Dynamic configuration of a secure processing unit for operations in various environments

US 5,883,956 A
Filed: 03/28/1996
Issued: 03/16/1999
Est. Priority Date: 03/28/1996
Status: Expired due to Term

First Claim

Patent Images

1. A data structure for a cryptographically secure processing unit (SPU) stored in a computer readable memory comprising:

a capability table specifying functions that can be executed by said SPU;

a first field related to a time period for which said table is valid; and

a second field authenticating said capability table and said first field.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique to dynamically configure a Secure Processing Unit (SPU) chip in a secure manner using a capability table, which defines the functions that an SPU can perform. The capability table employs a digital signature to ensure the authenticity of the source and contents of the table. It also contains information which identifies the SPU for which the table is intended and a time-stamp indicating the time by which the table must be loaded into an SPU.

Citations

39 Claims

1. A data structure for a cryptographically secure processing unit (SPU) stored in a computer readable memory comprising:
- a capability table specifying functions that can be executed by said SPU;
  
  a first field related to a time period for which said table is valid; and
  
  a second field authenticating said capability table and said first field.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The data structure of claim 1 wherein said first field comprises a time-stamp.
  - 3. The data structure of claim 1 wherein said first field comprises a version number corresponding to a current version of said capability table.
  - 4. The data structure of claim 1 wherein said second field comprises a digital signature produced by a trusted authority.
  - 5. The data structure of claim 1 wherein said second field comprises a data string chosen by a trusted authority.
  - 6. The data structure of claim 1 wherein said second field comprises an authentication code generated from said capability table and said first field.
  - 7. The SPU of claim 1 wherein said SPU comprises a single integrated circuit device.
  - 8. The data structure of claim 1 wherein said SPU is an element of a system comprising a plurality of electronic devices.

9. A data structure for a cryptographically secure processing unit (SPU) stored in a computer readable memory comprising:
- a capability table specifying functions that can be executed by said SPU;
  
  a first field identifying said SPU;
  
  a second field related to a time period for which said table is valid; and
  
  a third field authenticating the source and content of said capability table, said first field, and said second field.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The data structure of claim 9 wherein said second field comprises a time-stamp.
  - 11. The data structure of claim 9 wherein said second field comprises a version number corresponding to a current version of said capability table.
  - 12. The data structure of claim 9 wherein said third field comprises a digital signature produced by a trusted authority.
  - 13. The data structure of claim 9 wherein said third field comprises a data string chosen by a trusted authority.
  - 14. The data structure of claim 9 wherein said third field comprises an authentication code generated from said capability table, said first field and said second field.
  - 15. The data structure of claim 9 wherein said first field contains information which uniquely identifies said SPU.
  - 16. The data structure of claim 15 wherein said information is the serial number of said SPU.
  - 17. The SPU of claim 9 wherein said SPU comprises a single integrated circuit.
  - 18. The data structure of claim 9 wherein said SPU is an element of a system comprising a plurality of electronic devices.

19. A method of configuring a cryptographically secure processing unit (SPU) comprising the steps of:
- (a) encoding a security policy for said SPU in a capability table stored in a computer readable memory;
  
  (b) appending to said table a first field related to a time period for which said table is valid;
  
  (c) appending to said table a second field authenticating the source and content of said table; and
  
  (d) transmitting said table and said appended fields to said SPU.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The method of claim 19 wherein said first field comprises a time-stamp.
  - 21. The method of claim 19 wherein said first field comprises a version number corresponding to a current version of said capability table.
  - 22. The method of claim 19 wherein said authentication field comprises a digital signature produced by a trusted authority.
  - 23. The method of claim 19 wherein said second field comprises a data string chosen by a trusted authority.
  - 24. The method of claim 19 wherein said second field comprises an authentication code generated from said capability table.
  - 25. The method of claim 19, comprising the further step of:
    - checking a function to be executed against said capability table to verify that said function is enabled before said function can be executed.
  - 26. The method of claim 19 wherein said SPU is an element of a system comprising a plurality of electronic devices.

27. A method of configuring a cryptographically secure processing unit (SPU) comprising the steps of:
- (a) encoding a security policy for said SPU in a capability table stored in a computer readable memory;
  
  (b) appending to said table a first field identifying said table;
  
  (c) appending to said table a second field related to a time period for which said table is valid;
  
  (d) appending to said table a third field authenticating the source and content of said table; and
  
  (e) transmitting said table and said appended fields to said SPU.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The method of claim 27 wherein said first field contains information which uniquely identifies said SPU.
  - 29. The method of claim 28 wherein said information is the serial number of said SPU.
  - 30. The method of claim 27 wherein said second field comprises a time-stamp.
  - 31. The method of claim 27 wherein said second field comprises a version number corresponding to a current version of said capability table.
  - 32. The method of claim 27 wherein said third field comprises a digital signature produced by a trusted authority.
  - 33. The method of claim 27 wherein said third field comprises a data string chosen by a trusted authority.
  - 34. The method of claim 27 wherein said third field comprises an authentication code generated from said capability table.
  - 35. The method of claim 27, comprising the further steps of:
    - (a) receiving said table and said appended fields in said SPU;
      
      (b) verifying said first field and third field;
      
      (c) comparing said second field with the clock value of said SPU; and
      
      (d) loading said table in a secure memory of said SPU.
  - 36. The method of claim 35, comprising the further step of:
    - checking a function to be executed against said capability table to verify that said function is enabled before said the function can be executed.
  - 37. The method of claim 27, comprising the further steps of:
    - (a) receiving said table and said appended fields in said SPU;
      
      (b) verifying said first field and third field;
      
      (c) comparing said second field with a value stored in said SPU; and
      
      (d) loading said table in a secure memory of said SPU.
  - 38. The method of claim 37, comprising the further step of:
    - checking a function to be executed against said capability table to verify that said function is enabled before said the function can be executed.
  - 39. The method of claim 27 wherein said SPU is an element of a system comprising a plurality of electronic devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National Semiconductor Corporation (Texas Instruments, Inc.)
Original Assignee
National Semiconductor Corporation (Texas Instruments, Inc.)
Inventors
Le, An Van, Sweet, William B., Herbert, Howard Crompton
Primary Examiner(s)
Biegel, Ronald
Assistant Examiner(s)
AMROZOWICZ, PAUL DOUGLAS

Application Number

US08/625,537
Time in Patent Office

1,083 Days
Field of Search

380/21, 380/23, 380/25, 380/59, 380/4, 380/52
US Class Current

713/170
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/572   Secure firmware programming...

G06F 21/71   to assure secure computing ...

G06F 21/76   in application-specific int...

G06F 2207/7219   Countermeasures against sid...

H04L 9/3247   involving digital signatures

H04L 9/3297   involving time stamps, e.g....

Dynamic configuration of a secure processing unit for operations in various environments

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic configuration of a secure processing unit for operations in various environments

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links