Stored program system with protected memory and secure signature extraction
First Claim
1. A stored program system comprising a processor within an integrated circuit;
- a bus operatively coupled with the processor;
a memory within the integrated circuit and coupled with the bus from which the processor fetches instructions, said memory having contents;
protection means within the integrated circuit and operatively coupled with the memory and with the bus, said protection means rendering the memory not readily readable by a user;
input means within the integrated circuit receiving an input external to the integrated circuit and generating a signal indicative thereof;
signature extraction means within the integrated circuit and operatively coupled with the memory, said signature extraction means responsive to the signal for reading substantially all the contents of the memory via the bus and extracting a signature reflective thereof; and
output means within the integrated circuit and operatively coupled with the signature extraction means and responsive to extraction of the signature for communicating the signature external to the integrated circuit, wherein the signature extraction means comprises the processor executing a stored program stored within the memory, wherein the stored program comprises a routine evaluating a polynomial taking bytes of data from the memory as input, each byte having an address, the polynomial having at least one coefficient that is large relative to the value of the bytes, the stored program further comprising repeatedly subtracting a prime number smaller than the at least one coefficient.
8 Assignments
0 Petitions
Accused Products
Abstract
A controller contains software which, when triggered in some prearranged way such as assertion of an input to the controller, calculates a digital signature for the contents of the protected memory of the controller. The digital signature is preferably extracted from the contents of the memory with a function that varies greatly with even small changes to the memory contents. The function preferably is such that one cannot easily determine from the output what input generated the output. The function is preferably such that one cannot easily create a data set for input that yields any particular predetermined output. The circuitry generating the signature may be embedded in hardware of the controller so that its digital signature function is unknown even to the programmer writing the main body of code to be stored in the protected memory. With such a hardware configuration, it is possible to have a very high degree of confidence that the memory contents are what they are expected to be.
174 Citations
4 Claims
-
1. A stored program system comprising a processor within an integrated circuit;
-
a bus operatively coupled with the processor; a memory within the integrated circuit and coupled with the bus from which the processor fetches instructions, said memory having contents; protection means within the integrated circuit and operatively coupled with the memory and with the bus, said protection means rendering the memory not readily readable by a user; input means within the integrated circuit receiving an input external to the integrated circuit and generating a signal indicative thereof; signature extraction means within the integrated circuit and operatively coupled with the memory, said signature extraction means responsive to the signal for reading substantially all the contents of the memory via the bus and extracting a signature reflective thereof; and output means within the integrated circuit and operatively coupled with the signature extraction means and responsive to extraction of the signature for communicating the signature external to the integrated circuit, wherein the signature extraction means comprises the processor executing a stored program stored within the memory, wherein the stored program comprises a routine evaluating a polynomial taking bytes of data from the memory as input, each byte having an address, the polynomial having at least one coefficient that is large relative to the value of the bytes, the stored program further comprising repeatedly subtracting a prime number smaller than the at least one coefficient. - View Dependent Claims (2)
-
-
3. A stored program system comprising a processor within an integrated circuit;
-
a bus operatively coupled with the processor; a memory within the integrated circuit and coupled with the bus from which the processor fetches instructions, said memory having contents; protection means within the integrated circuit and operatively coupled with the memory and with the bus, said protection means rendering the memory not readily readable by a user; input means within the integrated circuit receiving an input external to the integrated circuit and generating a signal indicative thereof; signature extraction means within the integrated circuit and operatively coupled with the memory, said signature extraction means responsive to the signal for reading substantially all the contents of the memory via the bus and extracting a signature reflective thereof; and output means within the integrated circuit and operatively coupled with the signature extraction means and responsive to extraction of the signature for communicating the signature external to the integrated circuit, wherein the signature extraction means comprises circuitry within the integrated circuit and apart from the processor, wherein the circuitry evaluates a function comprising a polynomial taking bytes of data from the memory as input, the polynomial having at least one coefficient that is large relative to the value of the bytes, the function further comprising a modulo function with respect to a prime number smaller than the coefficient. - View Dependent Claims (4)
-
Specification