of said first and second portions of said monotonic count value in response to a read operation. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of operating a secure computing device having a secure processing section which produces a monotonic count value, said method comprising:
-
controlling a counter to produce a least-significant-bits portion of said monotonic count value in response to a count signal; forming a most-significant-bits portion of said monotonic count value in a register of independent one-time-programmable bits; programming one of said one-time-programmable bits; supplying both of said least-significant-bits portion and most-significant-bits portion of said monotonic count value in response to a read operation; and synchronizing said count signal and said read operation to prevent changes in said least-significant-bits portion of said monotonic count value during said read operation. - View Dependent Claims (19)
-
-
20. A method as claimed in claim 20 additionally comprising detecting, prior to programming said one of said one-time-programmable bits, a security breach in said secure computing device.
Specification