Secure processor with external memory using block chaining and block re-ordering

US 6,061,449 A
Filed: 10/10/1997
Issued: 05/09/2000
Est. Priority Date: 10/10/1997
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for processing program information, comprising:

a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information;

an external storage device which is adapted to store the program information external to said secure circuit;

a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and

a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;

wherein;

the first block chain comprises authentication data derived from the group of blocks of program information; and

said secure circuit comprises an authentication circuit that is responsive to said at least one block buffer for processing the first block chain to verify the authentication data thereof prior to the program information being communicated to the CPU.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A scrambled data transmission is descrambled by communicating encrypted program information and authentication information between an external storage device and block buffers of a secure circuit. The program information is communicated in block chains to reduce the overhead of the authentication information. The program information is communicated a block at a time, or even a chain at a time, and stored temporarily in block buffers and a cache, then provided to a CPU to be processed. The blocks may be stored in the external storage device according to a scrambled address signal, and the bytes, blocks, and chains may be further randomly re-ordered and communicated to the block buffers non-sequentially to obfuscate the processing sequence of the program information. Program information may be also be communicated from the secure circuit to the external memory. The program information need not be encrypted but only authenticated for security.

461 Citations

53 Claims

1. An apparatus for processing program information, comprising:
- a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information;
  
  an external storage device which is adapted to store the program information external to said secure circuit;
  
  a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and
  
  a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
  
  wherein;
  
  the first block chain comprises authentication data derived from the group of blocks of program information; and
  
  said secure circuit comprises an authentication circuit that is responsive to said at least one block buffer for processing the first block chain to verify the authentication data thereof prior to the program information being communicated to the CPU.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The apparatus of claim 1, wherein:
    - said block chain is a simple block chain such that said group of blocks in said first block chain are processed substantially in parallel by said authentication circuit.
  - 3. The apparatus of claim 1, wherein:
    - said first block chain and a subsequent second block chain of said program information are communicated between the external storage device and said at least one block buffer; and
      
      said authentication circuit is adapted to authenticate at least a portion of the program information of said first block chain while at least a portion of said second block chain is being communicated over said first communication path.
  - 4. The apparatus of claim 1, wherein:
    - said first communication path is adapted to communicate blocks of program information from said storage device to said at least one buffer in a second chain; and
      
      said authentication circuit is adapted to authenticate program information from at least a portion of said first block chain and at least a portion of said second chain substantially concurrently.
  - 5. The apparatus of claim 1, further comprising:
    - a cache arranged in said second communication path which is adapted to temporarily store the authenticated program information before the authenticated program information is provided to said CPU.
  - 6. The apparatus of claim 1, further comprising:
    - means for detecting an illegal operational code in the program information.
  - 7. The apparatus of claim 1, wherein:
    - at least part of said program information is hashed to provide said block chain.
  - 8. The apparatus of claim 1, further comprising:
    - address generating means for providing addressing information to the external storage device for communicating said blocks of program information from the external storage device to said at least one block buffer in a desired sequence.
  - 9. The apparatus of claim 1, wherein said program information comprises a plurality of strings which are to be processed in succession by said CPU.
  - 10. The apparatus of claim 1, wherein:
    - said blocks of program information are stored in non-sequential storage address locations of the external storage device.
  - 11. The apparatus of claim 1, wherein:
    - chains of said program information with randomly varying lengths are communicated from the external storage device to said at least one block buffer.
  - 12. The apparatus of claim 11, further comprising:
    - address generating means for providing addressing information to the external storage device for communicating said blocks of program information from the external storage device to said at least one block buffer in a desired sequence;
      
      wherein;
      
      the randomly varying lengths are determined according to said addressing information.
  - 13. The apparatus of claim 1, further comprising:
    - means for providing a substantially random block-wise re-ordering of said first block chain, and random re-ordering of a block of said first block chain to communicate a re-ordered chain from the external storage device to said at least one block buffer.
  - 14. The apparatus of claim 1, wherein:
    - said program information comprises dummy data which is not processed by the CPU.
  - 15. The apparatus of claim 1, wherein:
    - said program information stored in the external storage device is encrypted;
      
      said secure circuit comprises a decryption circuit which is responsive to said at least one block buffer for decrypting the encrypted program information; and
      
      said second communication path is adapted to communicate the decrypted program information from the decryption circuit to the CPU for processing therein.
  - 16. The apparatus of claim 15, wherein:
    - said first block chain and a subsequent second block chain of said program information are communicated between the external storage device and said at least one block buffer; and
      
      said decryption circuit is adapted to decrypt at least a portion of the program information of said first block chain while at least a portion of said second block chain is being communicated over said first communication path.
  - 17. The apparatus of claim 15, wherein:
    - said first communication path is adapted to communicate blocks of program information from said storage device to said at least one buffer in a second chain; and
      
