SECURE PROCESSOR AND A PROGRAM FOR A SECURE PROCESSOR

US 20140089680A1
Filed: 11/27/2013
Published: 03/27/2014
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A processor comprising:

a key memory unit configured to store a key;

an instruction code memory unit configured to store a first program in a non-rewritable format;

an authentication unit configured to authenticate the first program by using the key and an electronic signature corresponding to the first program;

a secure core configured to execute the first program which is authenticated by the authentication unit; and

a normal core configured to execute a second program which is not authenticated by the authentication unit,wherein the normal core is booted in response to the execution of the first program by the secure core.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.

12 Citations

View as Search Results

34 Claims

1. A processor comprising:
- a key memory unit configured to store a key;
  
  an instruction code memory unit configured to store a first program in a non-rewritable format;
  
  an authentication unit configured to authenticate the first program by using the key and an electronic signature corresponding to the first program;
  
  a secure core configured to execute the first program which is authenticated by the authentication unit; and
  
  a normal core configured to execute a second program which is not authenticated by the authentication unit,wherein the normal core is booted in response to the execution of the first program by the secure core.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The processor according to claim 1,wherein the key is specific to the secure core.
  - 3. The processor according to claim 1,wherein the instruction code memory unit is configured to store the first program in an encrypted format.
  - 4. The processor according to claim 1,wherein the authentication unit is configured to decrypt the electronic signature by using the key and to authenticate the first program when an obtained decryption result matches a result of an operation performed on the first program.
  - 5. The processor according to claim 1,wherein the normal core is booted after the secure core is booted.
  - 6. The processor according to claim 1,wherein the encryption processing unit is configured to encrypt a target instruction code which is included in the first program and authenticated by the authentication unit and to store the target instruction code to a page unit in a memory.
  - 7. The processor according to claim 1,wherein, when an encryption key is specified in authentication information corresponding to the first program, an encryption processing unit performs encryption of the first program by using the specified key.
  - 8. The processor according to claim 7,wherein, when the encryption key is not specified in the authenticated information, the encryption processing unit performs encryption of the first program by using an arbitrary page key.
  - 9. The secure processor according to claim 1,wherein an encryption processing unit is configured to perform encryption of the data of an process corresponding to the authenticated first program by using a different encryption key which is different from the key for the first program.
  - 10. The processor according to claim 1, comprisinga code execution termination processing unit configured to terminate the execution of the first program for which the authentication by the authentication unit has failed.
  - 11. The processor according to claim 1, comprisinga normal core monitoring unit configured to terminate operation of the normal core or branch out to a specific processing when the secure core monitors the operation of the normal core after booting of the normal core and an abnormal state is detected.
  - 12. The processor according to claim 1,wherein the secure core is configured to supply a core control signal to the normal core to control the operations of the normal core.
  - 13. The processor according to claim 1,wherein an access to the key is permitted to the secure core, and the access to the key is prohibited to the normal core.
  - 14. The processor according to claim 6, comprisingan illegal instruction execution termination unit configured to terminate the execution of the encrypted first program at the page unit when an illegal instruction is detected while the encrypted first program stored in the memory unit is executed.
  - 15. The processor according to claim 1,wherein an encryption processing unit is configured to perform encryption of the data of an process corresponding to the authenticated first program by using the key corresponding to the first program when the first program is stored in a data storage area.
  - 16. The processor according to claim 13, comprisinga key generation unit configured to generate a pair of a public key and a secret key, and a shared key, by using the key stored in the key memory unit under control of the secure core.
  - 17. The processor according to claim 16,wherein the secure core is configured to inform exteriorly a public key generated by the key generation unit via the normal core, to receive an original text which is encrypted by using the public key externally via the normal core, and to decrypt the encrypted original text by using the secret key.

18. A processor comprising:
- a key memory unit configured to store a key;
  
  an instruction code memory unit configured to store a first program in a non-rewritable format;
  
  an authentication unit configured to authenticate a second program by an execution of the first program by using the key and an electronic signature corresponding to the second program;
  
  a secure core configured to execute the second program which is authenticated by the authentication unit; and
  
  a normal core configured to execute a third program which is not authenticated by the authentication unit,wherein the normal core is booted in response to the execution of the second program by the secure core.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The processor according to claim 18,wherein the key is specific to the secure core.
  - 20. The processor according to claim 18,wherein the instruction code memory unit is configured to store the first program in an encrypted format.
  - 21. The processor according to claim 18,wherein the authentication unit is configured to decrypt the electronic signature by using the key and to authenticate the second program when an obtained decryption result matches a result of an operation performed on the second program.
  - 22. The processor according to claim 18,wherein the normal core is booted after the secure core is booted.
  - 23. The processor according to claim 18,wherein the encryption processing unit is configured to encrypt a target instruction code which is included in the second program and authenticated by the authentication unit and to store the target instruction code to a page unit in a memory.
  - 24. The processor according to claim 18,wherein, when an encryption key is specified in authentication information corresponding to the second program, an encryption processing unit performs encryption of the second program by using the specified key.
  - 25. The processor according to claim 24,wherein, when the encryption key is not specified in the authenticated information, the encryption processing unit performs encryption of the second program by using an arbitrary page key.
  - 26. The secure processor according to claim 18,wherein an encryption processing unit is configured to perform encryption of the data of an process corresponding to the authenticated second program by using a different encryption key which is different from the key for the second program.
  - 27. The processor according to claim 18, comprisinga code execution termination processing unit configured to terminate the execution of the second program for which the authentication by the authentication unit has failed.
  - 28. The processor according to claim 18, comprisinga normal core monitoring unit configured to terminate operation of the normal core or branch out to a specific processing when the secure core monitors the operation of the normal core after booting of the normal core and an abnormal state is detected.
  - 29. The processor according to claim 18,wherein the secure core is configured to supply a core control signal to the normal core to control the operations of the normal core.
  - 30. The processor according to claim 18,wherein an access to the key is permitted to the secure core, and the access to the key is prohibited to the normal core.
  - 31. The processor according to claim 23, comprisingan illegal instruction execution termination unit configured to terminate the execution of the encrypted second program at the page unit when an illegal instruction is detected while the encrypted second program stored in the memory unit is executed.
  - 32. The processor according to claim 18,wherein an encryption processing unit is configured to perform encryption of the data of an process corresponding to the authenticated second program by using the key corresponding to the second program when the second program is stored in a data storage area.
  - 33. The processor according to claim 30, comprisinga key generation unit configured to generate a pair of a public key and a secret key, and a shared key, by using the key stored in the key memory unit under control of the secure core.
  - 34. The processor according to claim 33,wherein the secure core is configured to inform exteriorly a public key generated by the key generation unit via the normal core, to receive an original text which is encrypted by using the public key externally via the normal core, and to decrypt the encrypted original text by using the secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Socionext Inc.
Original Assignee
Fujitsu Semiconductor Limited (Fujitsu Limited)
Inventors
GOTO, Seiji, Kamada, Jun, Tamiya, Taijji

Granted Patent

US 9,672,384 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/190
CPC Class Codes

G06F 12/1027   using associative or pseudo...

G06F 12/1408   by using cryptography for d...

G06F 13/24   using interrupt G06F13/32 t...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 21/575   Secure boot

G06F 21/64   Protecting data integrity, ...

G06F 21/70   Protecting specific interna...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/74   operating in dual or compar...

G06F 2212/1052   Security improvement

G06F 2212/682   Multiprocessor TLB consistency

SECURE PROCESSOR AND A PROGRAM FOR A SECURE PROCESSOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE PROCESSOR AND A PROGRAM FOR A SECURE PROCESSOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links