Cryptographically protected paging subsystem

US 5,757,919 A
Filed: 12/12/1996
Issued: 05/26/1998
Est. Priority Date: 12/12/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising the steps of:

generating an integrity check value for an outgoing page within a physically secure environment, the physically secure environment containing a processor and a memory;

nstoring the integrity check value for the outgoing page;

encrypting the outgoing page resulting in an encrypted page; and

exporting the encrypted page to a storage unit outside the secure execution environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for maintaining integrity and confidentiality of pages paged to an external storage unit from a physically secure environment. An outgoing page is selected to be exported from a physically secure environment to an insecure environment. An integrity check value is generated and stored for the outgoing page. In one embodiment, this takes the form of taking a one-way hash of the page using a well-known one-way hash function. The outgoing page is then encrypted using a cryptographically strong encryption algorithm. Among the algorithms that might be used in one embodiment of the invention are IDEA and DES. The encrypted outgoing page is then exported to the external storage. By virtue of the encryption and integrity check, the security of the data on the outgoing page is maintained in the insecure environment.

426 Citations

24 Claims

1. A method comprising the steps of:
- generating an integrity check value for an outgoing page within a physically secure environment, the physically secure environment containing a processor and a memory;
  
  nstoring the integrity check value for the outgoing page;
  
  encrypting the outgoing page resulting in an encrypted page; and
  
  exporting the encrypted page to a storage unit outside the secure execution environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising the steps of:
    - importing an encrypted incoming page from a storage unit outside the secure execution environment;
      
      decrypting the incoming page;
      
      calculating an integrity check value for the incoming page; and
      
      comparing the integrity check value of the incoming page with a previously stored integrity check value corresponding to the incoming page.
  - 3. The method of claim 1 wherein the encrypted page is encrypted using a symmetric encryption algorithm.
  - 4. The method of claim 3 further comprising the step of:
    - retrieving a random key for use in the encrypting step.
  - 5. The method of claim 4 wherein every page related to a single application is encrypted using a same key.
  - 6. The method of claim 4 wherein a different key is generated for every outgoing page.
  - 7. The method of claim 4 further comprising the step of:
    - storing the key in a table in the secure memory.
  - 8. The method of claim 1 wherein the step of generating comprises the steps of:
    - one way hashing the outgoing page; and
      
      storing a predetermined portion of a hash value of the outgoing page in a location within the physically secure environment.
  - 9. The method of claim 8 wherein the location is pointed to by a pointer in a field of a page table entry corresponding to the outgoing page.
  - 10. The method of claim 8 wherein the predetermined portion is the whole hash value.

11. A system for maintaining security in a paging subsystem comprising:
- a bus;
  
  a secure processor coupled to a secure memory within a physically secure environment;
  
  an insecure storage unit in an insecure environment outside the physically secure environment and coupled to the physically secure environment by the bus;
  
  an interface within the physically secure environment and coupled between the bus and the secure processor, the interface encrypting and generating an integrity check value for a page exported to the insecure storaged unit, the interface decrypting and integrity checking the page when the page is imported back into the physically secure environment; and
  
  a page table exportable from the secure memory, the page table storing one of the integrity check value and a pointer to the integrity check value.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11 wherein the interface comprises:
    - an integrity check engine; and
      
      an encryption engine coupled to the integrity check engine.
  - 13. The system of claim 12 wherein a portion of the secure memory stores a predetermined portion of a one-way hash value of an outgoing page generated by the integrity check engine responsive to the export of the outgoing page.
  - 14. The system of claim 12 wherein the interface further comprises:
    - a random number generator coupled to the bus to generate an encryption key.
  - 15. The system of claim 14 further comprising:
    - a key storage area storing a key corresponding to each page that has been exported from the interface.
  - 16. The system of claim 12 wherein the encryption engine implements a symmetric bulk encryption algorithm.
  - 17. The system of claim 12 wherein the encryption engine is a symmetric encryption engine.
  - 18. The system of claim 17 wherein the interface further comprises an asymmetric encryption engine.
  - 19. The system of claim 12 wherein the secure environment resides on a single chip.
  - 20. The system of claim 11 further comprising:
    - an insecure host processor coupled to the bus.

21. A method of introducing a software for use in a secure environment comprising the steps of:
- generating an encryption key;
  
  reading into the secure environment a page from the software to be introduced;
  
  hashing the page to generate an integrity check value;
  
  encrypting the page using the encryption key; and
  
  exporting the page as encrypted to an external storage unit in an insecure environment.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21 further comprising the steps of:
    - verifying thet a valid digital signature exists on the software; and
      
      invalidating the introduction if no valid digital signature exists.
  - 23. The method of claim 22 wherein the step of verifying comprises:
    - maintaining a first overall hash of the software as the software is introduced;
      
      decrypting a second overall hash encrypted by a software originator using a public key and an asymmetric algorithm; and
      
      comparing the first overall hash to the second overall hash.

24. A method of insuring integrity of a page paging between a physically secure environment and an insecure environment comprising the steps of:
- generating an outgoing integrity check value for an outgoing page;
  
  storing an outgoing integrity check value for the outgoing page generating an incoming integrity check value when the page is paged in; and
  
  comparing the outgoing integrity check value with the incoming integrity check value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Herbert, Howard C., Davis, Derek L.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/764,154
Time in Patent Office

530 Days
Field of Search

380/4, 380/21, 380/23, 380/25, 380/28, 380/29, 380/30, 380/46, 380/49, 380/50
US Class Current

713/187
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/64   Protecting data integrity, ...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/79   in semiconductor storage me...

G06F 21/85   interconnection devices, e....

G06F 21/86   Secure or tamper-resistant ...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Cryptographically protected paging subsystem

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

426 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographically protected paging subsystem

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

426 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links