Programmable distributed personal security
First Claim
Patent Images
1. A system for processing and storing sensitive information, including messages received and generated by the system and keys used to encrypt and decrypt the messages, and securing the information against potential attacks, the system comprising:
- (a) a cryptographic engine for performing cryptographic operations on messages using a first key;
(b) one or more detectors for detecting events characteristic of an attack;
(c) a plurality of potential responses to detected events; and
(d) a programmable filter for correlating detected events with one or more operational factors and for selecting and invoking one or more responses based upon the correlation.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is embodied in a Secured Processing Unit (SPU) chip, a microprocessor designed especially for secure data processing. By integrating keys, encryption/decryption engines and algorithms in the SPU, the entire security process is rendered portable and easily distributed across physical boundaries. The invention is based on the orchestration of three interrelated systems: (i) detectors, which alert the SPU to the existence, and help characterize the nature, of a security attack; (ii) filters, which correlate the data from the various detectors, weighing the severity of the attack against the risk to the SPU'"'"'s integrity, both to its secret data and to the design itself; and (iii) responses, which are countermeasures, calculated by the filters to be most appropriate under the circumstances, to deal with the attack or attacks present. The present invention, with wide capability in all three of the detectors, filters and responses, allows a great degree of flexibility for programming an appropriate level of security/policy into an SPU-based application.
-
Citations
14 Claims
-
1. A system for processing and storing sensitive information, including messages received and generated by the system and keys used to encrypt and decrypt the messages, and securing the information against potential attacks, the system comprising:
-
(a) a cryptographic engine for performing cryptographic operations on messages using a first key; (b) one or more detectors for detecting events characteristic of an attack; (c) a plurality of potential responses to detected events; and (d) a programmable filter for correlating detected events with one or more operational factors and for selecting and invoking one or more responses based upon the correlation.
-
-
2. A secure cryptographic chip for processing and storing sensitive information, including messages received and generated by the chip and keys used to encrypt and decrypt the messages, and for securing the information against potential attacks, the chip comprising:
-
(a) a cryptographic engine for performing cryptographic operations on messages using a first key; (b) one or more detectors for detecting events characteristic of an attack; and (c) a plurality of potential responses to detected events, whereby sensitive information is unencrypted only on the chip, where it is secure from attack. - View Dependent Claims (3)
-
-
4. A method for processing and storing sensitive information, including messages and keys used to encrypt and decrypt the messages, and for securing the information against potential attacks, the method comprising the following steps:
-
(a) performing cryptographic operations on messages using a first key; (b) detecting one or more events characteristic of an attack; and (c) responding to the detected events, whereby sensitive information is unencrypted only on the chip, where it is secure from attack. - View Dependent Claims (5)
-
-
6. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) an internal system clock for synchronizing functions performed on the chip; and (b) an external signal synchronizer for synchronizing to the internal system clock all asynchronous external signals received by the chip, whereby the chip cannot be placed in an unknown state due to the receipt of asynchronous external signals. - View Dependent Claims (7)
-
-
8. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) an internal bus for transferring information among components of the chip; (b) an input/output port for transferring information between internal components of the chip and external devices; and (c) a bus monitor for periodically comparing the contents of the input/output port before and after the transfer of information along the internal bus, whereby the chip can detect unauthorized rerouting, to the input/output port, of sensitive information transferred along the internal bus. - View Dependent Claims (9)
-
-
10. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a real time clock controlled by an external clock crystal having a substantially consistent external clock frequency; (b) an internal system clock for synchronizing functions performed on the chip, the internal system clock cycle frequency within a predetermined range of accuracy; and (c) a clock integrity check for (i) causing the chip to perform a reference operation requiring a predetermined number of internal clock cycles and a predetermined range of expected external clock cycles based upon the range of accuracy of the internal system clock; and (ii) determining, from the number of internal clock cycles elapsed per actual external clock cycle during the performance of the reference operation, whether the number of elapsed actual external clock cycles lies within the range of expected external clock cycles, whereby the chip can detect unauthorized tampering with the external clock frequency.
-
-
11. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a real time clock controlled by an external clock crystal having a substantially consistent external clock frequency, the real time clock having a counter for counting the number of elapsed external clock cycles; (b) a rollover detector for detecting whether the real time clock counter rolled over; and (c) a rollover bit, set upon detecting that the real time clock counter rolled over, whereby, if the rollover bit is set during an operation not expected to require a sufficient number of external clock cycles to cause the counter to roll over, the chip will detect unauthorized tampering with the external clock frequency.
-
-
12. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a rewritable memory for storing sensitive information; (b) a power loss detector for detecting that the loss of both system and battery power is imminent; and (c) a VRT bit for indicating the sufficiency of system and battery power following the loading of sensitive information into the rewritable memory, the VRT bit set upon the loading of the sensitive information into the rewritable memory and reset upon the detection of power loss, whereby the chip can detect the need to save the sensitive information prior to the actual loss of both system and batter power. - View Dependent Claims (13)
-
-
14. A secure chip for processing sensitive information and securing the information against potential attacks, the chip comprising:
-
(a) a rewritable memory for storing sensitive information having a substantially constant value; (b) a memory inverter for periodically inverting the contents of each cell of the rewritable memory; and (c) a memory state bit for indicating whether the contents of each cell of the rewritable memory are in their actual state, or in the inverted state, whereby the contents of the rewritable memory contain effectively no residual indication of the constant value of the sensitive information.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNational Semiconductor Corporation (Texas Instruments, Inc.)
-
Original AssigneeNational Semiconductor Corporation (Texas Instruments, Inc.)
-
InventorsDavis, Timothy D., Duncan, Richard L., Shay, Michael J., Force, Gordon, Norcross, Thomas M., Short, Timothy A.
-
Primary Examiner(s)Cain, David C.
-
Application NumberUS08/267,788Time in Patent Office735 DaysField of Search380/3, 380/4, 380/52US Class Current713/189CPC Class CodesG06F 21/109 by using specially-adapted ...G06F 21/572 Secure firmware programming...G06F 21/71 to assure secure computing ...G06F 21/725 operating on a secure refer...G06F 21/77 in smart cardsG06F 21/81 by operating on the power s...G06F 21/86 Secure or tamper-resistant ...G06F 2221/2101 Auditing as a secondary aspectG06F 2221/2135 MeteringG06F 2221/2153 Using hardware token as a s...H04L 2209/56 Financial cryptography, e.g...H04L 9/002 Countermeasures against att...H04L 9/0897 involving additional device...H04L 9/12 Transmitting and receiving ...
