System for seamless processing of encrypted and non-encrypted data and instructions
First Claim
1. A data processing ssytem for processing both encrypted and non-encrypted data and instructions, said system including a secure physical region in accessible to a user of said system, said system comprising:
- internal memory means positioned internally within said secure physical region, for storing decrypted and non-encrypted digital information;
external memory means positioned external to said secure physical region, for storing an instruction to access a private key within said secure physical region for use in decrypting an encrypted master key;
interface means in said secure physical region for decrypting said encrypted master key through the use of an accessed private key and for decrypting information encrypted with a said master key;
segment register means in said secure physical region for maintaining a record of active memory segments and for associating decrypted master keys therewith; and
a central processor within said secure physical region for accessing segments of both non-encrypted and encrypted information stored in addresses in said external memroy means and for causing said interface means to employ a said decrypted master key, that is associated in said segment register means with an address that has been accessed, to decrypt information from said address and to store decrypted information in said itnernal memory means and, in the case of non-encrypted information from said external memory means, to directly store said information in said internal memory means.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing system includes an internal cache memory in a secure physical region that is not accessible to a user of the system. An external memory is positioned outside of the secure physical region and stores encrypted and non-encrypted (i.e., plaintext) data and instructions. An instruction enables access of a private key contained within the secure physical region which is used to decrypt an encrypted master key that accompanies encrypted data and instructions. An interface circuit in the secure physical region decrypts each encrypted master key through the use of the private key and also decrypts encrypted data and instructions associated with each decrypted master key. A central processor accesses segments of both non-encrypted and encrypted data and instructions from the external memory and causes the interface circuit to employ a decrypted master key to decrypt data and instructions and to store the decrypted information in the internal memory cache. Non-encrypted data and instructions are directly stored in the internal memory cache.
284 Citations
15 Claims
-
1. A data processing ssytem for processing both encrypted and non-encrypted data and instructions, said system including a secure physical region in accessible to a user of said system, said system comprising:
-
internal memory means positioned internally within said secure physical region, for storing decrypted and non-encrypted digital information; external memory means positioned external to said secure physical region, for storing an instruction to access a private key within said secure physical region for use in decrypting an encrypted master key; interface means in said secure physical region for decrypting said encrypted master key through the use of an accessed private key and for decrypting information encrypted with a said master key; segment register means in said secure physical region for maintaining a record of active memory segments and for associating decrypted master keys therewith; and a central processor within said secure physical region for accessing segments of both non-encrypted and encrypted information stored in addresses in said external memroy means and for causing said interface means to employ a said decrypted master key, that is associated in said segment register means with an address that has been accessed, to decrypt information from said address and to store decrypted information in said itnernal memory means and, in the case of non-encrypted information from said external memory means, to directly store said information in said internal memory means. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. In a data processing system that processes both encrypted and non-encrypted data and instructions, said system including a secure physical region inaccessible to a user of said system, a method for assuring seamless processing of both encrypted and non-encrypted digital information comprising:
-
storing in said secure physical region decrypted and non-encrypted digital information; storing in external memory means external to said secure physical region, an instruction to access a private key within said secure physical region for use in decrypting an encrypted master key; decrypting in an interface means in said secure physical region, said encrypted master key through the use of an accessed private key and decrypting information encrypted with a said master key; maintaining in a segment register means in said secure physical region, a record of active memory segments and associated decrypted master keys; accessing within said secure physical region segments of both non-encrypted and encrypted information stored in addresses in said external memory means; causing said interface means to employ a said decrypted master key that is associated in said segment register means with an address that has been accessed, to decrypt information from a said address; and storing said decyrpted information in said internal memory means and, in the case of non-encrypted information from said external memory means, storing said information in said internal memory means. - View Dependent Claims (13, 14, 15)
-
Specification