Increasing Security in Inter-Chip Communication

US 20150052364A1
Filed: 09/23/2014
Published: 02/19/2015
Est. Priority Date: 03/08/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a random number generator (“

RNG”

);

a sending control module coupled to receive random numbers from the (“

RNG”

), the sending control module including;

a system sense module coupled to generate an authentication signature of the sending control unit by performing a system integrity check, the system integrity check including sending challenge signals to measure analog characteristics of an embedded system that includes the sending control module; and

combining logic coupled to generate a hashed authentication signature based on a fresh random number from the RNG and the authentication signature of the sending control unit;

a communication bus coupled to the sending control module, wherein the combining logic is coupled to generate a communication frame by combining the hashed authentication signature and the data and coupled to send the communication frame onto the communication bus; and

a receiving control module coupled to the communication bus to receive the communication frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for increasing security in inter-chip communication includes a sending control module, a communication bus, and a receiving control module. The communication bus is coupled between the sending control module and the receiving control module. The sending control module operates to send data on the communication bus, disable the communication bus when threats are detected, or both.

31 Citations

View as Search Results

14 Claims

1. A system comprising:
- a random number generator (“
  
  RNG”
  
  );
  
  a sending control module coupled to receive random numbers from the (“
  
  RNG”
  
  ), the sending control module including;
  
  a system sense module coupled to generate an authentication signature of the sending control unit by performing a system integrity check, the system integrity check including sending challenge signals to measure analog characteristics of an embedded system that includes the sending control module; and
  
  combining logic coupled to generate a hashed authentication signature based on a fresh random number from the RNG and the authentication signature of the sending control unit;
  
  a communication bus coupled to the sending control module, wherein the combining logic is coupled to generate a communication frame by combining the hashed authentication signature and the data and coupled to send the communication frame onto the communication bus; and
  
  a receiving control module coupled to the communication bus to receive the communication frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the sending control module further includes encryption logic coupled to generated encrypted data, and wherein the data is encrypted data.
  - 3. The system of claim 2, wherein the encryption logic is coupled to the RNG to receive the fresh random number and coupled to generate combined data from combining the fresh random number with stored data, the encryption logic further coupled to generate the encrypted data by encrypting the combined data.
  - 4. The system of claim 2, wherein combining the hashed authentication signature and the encrypted data includes inserting bits of the hashed authentication signature between bits of the encrypted data.
  - 5. The system of claim 4, wherein the bits of the authentication data are inserted in random order between the bits of the encrypted data.
  - 6. The system of claim 1, wherein the combining logic is coupled to generate a hash seed from combining the fresh random number from the RNG with a previous hash seed, and wherein the combining logic is coupled to use the hash seed to generate the hashed authentication signature.
  - 7. The system of claim 1, wherein the receiving control module includes firewall logic coupled to reject the communication frame when it does not include the correct authentication data.
  - 8. The system of claim 1, wherein the RNG is external to the sending control module.

9. An embedded system comprising:
- a sending control module;
  
  a communication bus, wherein the sending control module is coupled to send a communication frame over the communication bus, the communication frame including a hashed authentication signature and encrypted data, the hashed authentication signature identifying the sending control module; and
  
  a receiving control module coupled to the communication bus to receive the communication frame, the receiving control module including;
  
  firewall logic coupled to the communication bus to determine whether the hashed authentication signature in the communication frame is valid; and
  
  decryption logic coupled to the firewall logic, wherein the firewall logic sends the communication frame to the decryption logic when the hashed authentication signature is valid, and wherein the firewall logic is coupled to send an abort signal to the decryption logic when the hashed authentication signature is not valid.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The embedded system of claim 9, wherein the encrypted data includes a fresh randomly generated number, and wherein the decryption logic is coupled to decrypt the encrypted data and then combine the fresh randomly generated number with a previous hash seed to generate a next hash seed, the decryption logic coupled to send the next hash seed to the firewall logic for determining whether a next hashed authentication signature in a next communication frame is valid.
  - 11. The embedded system of claim 9, wherein the sending control module includes hash logic coupled to generate the hashed authentication signature from a hash seed and an authentication signature of the sending control module.
  - 12. The embedded system of claim 9, wherein the decryption logic includes a decryption accumulator, and wherein the decryption logic is coupled to flush the decryption accumulator in response to receiving the abort signal from the firewall logic.
  - 13. The embedded system of claim 12, wherein the receiving control module is coupled to send a Not-Acknowledge (“
    - NACK”
      
      ) to the sending control module when the hashed authentication signature is not valid.
  - 14. The embedded system of claim 9, wherein the receiving control module is coupled to send an Acknowledge (“
    - ACK”
      
      ) to the sending control module when the hashed authentication signature is valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National Technology & Engineering Solutions Of Sandia LLC (Honeywell International Inc.)
Original Assignee
Sandia Corporation (Martin Marietta Corporation)
Inventors
Edwards, Nathan J., Hamlet, Jason, Bauer, Todd, Helinski, Ryan

Granted Patent

US 9,722,796 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/180
CPC Class Codes

G06F 11/27   Built-in tests

G06F 21/556   involving covert channels, ...

G06F 21/755   with measures against power...

G06F 21/85   interconnection devices, e....

G09C 1/00   Apparatus or methods whereb...

H01L 23/57   Protection from inspection,...

H01L 2924/00   Indexing scheme for arrange...

H01L 2924/0002   Not covered by any one of g...

H04L 2209/12   Details relating to cryptog...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 9/003   for power analysis, e.g. di...

H04L 9/0869   involving random numbers or...

H04L 9/3247   involving digital signatures

H04L 9/3278   using physically unclonable...

Increasing Security in Inter-Chip Communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Increasing Security in Inter-Chip Communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links