Crypto microprocessor using block cipher
First Claim
1. A cryptographic apparatus for executing a computer program of instructions stored in enciphered form as a plurality of addressable blocks of enciphered program information, each block being stored at a location specified by a digital address, the apparatus comprising:
- means for storing an encryption key;
means for specifying a first digital address of a block of said enciphered program information, thereby addressing the block;
product block deciphering means for transforming in a plurality of steps said addressed block of enciphered program information to produce a block of deciphered information including an executable instruction and a second digital address, at least one step in said plurality of steps being controlled by said first digital address, and at least one step in said plurality of steps being controlled by said encryption key;
means for decoding and executing an instruction included in a block of said deciphered information; and
means for specifying the second digital address in said block of deciphered information so as to address a successor block of said enciphered program information which includes a successor instruction in enciphered form for deciphering by said deciphering means.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic microprocessor for processing data and executing programs which are stored in enciphered blocks to prevent unauthorized alteration and copying. Such a "crypto-microprocessor" deciphers the enciphered program and data blocks piecemeal as execution of the deciphered program proceeds. A product block cipher circuit makes each bit of a deciphered block a complicated function of each bit of an enciphered block, and each bit of an encryption key, and each bit of the digital address of the enciphered block. Combined use of block and byte deciphering is described. If a block of the enciphered program is altered, the crypto-microprocessor temporarily or permanently disables itself.
-
Citations
16 Claims
-
1. A cryptographic apparatus for executing a computer program of instructions stored in enciphered form as a plurality of addressable blocks of enciphered program information, each block being stored at a location specified by a digital address, the apparatus comprising:
-
means for storing an encryption key; means for specifying a first digital address of a block of said enciphered program information, thereby addressing the block; product block deciphering means for transforming in a plurality of steps said addressed block of enciphered program information to produce a block of deciphered information including an executable instruction and a second digital address, at least one step in said plurality of steps being controlled by said first digital address, and at least one step in said plurality of steps being controlled by said encryption key; means for decoding and executing an instruction included in a block of said deciphered information; and means for specifying the second digital address in said block of deciphered information so as to address a successor block of said enciphered program information which includes a successor instruction in enciphered form for deciphering by said deciphering means.
-
-
2. A cryptographic apparatus for executing a computer program of instructions stored in enciphered form as a plurality of addressable portions of enciphered information, each portion being stored at a location specified by a digital address, the apparatus comprising:
-
address register file means for storing a plurality of digital addresses, each address corresponding to at least one portion of said enciphered information; key register file means for storing a plurality of encryption keys, each key correponding to a digital address in said address register file; means for addressing a first portion of said enciphered information using a first digital address in said address register file; deciphering means for cryptographically transforming said addressed portion of enciphered information to produce a portion of deciphered information under control of the encryption key in said key register file corresponding to said first digital address, the portion of deciphered information including an executable instruction and a second digital address; means for executing an instruction included in a portion of said deciphered information; and means for addressing a successor portion of enciphered information for deciphering by said deciphering means in accordance with said second digital address.
-
-
3. A cryptographic apparatus for processing enciphered data and executing a computer program of instructions stored in enciphered form as a plurality of addressable portions of enciphered information, each portion being stored at a location specified by a digital address, the apparatus comprising:
-
address register file means for storing a plurality of digital addresses, each address corresponding to at least one portion of said enciphered information; key register file means for storing a plurality of encryption keys, each key corresponding to a digital address in said address register file; means for addressing a first portion of said enciphered information using a first digital address in said address register file; means for addressing a second portion of said enciphered information using a second digital address in said address register file; deciphering means for cryptographically transforming said first addressed portion to produce a first portion of deciphered information under control of the encryption key in said key register file corresponding to said first digital address, the the first portion of deciphered information including an executable instruction and a third digital address; deciphering means for cryptographically transforming said second addressed portion to produce a second portion of deciphered information under control of the encryption key in said key register file corresponding to said second digital address; means for executing an instruction included in said first portion of deciphered information so as to process data included in said second portion of deciphered information; and means for addressing a successor portion of enciphered information for deciphering by said deciphering means in accordance with said third digital address.
