METHODS, APPARATUS AND SYSTEMS TO IMPROVE SECURITY IN COMPUTER SYSTEMS

US 20120331308A1
Filed: 09/26/2011
Published: 12/27/2012
Est. Priority Date: 06/22/2011
Status: Abandoned Application

First Claim

Patent Images

1-16. -16. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to some implementations methods, apparatus and systems are provided involving the use of processors having at least one core with a security component, the security component adapted to read and verify data within data blocks stored in a L1 instruction cache memory and to allow the execution of data block instructions in the core only upon the instructions being verified by the use of a cryptographic algorithm.

Citations

36 Claims

1-16. -16. (canceled)

17. A multi-core processor comprising:
- a. a secure core, comprising;
  
  i. an L1 instruction cache memory comprising cache lines, the secure core L1 instruction cache memory configured to store data blocks of a first computer program, the first computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions, and third data usable to verify the second data; and
  
  ii. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a data block of the first computer program, read the first data of the data block identifying the cryptographic key, read from the memory inside the security component the first cryptographic key identified in the first data, execute a first cryptographic algorithm that uses the first cryptographic key and the third data of the data block to verify the second data of the data block comprising executable instructions, and allow the secure core to execute the executable instructions after the second data is verified; and
  
  b. a non-secure core comprising an L1 instruction cache memory, the non-secure core L1 instruction cache memory comprising cache lines configured to store executable instructions of a second computer program, the non-secure core further configured to execute the executable instructions of the second computer program.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The multi-core processor of claim 17, wherein the first computer program data block comprises fourth data identifying the first cryptographic algorithm.
  - 19. The multi-core processor of claim 17, wherein the cryptographic module comprises logic gates adapted and configured to implement Boolean functions that are usable to execute the first cryptographic algorithm.
  - 20. The multi-core processor of claim 17, wherein the cryptographic module comprises a Field Programmable Gate Array adapted to be selectively configured, reconfigured, or programmed to execute one or more cryptographic algorithms.
  - 21. The multi-core processor of claim 17, wherein the first cryptographic key comprises a secret key and the first cryptographic algorithm comprises a symmetric cryptographic algorithm.
  - 22. The multi-core processor of claim 17, wherein the first cryptographic key comprises a public key associated with a private key and the first cryptographic algorithm comprises an asymmetric cryptographic algorithm.

23. A multi-core processor comprising:
- a. a first core comprising an L1 instruction cache memory, the first core L1 instruction cache comprising cache lines and configured to store data blocks of a first computer program, the first computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions, and third data usable to verify the second data;
  
  b. a second core comprising an L1 instruction cache memory, the second core L1 instruction cache comprising cache lines and configured to store data blocks of a second computer program, the second computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions, and third data usable to verify the second data; and
  
  c. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a data block of a computer program stored in the L1 cache of a core selected from either the first core or the second core, read the first data of the data block identifying a cryptographic key, read from the memory inside the security component the first cryptographic key identified in the first data, execute a first cryptographic algorithm that uses the first cryptographic key and the third data of the data block to verify the second data of the data block comprising executable instructions, and allow the selected core to execute the executable instructions after the second data is verified.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The multi-core processor of claim 23, wherein at least a data block of one of the first computer program or the second computer program comprises fourth data identifying a cryptographic algorithm.
  - 25. The multi-core processor of claim 23, wherein the cryptographic module comprises logic gates adapted and configured to implement Boolean functions that are usable to execute the cryptographic algorithm.
  - 26. The multi-core processor of claim 23, wherein the cryptographic module comprises a Field Programmable Gate Array adapted to be selectively configured, reconfigured, or programmed to execute one or more cryptographic algorithms.
  - 27. The multi-core processor of claim 23, wherein the first cryptographic key comprises a secret key and the first cryptographic algorithm comprises a symmetric cryptographic algorithm.
  - 28. The multi-core processor of claim 23, wherein the first cryptographic key comprises a public key associated with a private key and the first cryptographic algorithm comprises an asymmetric cryptographic algorithm.

29. A multi-core processor comprising:
- a. a first core, comprising;
  
  i. an L1 instruction cache memory comprising cache lines and configured to store data blocks of a first computer program, the first computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions of the first computer program, and third data usable to verify the second data; and
  
  ii. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a first computer program data block, read the first data of the first computer program data block identifying a first cryptographic key, read from the memory inside the security component the first cryptographic key identified in the first data of the first computer program data block, execute a first cryptographic algorithm that uses the first cryptographic key and the third data of the first computer program data block to verify the second data of the first computer program data block comprising executable instructions and allow the first core to execute the executable instructions after the second data of the first computer program data block is verified; and
  
  b. a second core, comprisingi. a L1 instruction cache memory comprising cache lines and configured to store data blocks of a second computer program, the second computer program data blocks comprising first data identifying a cryptographic key, second data comprising executable instructions of the second computer program and third data usable to verify the second data; and
  
  ii. a security component comprising a memory configured to store cryptographic keys and a cryptographic module comprising hardware configured to execute one or more cryptographic algorithms, the security component configured to access the data of a second computer program data block, read the first data of the second computer program data block identifying a second cryptographic key, read from the memory inside the security component the second cryptographic key identified in the first data of the second computer program data block, execute a second cryptographic algorithm that uses the second cryptographic key and the third data of the second computer program data block to verify the second data of the second computer program data block comprising executable instructions and allow the second core to execute the executable instructions after the second data of the second computer program data block is verified.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. The multi-core processor of claim 29, wherein at least one of the first computer program data blocks and the second computer program data blocks comprises fourth data identifying a cryptographic algorithm.
  - 31. The multi-core processor of claim 29, wherein the cryptographic modules comprise logic gates adapted and configured to implement Boolean functions that are usable to execute the cryptographic algorithm.
  - 32. The multi-core processor of claim 29, wherein the cryptographic modules comprise a Field Programmable Gate Array adapted and configured to be selectively configured, reconfigured, or programmed to execute one or more cryptographic algorithms.
  - 33. The multi-core processor of claim 29, wherein the first cryptographic key comprises a secret key and the first cryptographic algorithm comprises a symmetric cryptographic algorithm.
  - 34. The multi-core processor of claim 29, wherein the first cryptographic key comprises a public key associated with a private key and the first cryptographic algorithm comprises an asymmetric cryptographic algorithm.
  - 35. The multi-core processor of claim 29, wherein the second cryptographic key comprises a secret key and the second cryptographic algorithm comprises a symmetric cryptographic algorithm.
  - 36. The multi-core processor of claim 29, wherein the second cryptographic key comprises a private key associated with a public key and the second cryptographic algorithm comprises an asymmetric cryptographic algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Media Patents S.L.
Original Assignee
Media Patents S.L.
Inventors
Fernández Gutiérrez, Álvaro

Application Number

US13/244,782
Publication Number

US 20120331308A1
Time in Patent Office

Days
Field of Search
US Class Current

713/190
CPC Class Codes

G06F 21/71 to assure secure computing ...

G06F 21/72 in cryptographic circuits

METHODS, APPARATUS AND SYSTEMS TO IMPROVE SECURITY IN COMPUTER SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, APPARATUS AND SYSTEMS TO IMPROVE SECURITY IN COMPUTER SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links