SYSTEMS, METHODS AND APPARATUSES FOR SECURE STORAGE OF DATA USING A SECURITY-ENHANCING CHIP

US 20140298040A1
Filed: 03/28/2014
Published: 10/02/2014
Est. Priority Date: 03/29/2013
Status: Active Grant

First Claim

Patent Images

1. A computer processor comprising:

a storage for storing an encryption key;

a central processing unit (CPU), the CPU being configured to run one or more software programs;

a circuit configured to;

calculate a hash function to generate a hash value for data loaded into the computer processor, the data comprising executable code for at least one of the one or more software programs; and

generate an authentication token, using the encryption key stored in the storage, for a request initiated by a software program running on the CPU.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer processor and a security enhancing chip may be provided. In one aspect, the computer processor may comprise a storage for storing an encryption key, a central processing unit (CPU) configured to execute one or more software programs, and a circuit configured to calculate a hash function to generate a hash value for data loaded into the computer processor and generate an authentication token for a request initiated by a software program running on the CPU. In another aspect, the security enhancing chip may comprise a first storage for storing an encryption key, a second storage for storing a certificate, a hash storage and circuit components configured to validate, using the first certificate, command(s) adding the encryption key to the first storage and storing a first hash to the hash storage, and to process a request if a second hash in the request is equal to the first hash.

30 Citations

View as Search Results

40 Claims

1. A computer processor comprising:
- a storage for storing an encryption key;
  
  a central processing unit (CPU), the CPU being configured to run one or more software programs;
  
  a circuit configured to;
  
  calculate a hash function to generate a hash value for data loaded into the computer processor, the data comprising executable code for at least one of the one or more software programs; and
  
  generate an authentication token, using the encryption key stored in the storage, for a request initiated by a software program running on the CPU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer processor of claim 1, wherein the request is one of a request to retrieve data, a request to store data, and a request for a service to be performed.
  - 3. The computer processor of claim 1, wherein the encryption key is a private key of a public and private key pair and the authentication token is a signature of the request.
  - 4. The computer processor of claim 3, wherein the CPU is further configured to:
    - generate the public and private key pair;
      
      store the private key of the public and private key pair in the storage as the encryption key;
      
      report the public key of the public/private key pair; and
      
      use the private key to sign the request as the authentication token for the request.
  - 5. The computer processor of claim 1, wherein the encryption key is a secret key and the authentication token is a message authentication code (MAC).
  - 6. The computer processor of claim 1, wherein the CPU is further configured to:
    - receive a nonce; and
      
      add the nonce to the request.
  - 7. The computer processor of claim 1, wherein to generate the authentication token comprises at least one of to encrypt the request and to sign the request.
  - 8. The computer processor of claim 1, further comprising a memory cache, and wherein the data loaded into the computer processor is loaded to the memory cache, and wherein the hash value for the data is calculated after the data is loaded to the memory cache.
  - 9. The computer processor of claim 1, further comprising a memory cache, and wherein the data loaded into the computer processor is loaded to the memory cache, and wherein the hash value for the data is calculated when the date is being loaded into the memory cache.
  - 10. The computer processor of claim 1, wherein the CPU is further configured to authenticate at least some portion of the data when reading the data into the computer processor.
  - 11. The computer processor of claim 1, wherein the circuit is one of:
    - a microprocessor, a microcontroller, a field programmable gate array (FPGA) and an application specific integrated circuit (ASIC).

12. A security enhancing chip, comprising:
- a first storage for storing an encryption key;
  
  a second storage for storing a first certificate;
  
  a hash storage; and
  
  circuit components configured to;
  
  receive a command to store a first hash value in the hash storage;
  
  validate the command to store the first hash value using the first certificate;
  
  store the first hash value in the hash storage when validation of the command to store the first hash value is successful;
  
  receive a command to add the encryption key to the first storage;
  
  validate the command to add the encryption key using the first certificate;
  
  add the encryption key to the first storage when validation of the command to add the encryption key is successful;
  
  receive a request for an operation, the request comprising a second hash value;
  
  validate the request using the encryption key;
  
  verify that the second hash value is equal to the first hash value stored in the hash storage; and
  
  process the request when the request is valid and verification of the second hash value is successful.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The security enhancing chip of claim 12, wherein the request is one of a request to retrieve data, a request to store data, and a request for a service to be performed.
  - 14. The security enhancing chip of claim 12, wherein the circuit components are further configured to verify that the request is received from a computer processor within a predefined distance.
  - 15. The security enhancing chip of claim 12, wherein to process the request the circuit components are further configured to store data in association with the second hash value.
  - 16. The security enhancing chip of claim 15, wherein the data in association with the second hash value is another encryption key to be stored at the security-enhancing chip.
  - 17. The security enhancing chip of claim 15, wherein the data in association with the second hash value is a piece of code to be stored at the security-enhancing chip.
  - 18. The security enhancing chip of claim 15, wherein the data in association with the second hash value is a second certificate to be stored within the security-enhancing chip.
  - 19. The security enhancing chip of claim 12, wherein the encryption key is a public key of a public and private key pair, and to validate the request using the encryption key the circuit components are further configured to verify a signature of the request using the public key.
  - 20. The security enhancing chip of claim 12, wherein the encryption key is a secret key and to validate the request using the encryption key the circuit components are further configured to verify a message authentication code (MAC) of the request using the secret key.