-
-
4. A device for ciphering a block of data bits stored in a plurality of blocks thereof, each block having a digital address, the ciphering device comprising:
-
means for specifying the digital address of a block of data bits in said plurality thereof; first product block ciphering means for transforming a first portion of said block of data bits to produce first substitute data; means for modifying a second portion of said block of data bits in accordance with said first substitute data to produce first modified data; second product block ciphering means for transforming said first modified data to produce second substitute data; means for modifying said first portion of said block of data bits in accordance with said second substitute data to produce second modified data; and means for controlling operation of at least one of said first and second product block ciphering means in accordance with the specified digital address of said block of data bits. - View Dependent Claims (5)
-
-
6. A device for ciphering a block of data bits stored in a plurality of blocks thereof, each block having a digital address, the ciphering device comprising:
-
means for specifying the digital address of a block of data bits in said plurality thereof; product block ciphering means for transforming a first portion of said block under control of the digital address of said block to produce first substitute data; means for modifying a second portion of said block in accordance with said first substitute data to produce first modified data; product block ciphering means for transforming said first modified data to produce second substitute data; means for modifying said first portion of said block in accordance with said second substitute data to produce second modified data, wherein said first and second modified data constitutes a product block cipher of said block of data bits.
-
-
7. A device for ciphering a block of data bits stored in a plurality of blocks thereof, each block having a digital address, the ciphering device comprising:
-
means for specifying the digital address of a block of data bits in said plurality thereof; product block ciphering means for transforming a first portion of said block to produce first substitute data; means for modifying a second portion of said block in accordance with said first substitute data to produce first modified data; product block ciphering means for transforming said first modified data under control of the digital address of said block to produce second substitute data; means for modifying said first portion of said addressed block in accordance with said second substitute data to produce second modified data, wherein said first and second modified data constitutes a product block cipher of said block of data bits.
-
-
8. A device for deciphering a block of enciphered information, the device comprising:
-
product block ciphering means for transforming multiple-bit argument data to produce multiple-bit product data in which each bit of product data is a function of every bit of argument data; means for presenting a first portion of said enciphered block as argument data to said product block ciphering means to produce first substitute data; means for modifying a second portion of said enciphered block in accordance with said first substitute data to produce first modified data; means for presenting said first modified data as argument data to said product block ciphering means to produce second substitute data; means for modifying said first portion of said enciphered block in accordance with said second substitute data to produce second modified data; means for presenting said second modified data as argument data to said product block ciphering means to produce third substitute data; means for modifying said first modified data in accordance with said third substitute data to produce third modified data; means for presenting said third modified data as argument data to said product block ciphering means to produce fourth substitute data; means for modifying said second modified data in accordance with said fourth substitute data to produce fourth modified data, wherein said third and fourth modified data constitute a deciphered block of information.
-
-
9. A device for deciphering a block of enciphered information, the device comprising:
-
means for storing a first digital key; means for storing a second digital key; product block ciphering means for transforming multiple-bit argument data to produce multiple-bit product data in which each bit of product data is a function of every bit of argument data; means for modifying a first portion of a block of enciphered information in accordance with said first digital key to produce first modified data; means for presenting said first modified data as argument data to said product block ciphering means to produce first substitute data; means for modifying a second portion of said block of enciphered information in accordance with said first substitute data to produce second modified data; means for presenting said second modified data as argument data to said product block ciphering means to produce second substitute data; means for modifying said first modified data in accordance with said second substitute data to produce third modified data; means for presenting said third modified data as argument data to said product block ciphering means to produce third substitute data; means for modifying said second modified data in accordance with said third substitute data to produce fourth modified data; means for modifying said fourth modified data in accordance with said second digital key to produce fifth modified data, wherein said third and fifth modified data constitute a block of deciphered information.
-
-
10. A cryptographic apparatus for executing a computer program of instructions stored as addressable blocks of enciphered program information, and for processing data stored as addressable bytes of enciphered information, each block and byte having a digital address, the apparatus comprising:
-
means for deciphering a block of said enciphered program information to produce a queue of deciphered instructions in said program; means for addressing in said queue a deciphered instruction having an executable portion and an address portion; means for generating from said address portion a digital address of a byte of enciphered data; means for scrambling said digital address to produce a scrambled address; means for combining said scrambled address with said byte of enciphered data to produce a byte of deciphered data; and means for decoding and executing said executable portion of said deciphered instruction to process said byte of deciphered information.
