Programmable distributed personal security
First Claim
1. A system for processing and storing sensitive information, including messages received and generated by the system and keys used to encrypt and decrypt the messages, and securing the information against potential attacks, the system comprising:
- (a) a cryptographic engine for performing cryptographic operations on messages using a first key;
(b) one or more detectors for detecting events characteristic of an attack;
(c) a plurality of potential responses to detected events; and
(d) a programmable filter for correlating detected events with one or more operational factors and for selecting and invoking one or more responses based upon the correlation.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is embodied in a Secured Processing Unit (SPU) chip, a microprocessor designed especially for secure data processing. By integrating keys, encryption/decryption engines and algorithms in the SPU, the entire security process is rendered portable and easily distributed across physical boundaries. The invention is based on the orchestration of three interrelated systems: (i) detectors, which alert the SPU to the existence, and help characterize the nature, of a security attack; (ii) filters, which correlate the data from the various detectors, weighing the severity of the attack against the risk to the SPU'"'"'s integrity, both to its secret data and to the design itself; and (iii) responses, which are countermeasures, calculated by the filters to be most appropriate under the circumstances, to deal with the attack or attacks present. The present invention, with wide capability in all three of the detectors, filters and responses, allows a great degree of flexibility for programming an appropriate level of security/policy into an SPU-based application.
-
Citations
14 Claims
-
1. A system for processing and storing sensitive information, including messages received and generated by the system and keys used to encrypt and decrypt the messages, and securing the information against potential attacks, the system comprising:
-
(a) a cryptographic engine for performing cryptographic operations on messages using a first key; (b) one or more detectors for detecting events characteristic of an attack; (c) a plurality of potential responses to detected events; and (d) a programmable filter for correlating detected events with one or more operational factors and for selecting and invoking one or more responses based upon the correlation.
-
-
2. A secure cryptographic chip for processing and storing sensitive information, including messages received and generated by the chip and keys used to encrypt and decrypt the messages, and for securing the information against potential attacks, the chip comprising:
-
(a) a cryptographic engine for performing cryptographic operations on messages using a first key; (b) one or more detectors for detecting events characteristic of an attack; and (c) a plurality of potential responses to detected events, whereby sensitive information is unencrypted only on the chip, where it is secure from attack. - View Dependent Claims (3)
-
-
4. A method for processing and storing sensitive information, including messages and keys used to encrypt and decrypt the messages, and for securing the information against potential attacks, the method comprising the following steps:
-
(a) performing cryptographic operations on messages using a first key; (b) detecting one or more events characteristic of an attack; and (c) responding to the detected events, whereby sensitive information is unencrypted only on the chip, where it is secure from attack. - View Dependent Claims (5)
-
-
6. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) an internal system clock for synchronizing functions performed on the chip; and (b) an external signal synchronizer for synchronizing to the internal system clock all asynchronous external signals received by the chip, whereby the chip cannot be placed in an unknown state due to the receipt of asynchronous external signals. - View Dependent Claims (7)
-
-
8. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) an internal bus for transferring information among components of the chip; (b) an input/output port for transferring information between internal components of the chip and external devices; and (c) a bus monitor for periodically comparing the contents of the input/output port before and after the transfer of information along the internal bus, whereby the chip can detect unauthorized rerouting, to the input/output port, of sensitive information transferred along the internal bus. - View Dependent Claims (9)
-
-
10. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a real time clock controlled by an external clock crystal having a substantially consistent external clock frequency; (b) an internal system clock for synchronizing functions performed on the chip, the internal system clock cycle frequency within a predetermined range of accuracy; and (c) a clock integrity check for (i) causing the chip to perform a reference operation requiring a predetermined number of internal clock cycles and a predetermined range of expected external clock cycles based upon the range of accuracy of the internal system clock; and (ii) determining, from the number of internal clock cycles elapsed per actual external clock cycle during the performance of the reference operation, whether the number of elapsed actual external clock cycles lies within the range of expected external clock cycles, whereby the chip can detect unauthorized tampering with the external clock frequency.
-
-
11. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a real time clock controlled by an external clock crystal having a substantially consistent external clock frequency, the real time clock having a counter for counting the number of elapsed external clock cycles; (b) a rollover detector for detecting whether the real time clock counter rolled over; and (c) a rollover bit, set upon detecting that the real time clock counter rolled over, whereby, if the rollover bit is set during an operation not expected to require a sufficient number of external clock cycles to cause the counter to roll over, the chip will detect unauthorized tampering with the external clock frequency.
-
-
12. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a rewritable memory for storing sensitive information; (b) a power loss detector for detecting that the loss of both system and battery power is imminent; and (c) a VRT bit for indicating the sufficiency of system and battery power following the loading of sensitive information into the rewritable memory, the VRT bit set upon the loading of the sensitive information into the rewritable memory and reset upon the detection of power loss, whereby the chip can detect the need to save the sensitive information prior to the actual loss of both system and batter power. - View Dependent Claims (13)
-
-
14. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a rewritable memory for storing sensitive information having a substantially constant value; (b) a memory inverter for periodically inverting the contents of each cell of the rewritable memory; and (c) a memory state bit for indicating whether the contents of each cell of the rewritable memory are in their actual state, or in the inverted state, whereby the contents of the rewritable memory contain effectively no residual indication of the constant value of the sensitive information.
-
Specification