Computational System

US 20150095660A1
Filed: 09/30/2013
Published: 04/02/2015
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A computational system configured to protect against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked,wherein the critical resource is configured to intermittently transmit a polling value to the processing unit, the processing unit being configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource, and the critical resource being configured to check the response value on correctness so as to obtain a check result, and subject the controllability to a dependency on the check result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computational system is configured to protect against integrity violation. The computational system includes a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked. The critical resource is configured to intermittently transmit a polling value to the processing unit, and the processing unit is configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource. The critical resource is configured to check the response value on correctness so as to obtain a check result, and subject the controllability to a dependency on the check result.

18 Citations

View as Search Results

22 Claims

1. A computational system configured to protect against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked,wherein the critical resource is configured to intermittently transmit a polling value to the processing unit, the processing unit being configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource, and the critical resource being configured to check the response value on correctness so as to obtain a check result, and subject the controllability to a dependency on the check result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computational system according to claim 1, wherein the critical resource is configured to initiate the transmission of the polling value to the critical resource upon receipt of a command from the processing unit controlling the critical resource so as to unlock.
  - 3. The computational system according to claim 1, wherein the critical resource is configured to subject the controllability to a dependency on the check result of the response value of a sequence of polling values.
  - 4. The computational system according to claim 1, wherein the critical resource is configured to subject the controllability to a dependency on the check result of the response value of a sequence of polling values, wherein the critical resource comprises a plurality of registers and is configured to read the sequence of polling values from different ones of the plurality of registers.
  - 5. The computational system according to claim 1, wherein the critical resource comprises a register, the critical resource being configured to read the polling value from the register and write back the response value to the register so as to serve as polling value for a next transmission to the processing unit.
  - 6. The computational system according to claim 5, wherein the critical resource is configured to subject the controllability to a dependency on the check result of the response value of a sequence of polling values.
  - 7. The computational system according to claim 5, wherein the critical resource is configured to intermittently change a storage content of the register.
  - 8. The computational system according to claim 5, wherein the critical resource is configured to intermittently change a storage content of the register using a random or pseudo-random sequence of values.
  - 9. The computational system according to claim 1, wherein the processing unit is configured to sequentially change the transformation in a deterministically manner.
  - 10. The computational system according to claim 1, wherein the critical resource is configured to, in subjecting the controllability to a dependency on the check result, count a number of accesses of the processing unit to the critical resource during the critical resource being unlocked, so as to automatically lock upon the number of accesses exceeding a predetermined value.
  - 11. The computational system according to claim 1, wherein the critical resource is configured to, in subjecting the controllability to a dependency on the check result, measure a time duration of the critical resource being unlocked, so as to automatically lock upon the time duration exceeding a predetermined value.
  - 12. The computational system according to claim 1, wherein the processing unit is configured to control the critical resource so as to be locked in case of the critical resource being not required for an operation of the computational system, and unlocked in case of the critical resource being required for the operation of the computational system.

13. A method for protecting a computational system against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked, wherein the method comprises:
- intermittently transmitting a polling value from the critical resource to the processing unit;
  
  applying a transformation onto the polling value so as to obtain a response value;
  
  sending the response value from the processing unit back to the critical resource;
  
  checking the response value on correctness so as to obtain a check result; and
  
  subjecting the controllability of the critical resource to a dependency on the check result.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method according to claim 13, comprising:
    - initiating the transmission of the polling value to the critical resource upon receipt of a command from the processing unit controlling the critical resource so as to unlock.
  - 15. The method according to claim 13, comprising:
    - subjecting the controllability to a dependency on the check result of the response value of a sequence of polling values.
  - 16. The method according to claim 13, wherein the critical resource comprises a plurality of registers, wherein the method comprises:
    - subjecting the controllability to a dependency on the check result of the response value of a sequence of polling values; and
      
      reading the sequence of polling values from different ones of the plurality of registers.
  - 17. The method according to claim 13, wherein the critical resource comprises a register, wherein the method comprises:
    - reading the polling value from the register and writing back the response value to the register so as to serve as polling value for a next transmission to the processing unit.
  - 18. The method according to claim 13, comprising:
    - subjecting the controllability to a dependency on the check result of the response value of a sequence of polling values.
  - 19. The method according to claim 13, wherein subjecting the controllability to a dependency on the check result comprises counting a number of accesses of the processing unit to the critical resource during the critical resource being unlocked, so as to automatically lock upon the number of accesses exceeding a predetermined value.
  - 20. The method according to claim 13, wherein subjecting the controllability to a dependency on the check result comprises measuring a time duration of the critical resource being unlocked, so as to automatically lock upon the time duration exceeding a predetermined value.

21. A non-transitory computer-readable storage medium storing program instructions which when executed by a computational system protects the computational system against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked,the program instructions comprising:
- first program code for causing the computational system to execute processing of intermittently transmitting a polling value from the critical resource to the processing unit;
  
  second program code for causing the computational system to execute processing of applying a transformation onto the polling value so as to obtain a response value;
  
  third program code for causing the computational system to execute processing of sending the response value from the processing unit back to the critical resource;
  
  forth program code for causing the computational system to execute processing of checking the response value on correctness so as to obtain a check result; and
  
  fifth program code for causing the computational system to execute processing of subjecting the controllability of the critical resource to a dependency on the check result.

22. An integrated chip comprising a central processing unit and a cryptographic peripheral, the cryptographic peripheral being controllable by the central processing unit so as to be locked or unlocked,wherein the cryptographic peripheral is configured to intermittently transmit a polling value to the central processing unit, the central processing unit being configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the cryptographic peripheral, and the cryptographic peripheral being configured to check the response value on correctness so as to obtain a check result, and subject the controllability to a dependency on the check result,wherein the central processing unit is configured to control the cryptographic peripheral so as to be locked if the cryptographic peripheral is not required by a program executed on the central processing unit, and unlocked if the cryptographic peripheral is required by the program executed on the central processing unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
Gammel, Berndt, Felicijan, Tomaz, Mangard, Stefan

Granted Patent

US 9,195,857 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/192
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2221/2103   Challenge-response

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 9/004   for fault attacks

Computational System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Computational System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links