21. A method for operating a computer processor, comprising:
- calculating a hash function using a circuit in the computer processor to generate a hash value for data loaded into the computer processor, the data comprising executable code to be executed on a central processing unit (CPU) of the computer processor;
  
  initiating a request by a software program executing on the CPU, the request to comprise the hash value; and
  
  generating an authentication token for the request using the circuit and an encryption key stored in a storage of the computer processor.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The method claim 21, wherein the request is one of a request to retrieve data, a request to store data, and a request for a service to be performed.
  - 23. The method claim 21, wherein the encryption key is a private key of a public and private key pair and the authentication token is a signature of the request.
  - 24. The method of claim 23, further comprising:
    - generating the public and private key pair;
      
      storing the private key of the public and private key pair in the storage as the encryption key;
      
      reporting the public key of the public/private key pair; and
      
      using the private key to sign the request as the authentication token for the request.
  - 25. The method of claim 21, wherein the encryption key is a secret key and the authentication token is a message authentication code (MAC).
  - 26. The method of claim 21, further comprising:
    - receiving a nonce; and
      
      adding the nonce to the request.
  - 27. The method of claim 21, wherein generating the authentication token comprises at least one of encrypting the request and signing the request.
  - 28. The method of claim 21, wherein the computer processor comprises a memory cache and the data loaded into the computer processor is loaded to the memory cache, and wherein the hash value for the data is calculated after the data is loaded to the memory cache.
  - 29. The method of claim 21, wherein the computer processor comprises a memory cache and the data loaded into the computer processor is loaded to the memory cache, and wherein the hash value for the data is calculated when the date is being loaded into the memory cache.
  - 30. The method of claim 21, further comprising authenticating at least some portion of the data when reading the data into the computer processor.
  - 31. The method of claim 21, wherein the circuit is one of:
    - a microprocessor, a microcontroller, a field programmable gate array (FPGA) and an application specific integrated circuit (ASIC).

32. A method for operating a security enhancing chip, comprising:
- receiving a command to store a first hash value in a hash storage of the security enhancing chip;
  
  validating the command to store the first hash value using a first certificate stored in the security enhancing chip;
  
  storing the first hash value in the hash storage when validation of the command to store the first hash value is successful;
  
  receiving a command to add an encryption key to a first storage of the security enhancing chip;
  
  validating the command to add the encryption key using the first certificate;
  
  adding the encryption key to the first storage when validation of the command to add the encryption key is successful;
  
  receiving a request for an operation, the request comprising a second hash value;
  
  validating the request using the encryption key;
  
  verifying that the second hash value is equal to the first hash value stored in the hash storage; and
  
  processing the request when the request is valid and verification of the second hash value is successful.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
- - 33. The method of claim 32, wherein the request is one of a request to retrieve data, a request to store data, and a request for a service to be performed.
  - 34. The method of claim 32, further comprising verifying that the request is received from a computer processor within a predefined distance.
  - 35. The method of claim 32, wherein processing the request comprises storing data in association with the second hash value.
  - 36. The method of claim 35, wherein the data in association with the second hash value is another encryption key to be stored at the security-enhancing chip.
  - 37. The method of claim 35, wherein the data in association with the second hash value is a piece of code to be stored at the security-enhancing chip.
  - 38. The method of claim 35, wherein the data in association with the second hash value is a second certificate to be stored within the security-enhancing chip.
  - 39. The method of claim 32, wherein the encryption key is a public key of a public and private key pair, and validating the request using the encryption key comprises verifying a signature of the request using the public key.
  - 40. The method of claim 32, wherein the encryption key is a secret key and validating the request using the encryption key comprises verifying a message authentication code (MAC) of the request using the secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OLogN Technologies AG
Original Assignee
OLogN Technologies AG
Inventors
IGNATCHENKO, Sergey, IVANCHYKHIN, Dmytro

Granted Patent

US 10,528,767 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/192
CPC Class Codes

G06F 21/575 Secure boot

G06F 21/72 in cryptographic circuits

SYSTEMS, METHODS AND APPARATUSES FOR SECURE STORAGE OF DATA USING A SECURITY-ENHANCING CHIP

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS, METHODS AND APPARATUSES FOR SECURE STORAGE OF DATA USING A SECURITY-ENHANCING CHIP

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links