Software cryptographic apparatus and method
First Claim
Patent Images
1. An improved software cryptographic apparatus in a data processing system including a program storage addressed by an instruction sequencer and an arithmetic logic unit for executing instructions accessed from the program storage, comprising:
- a key kernel store having a plurality of N storage locations for N key kernels, each said key kernel being an initial value of a deciphering sequence corresponding to one of a plurality of N definable sequential program segments stored in said program storage, each said program segment being a plurality of consecutive ones of said instructions;
a key generator having an input connected to the output of said key kernel storage and having a key bit stream output, for operating on one of said plurality of key kernels and generating a sequence of key bits corresponding to said one of said plurality of key kernels output from said key kernel storage;
an exclusive OR gate having a first input connected to said encrypted program bit stream line and a second input connected to said key bit stream line, for carrying out an exclusive OR function between corresponding bits from said encrypted program bit stream and from said key bit stream so as to produce a plain text program output;
said arithmetic logic unit having its control input connected to said output from said exclusive OR;
a branch instruction detector having an input connected to the output of said exclusive OR, for detecting the occurrence of a branch instruction from said program storage and outputting the destination address of the definable program segment to be branched to;
said instruction sequencer having a branch control input connected to the output of said branch detector;
a key address decoder having an input connected to the output of said branch detector and an output connected to an address input of said key kernel storage, for accessing the key kernel stored in said key kernel storage which corresponds to the destination address of the program instruction which is at the head of the definable program segment to which the program is branching;
said key kernel storage outputting in response to said key address decoder, a second key kernel to said key generator, which corresponds to said destination address of said second definable program segment, for generating a second key bit stream corresponding to the encrypted program bit stream output from said program storage upon accessing said second definable program segment;
whereby an encrypted program can be continuously decrypted while branching and interrupt operations occur.
1 Assignment
0 Petitions
Accused Products
Abstract
An improved software cryptographic apparatus and method are disclosed. The apparatus and method enables the encryption of the object code of a program so as to enable relocatable code operations. The apparatus and method will adapt program execution for a mixture of encrypted and nonencrypted code. A particular advantage of the apparatus and method is its accommodation of interrupts and branches while carrying out the cryptographic function.
-
Citations
3 Claims
-
1. An improved software cryptographic apparatus in a data processing system including a program storage addressed by an instruction sequencer and an arithmetic logic unit for executing instructions accessed from the program storage, comprising:
-
a key kernel store having a plurality of N storage locations for N key kernels, each said key kernel being an initial value of a deciphering sequence corresponding to one of a plurality of N definable sequential program segments stored in said program storage, each said program segment being a plurality of consecutive ones of said instructions; a key generator having an input connected to the output of said key kernel storage and having a key bit stream output, for operating on one of said plurality of key kernels and generating a sequence of key bits corresponding to said one of said plurality of key kernels output from said key kernel storage; an exclusive OR gate having a first input connected to said encrypted program bit stream line and a second input connected to said key bit stream line, for carrying out an exclusive OR function between corresponding bits from said encrypted program bit stream and from said key bit stream so as to produce a plain text program output; said arithmetic logic unit having its control input connected to said output from said exclusive OR; a branch instruction detector having an input connected to the output of said exclusive OR, for detecting the occurrence of a branch instruction from said program storage and outputting the destination address of the definable program segment to be branched to; said instruction sequencer having a branch control input connected to the output of said branch detector; a key address decoder having an input connected to the output of said branch detector and an output connected to an address input of said key kernel storage, for accessing the key kernel stored in said key kernel storage which corresponds to the destination address of the program instruction which is at the head of the definable program segment to which the program is branching; said key kernel storage outputting in response to said key address decoder, a second key kernel to said key generator, which corresponds to said destination address of said second definable program segment, for generating a second key bit stream corresponding to the encrypted program bit stream output from said program storage upon accessing said second definable program segment; whereby an encrypted program can be continuously decrypted while branching and interrupt operations occur.
-
-
2. An improved software cryptographic apparatus in a data processing system including a program storage addressed by an instruction sequencer and an arithmetic logic unit for executing instructions accessed from the program storage, comprising:
-
a key kernel store having a plurality of M storage locations for M key kernels, each said key kernel being an initial value of a deciphering sequence corresponding to one or more of a plurality of N definable sequential program segments stored in said program storage where N is greater than M, each said program segment being a plurality of consecutive ones of said instructions; a key generator having an input connected to the output of said key kernel storage and having a key bit stream output, for operating on one of said plurality of key kernels and generating a sequence of key bits corresponding to said one of said plurality of key kernels output from said key kernel storage; an exclusive OR gate having a first input connected to said encrypted program bit stream line and a second input connected to said key bit stream line, for carrying out an exclusive OR function between corresponding bits from said encrypted program bit stream and from said key bit stream so as to produce a plain text program output; said arithmetic logic unit having its control input connected to said output from said exclusive OR; a branch instruction detector having an input connected to the output of said exclusive OR, for detecting the occurrence of a branch instruction from said program storage and outputting the destination address of the definable program segment to be branched to; said instruction sequencer having a branch control input connected to the output of said branch detector; a key address decoder having an input connected to the output of said branch detector and an output connected to an address input of said key kernel storage, for accessing the key kernel stored in said key kernel storage which corresponds to the destination address of the program instruction which is at the head of the definable program segment to which the program is branching; said key kernel storage outputting in response to said key address decoder, a second key kernel to said key generator, which corresponds to said destination address of said second definable program segment, for generating a second key bit stream corresponding to the encrypted program bit stream output from said program storage upon accessing said second definable program segment; whereby an encrypted program can be continuously decrypted while branching and interrupt operations occur.
-
-
3. An improved software cryptographic method in a data processing system including a program storage addressed by an instruction sequencer and an arithmetic logic unit for executing instructions accessed from the program storage, comprising the steps of:
-
storing N key kernels in a key kernel store having a plurality of N storage locations, each said key kernel being an initial value of a deciphering sequence corresponding to one of a plurality of N definable sequential program segments stored in said program storage, each said program segment being a plurality of consecutive ones of said instructions; operating on one of said plurality of key kernels and generating a sequence of key bits corresponding to said one of said plurality of key kernels output from said key kernel storage, in a key generator having an input connected to the output of said key kernel storage and having a key bit stream output; carrying out an exclusive OR function between corresponding bits from said encrypted program bit stream and from said key bit stream so as to produce a plain text program output, in an exclusive OR gate having a first input connected to said encrypted program bit stream line and a second input connected to said key bit stream line; said arithmetic logic unit having its control input connected to said output from said exclusive OR; detecting the occurrence of a branch instruction from said program storage and outputting the destination address of the definable program segment to be branched to, in a branch instruction detector having an input connected to the output of said exclusive OR; said instruction sequencer having a branch control input connected to the output of said branch detector; accessing the key kernel stored in said key kernel storage which corresponds to the destination address of the program instruction which is at the head of the definable program segment to which the program is branching, in a key address decoder having an input connected to the output of said branch detector and an output connected to an address input of said key kernel storage; outputting from said key kernel storage in response to said key address decoder, a second key kernel to said key generator, which corresponds to said destination address of said second definable program segment, and generating a second key bit stream corresponding to the encrypted program bit stream output from said program storage upon accessing said second definable program segment; whereby an encrypted program can be continuously decrypted while branching and interrupt operations occur.
-
Specification