METHODS, APPARATUS AND SYSTEMS TO IMPROVE SECURITY IN COMPUTER SYSTEMS
2 Assignments
0 Petitions
Accused Products
Abstract
According to some implementations methods, apparatus and systems are provided involving the use of processors having at least one core with a security component, the security component adapted to read and verify data within data blocks stored in a L1 instruction cache memory and to allow the execution of data block instructions in the core only upon the instructions being verified by the use of a cryptographic algorithm.
-
Citations
36 Claims
-
1-16. -16. (canceled)
-
17. A multi-core processor comprising:
-
a. a secure core, comprising; i. an L1 instruction cache memory comprising cache lines, the secure core L1 instruction cache memory configured to store data blocks of a first computer program, the first computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions, and third data usable to verify the second data; and ii. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a data block of the first computer program, read the first data of the data block identifying the cryptographic key, read from the memory inside the security component the first cryptographic key identified in the first data, execute a first cryptographic algorithm that uses the first cryptographic key and the third data of the data block to verify the second data of the data block comprising executable instructions, and allow the secure core to execute the executable instructions after the second data is verified; and b. a non-secure core comprising an L1 instruction cache memory, the non-secure core L1 instruction cache memory comprising cache lines configured to store executable instructions of a second computer program, the non-secure core further configured to execute the executable instructions of the second computer program. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A multi-core processor comprising:
-
a. a first core comprising an L1 instruction cache memory, the first core L1 instruction cache comprising cache lines and configured to store data blocks of a first computer program, the first computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions, and third data usable to verify the second data; b. a second core comprising an L1 instruction cache memory, the second core L1 instruction cache comprising cache lines and configured to store data blocks of a second computer program, the second computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions, and third data usable to verify the second data; and c. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a data block of a computer program stored in the L1 cache of a core selected from either the first core or the second core, read the first data of the data block identifying a cryptographic key, read from the memory inside the security component the first cryptographic key identified in the first data, execute a first cryptographic algorithm that uses the first cryptographic key and the third data of the data block to verify the second data of the data block comprising executable instructions, and allow the selected core to execute the executable instructions after the second data is verified. - View Dependent Claims (24, 25, 26, 27, 28)
-
-
29. A multi-core processor comprising:
-
a. a first core, comprising; i. an L1 instruction cache memory comprising cache lines and configured to store data blocks of a first computer program, the first computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions of the first computer program, and third data usable to verify the second data; and ii. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a first computer program data block, read the first data of the first computer program data block identifying a first cryptographic key, read from the memory inside the security component the first cryptographic key identified in the first data of the first computer program data block, execute a first cryptographic algorithm that uses the first cryptographic key and the third data of the first computer program data block to verify the second data of the first computer program data block comprising executable instructions and allow the first core to execute the executable instructions after the second data of the first computer program data block is verified; and b. a second core, comprising i. a L1 instruction cache memory comprising cache lines and configured to store data blocks of a second computer program, the second computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions of the second computer program and third data usable to verify the second data; and ii. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a second computer program data block, read the first data of the second computer program data block identifying a second cryptographic key, read from the memory inside the security component the second cryptographic key identified in the first data of the second computer program data block, execute a second cryptographic algorithm that uses the second cryptographic key and the third data of the second computer program data block to verify the second data of the second computer program data block comprising executable instructions and allow the second core to execute the executable instructions after the second data of the second computer program data block is verified. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
Specification