-
-
11. A cryptographic apparatus for executing a computer program of instructions stored in enciphered form as a plurality of addressable blocks of enciphered information, each block being stored at a location specified by a digital address, the apparatus comprising:
-
means for storing an encryption key; means for specifying a first digital address of a block of said enciphered information, thereby addressing the block; product block deciphering means for transforming in a plurality of steps said addressed block of enciphered information to produce a block of deciphered information including an executable instruction and a second digital address, at least one step in said plurality of steps being controlled by said first digital address, and at least one step in said plurality of steps being controlled by said encryption key; means for decoding and executing an instruction included in a block of said deciphered information; means for computing a third digital address from said second digital address; and means for obtaining a successor block of said enciphered information from a location specified by said third digital address for deciphering by said deciphering means.
-
-
12. A cryptographic apparatus for executing a computer program of instructions stored in enciphered form as a plurality of addressable portions of enciphered information, each portion being stored at a location specified by a digital address, the apparatus comprising:
-
address register file means for storing a plurality of digital addresses, each address corresponding to at least one portion of said enciphered information; key register file means for storing a plurality of encryption keys, each key corresponding to a digital address in said address register file; means for accepting password information; means for activating one of said encryption keys under control of said password information; means for addressing a first portion of said enciphered information using the digital address in said address register file corresponding to said activated key in said key register file; deciphering means for cryptographically transforming said addressed portion of enciphered information to produce a portion of deciphered information under control of said activated key, the portion of deciphered information including an executable instruction and a second digital address; means for executing an instruction included in a portion of said deciphered information; and means for addressing a successor portion of enciphered information for deciphering by said deciphering means in accordance with said second digital address.
-
-
13. A cryptographic apparatus for executing a computer program of instructions stored in enciphered form as a plurality of addressable blocks of enciphered information, each block being stored at a location specified by a digital address, the apparatus comprising:
-
means for storing an encryption key; means for specifying a first digital address of a block of said enciphered information, thereby addressing the block; means for storing an alternative block of enciphered patch information; product block deciphering means for transforming in a plurality of steps said block of patch information in lieu of said addressed block to produce a block of deciphered information including an executable instruction and a second digital address, at least one step in said plurality of steps being controlled by said first digital address, and at least one step in said plurality of steps being controlled by said encryption key; means for decoding and executing an instruction included in a block of said deciphered information; and means for obtaining a successor block of said enciphered information from a location specified by said second digital address for deciphering by said deciphering means.
-
-
14. A cryptographic apparatus for executing a multi-level security system of computer programs of instructions stored in enciphered form as a plurality of addressable portions of enciphered information, each portion being stored at a location specified by a digital address, the apparatus comprising:
-
address register file means for storing a plurality of digital addresses, each address corresponding to at least one portion of said enciphered information in one security level of the system; key register file means for storing a plurality of encryption keys, each key corresponding to a digital address in said address register file; security kernel means for selecting an encryption key in said key register file and for selecting a corresponding digital address in said address register file, thereby transferring program execution to a predetermined security level of said system; means for addressing a portion of said enciphered information using said selected digital address; deciphering means for cryptographically transforming said addressed portion of enciphered information to produce a portion of deciphered information under control of said selected encryption key and under control of said selected digital address, the portion of deciphered information including an executable instruction and a second digital address; means for executing an instruction included in a portion of said deciphered information; and means for addressing a successor portion of enciphered information for deciphering by said deciphering means in accordance with said second digital address.
-
-
15. A cryptographic microprocessor apparatus for executing a plurality of enciphered programs, each program being stored as a plurality of addressable portions of enciphered information, the apparatus comprising:
-
key register means for storing a plurality of encryption keys, each key corresponding to a program in said plurality of enciphered programs; means for selecting a deciphering key from said plurality of encryption keys as a function of activating information; means for deciphering a portion of said enciphered information under control of said deciphering key to produce a portion of deciphered program information including an executable instruction and a digital address; means for executing an instruction included in a portion of said deciphered information; and means for addressing a successor portion of said enciphered information in accordance with said digital address for deciphering by said deciphering means.
-
-
16. A cryptographic microprocessor apparatus for executing a plurality of enciphered programs, each program being stored as a plurality of addressable blocks of enciphered information, the apparatus comprising:
-
key register means for storing a plurality of encryption keys, each key corresponding to a program in said plurality of enciphered programs; means for selecting a deciphering key from said plurality of encryption keys as a function of activating information; means for specifying the digital address of a block of said enciphered information; means for deciphering said addressed block of enciphered information as a function of said digital address under control of said deciphering key to produce a block of deciphered program information including an executable instruction and a second digital address; means for executing an instruction included in a block of said deciphered information; and means for addressing a successor block of said enciphered information for deciphering by said deciphering means as a function of said second digital address.
-
Specification