DATA PROCESSING DEVICE AND METHOD FOR PROTECTING A DATA PROCESSING DEVICE AGAINST ATTACKS

US 20170046280A1
Filed: 08/11/2016
Published: 02/16/2017
Est. Priority Date: 08/14/2015
Status: Abandoned Application

First Claim

Patent Images

1. A data processing device, comprising:

an instruction memory which is configured to store a computer program;

a processing unit which is configured to execute the computer program;

a program counter which is configured to specify a command of the computer program in the instruction memory as the next to be executed;

a call stack;

an encryption device which is configured to encrypt, when a subroutine is called in the computer program, a return address which specifies a command of the computer program in the instruction memory with which operations are to be continued after the execution of the subroutine, and to store the encrypted return address in the call stack;

a decryption device which is configured to read, after the execution of the subroutine, the encrypted return address from the call stack, to decrypt it and to set the program counter on the basis of the decrypted return address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing device may have an instruction memory which is configured to store a computer program, a processing unit which is configured to execute the computer program, a program counter which is configured to specify a command of the computer program in the instruction memory as the next to be executed, a call stack, an encryption device which is configured to encrypt, when a subroutine is called in the computer program, a return address which specifies a command of the computer program in the instruction memory with which operations are to continue after the execution of the subroutine, and to store the encrypted return address in the call stack and a decryption device which is configured to read, after the execution of the subroutine, the encrypted return address from the call stack, to decrypt it and to set the program counter on the basis of the decrypted return address.

Citations

20 Claims

1. A data processing device, comprising:
- an instruction memory which is configured to store a computer program;
  
  a processing unit which is configured to execute the computer program;
  
  a program counter which is configured to specify a command of the computer program in the instruction memory as the next to be executed;
  
  a call stack;
  
  an encryption device which is configured to encrypt, when a subroutine is called in the computer program, a return address which specifies a command of the computer program in the instruction memory with which operations are to be continued after the execution of the subroutine, and to store the encrypted return address in the call stack;
  
  a decryption device which is configured to read, after the execution of the subroutine, the encrypted return address from the call stack, to decrypt it and to set the program counter on the basis of the decrypted return address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The data processing device of claim 1,wherein the encryption device is configured to encrypt the return address by means of block encryption, and the decryption device is configured to decrypt the encrypted return address in accordance with the block encryption.
  - 3. The data processing device of claim 1,wherein the processing unit is an Arithmetic Logic Unit.
  - 4. The data processing device of claim 1, further comprising:
    - a Central Processing Unit which has the processing unit, the program counter, the encryption device and the decryption device.
  - 5. The data processing device of claim 1, further comprising:
    - a key generator which is configured to generate a cryptographic key;
      
      wherein the encryption device is configured to encrypt the return address by means of the cryptographic key.
  - 6. The data processing device of claim 5,wherein the encryption device is configured to encrypt, for each of a plurality of subroutine calls, the respective return address by means of the same cryptographic key.
  - 7. The data processing device of claim 5,wherein the key generator is configured to generate the cryptographic key when the data processing device is started.
  - 8. The data processing device of claim 1,wherein the encryption device is configured to encrypt the return address by means of a permutation substitution network.
  - 9. The data processing device of claim 1,wherein the encryption device is configured to encrypt, for a command which is to be currently executed, the address of the command following the current command in the instruction memory and, if the command which is to be currently executed is a subroutine call, to store the encrypted address as an encrypted return address in the call stack.
  - 10. The data processing device of claim 9,wherein the encryption device is configured to encrypt, for a command which is to be currently executed, the address of the command following the current command in the instruction memory, irrespective of whether the command which is to be currently executed is a subroutine call.
  - 11. The data processing device of claim 1,wherein the data processing device is a chip card module of a chip card.

12. A method for protecting a data processing device against attacks, the method comprising:
- executing a computer program from an instruction memory by means of a data processing device;
  
  encrypting, when a subroutine is called in the computer program, a return address which specifies a command of the computer program in the instruction memory with which operations are to be continued after the execution of the subroutine;
  
  storing the encrypted return address in a call stack;
  
  reading the encrypted return address from the call stack after the execution of the subroutine;
  
  decrypting the encrypted return address;
  
  setting a program counter of the data processing device which specifies a command of the computer program in the instruction memory as the next to be executed, on the basis of the decrypted return address.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12,wherein the encrypting comprises encrypting the return address by means of block encryption, and the decryption device is configured to decrypt the encrypted return address in accordance with the block encryption.
  - 14. The method of claim 12, further comprising:
    - generating a cryptographic key;
      
      wherein the encrypting comprises encrypting the return address by means of the cryptographic key.
  - 15. The method of claim 14,wherein the encrypting comprises encrypting, for each of a plurality of subroutine calls, the respective return address by means of the same cryptographic key.
  - 16. The method of claim 14,wherein the cryptographic key is generated when the data processing device is started.
  - 17. The method of claim 12,wherein the encrypting comprises encrypting the return address by means of a permutation substitution network.
  - 18. The method of claim 12,wherein the encrypting comprises encrypting, for a command which is to be currently executed, the address of the command following the current command in the instruction memory and, if the command which is to be currently executed is a subroutine call, storing the encrypted address as an encrypted return address in the call stack.
  - 19. The method of claim 18,wherein the encrypting comprises encrypting, for a command which is to be currently executed, the address of the command following the current command in the instruction memory, irrespective of whether the command which is to be currently executed is a subroutine call.
  - 20. The method of claim 12,wherein the data processing device is a chip card module of a chip card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
DRIESSEN, Benedikt

Application Number

US15/234,018
Publication Number

US 20170046280A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/52   during program execution, e...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2212/1052   Security improvement

G06F 2212/402   Encrypted data

DATA PROCESSING DEVICE AND METHOD FOR PROTECTING A DATA PROCESSING DEVICE AGAINST ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROCESSING DEVICE AND METHOD FOR PROTECTING A DATA PROCESSING DEVICE AGAINST ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links