      said decryption circuit is adapted to decrypt program information from at least a portion of said first block chain and at least a portion of said second chain concurrently.
  - 18. The apparatus of claim 15, further comprising:
    - a cache arranged in said second communication path which is adapted to temporarily store the decrypted program information before the decrypted program information is provided to said CPU.
  - 19. The apparatus of claim 15, wherein:
    - said first block chain is a cipher block chain.
  - 20. The apparatus of claim 1, further comprising:
    - a third communication path which is adapted to communicate a group of blocks of program information from said secure circuit to said external storage device in a second block chain.
  - 21. The apparatus of claim 20, further comprising:
    - an encryption circuit for encrypting the program information for the second block chain.
  - 22. The apparatus of claim 21, wherein said encryption circuit is conditionally responsive to address information to allow a clear mode for the program information for the second block chain.
  - 23. The apparatus of claim 20, further comprising:
    - an authentication circuit for authenticating the program information for the second block chain.
  - 24. The apparatus of claim 23, wherein said authentication circuit is conditionally responsive to address information to allow a clear mode for the program information for the second block chain.
  - 25. The apparatus of claim 20, further comprising:
    - a re-sequencing circuit for randomly re-ordering the program information for the second block chain.
  - 26. The apparatus of claim 20, further comprising:
    - a dummy-data insertion circuit for adding dummy-data to the program information for the second block chain.
  - 27. The apparatus of claim 1, wherein a plurality of chains of program information are communicated from the external storage device to said secure circuit in a randomly varying sequence.

28. An apparatus for communicating program information, comprising:
- a secure circuit for providing said program information;
  
  an external storage device which is adapted to store the program information external to said secure circuit; and
  
  a first communication path which is adapted to communicate a group of blocks of said program information from said secure circuit to the external storage device in a first block chain;
  
  wherein;
  
  units of said program information are communicated from said secure circuit to the external storage device using randomly varying sequences.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 29. The apparatus of claim 28, wherein:
    - said program information comprises authentication data; and
      
      said secure circuit comprises an authentication circuit for providing said authentication data.
  - 30. The apparatus of claim 29, wherein:
    - said block chain is a simple block chain such that said group of blocks in said first block chain are processed in parallel by said authentication circuit to provide said authentication data.
  - 31. The apparatus of claim 29, wherein:
    - said authentication circuit hashes at least part of the program information to provide said authentication data.
  - 32. The apparatus of claim 28, further comprising:
    - address generating means for providing addressing information to the external storage device for communicating said blocks of program information from said secure circuit to the external storage device in a desired sequence.
  - 33. The apparatus of claim 28, wherein:
    - said blocks of program information are stored in the external storage device in scrambled storage locations.
  - 34. The apparatus of claim 28, wherein:
    - units of said program information with randomly varying lengths are communicated from said secure circuit to the external storage device.
  - 35. The apparatus of claim 28, further comprising:
    - means for providing at least one of (a) random block-wise re-ordering of said first block chain, and (b) random re-ordering of a block of said first block chain to communicate a re-ordered chain from said secure circuit to the external storage device.
  - 36. The apparatus of claim 28, wherein:
    - units of said program information are communicated from said secure circuit to the external storage device using randomly varying lengths.
  - 37. The apparatus of claim 28, wherein:
    - said program information comprises dummy data which was not processed by the CPU.
  - 38. The apparatus of claim 28, wherein said program information is provided in block chains.
  - 39. The apparatus of claim 28, wherein:
    - said secure circuit comprises an encryption circuit for encrypting said program information; and
      
      said first communication path is adapted to communicate the encrypted program information from the encryption circuit to the external storage device.
  - 40. The apparatus of claim 39, wherein:
    - said block chain is a cipher block chain.
  - 41. The apparatus of claim 28, further comprising:
    - a communication path which is adapted to communicate a group of blocks of program information from said external storage device to said secure circuit in a second block chain.
  - 42. The apparatus of claim 41, wherein the program information stored in said external storage device is encrypted, said secure circuit further comprising:
    - a decryption circuit for decrypting the encrypted program information in the second block chain.

43. A method for processing program information, comprising the steps of:
- storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer;
  
  storing the program information external to said secure circuit in an external storage device;
  
  communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and
  
  communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
  
  wherein;
  
  the first block chain comprises authentication data derived from the group of blocks of program information; and
  
  said secure circuit comprises an authentication circuit that is responsive to said at least one block buffer for processing the first block chain to verify the authentication data thereof prior to the program information being communicated to the CPU.

44. An apparatus for processing program information, comprising:
- a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information;
  
  an external storage device which is adapted to store the program information external to said secure circuit;
  
  a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and
  
  a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
  
  wherein;
  
  units of said program information are communicated from the external storage device to said at least one block buffer using randomly varying sequences.
- View Dependent Claims (45)
- - 45. The apparatus of claim 44, wherein said units of program information comprise block chains.

46. An apparatus for processing program information, comprising:
- a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information;
  
  an external storage device which is adapted to store the program information external to said secure circuit;
  
  a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and
  
  a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
  
  wherein;
  
  a plurality of units of program information is communicated from the external storage device to said secure circuit in units of varying length; and
  
  the length of each unit is determined according to a processing latency of the associated program information of the respective units.

47. An apparatus for processing program information, comprising:
- a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information;
  
  an external storage device which is adapted to store the program information external to said secure circuit;
  
  a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain;
  
  a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
  
  a third communication path which is adapted to communicate a group of blocks of program information from said secure circuit to said external storage device in a second block chain; and
  
  a length determination circuit for randomly varying the length of units of the program information for the second block chain.

48. An apparatus for processing program information, comprising:
- a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information;
  
  an external storage device which is adapted to store the program information external to said secure circuit;
  
  a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and
  
  a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
  
  wherein;
  
  said program information comprises a plurality of strings of instructions which are to be executed by said CPU in a first sequence;
  
  said secure circuit includes a re-ordering means;
  
  in said first block chain, the strings of instructions are provided in a second sequence that differs from the first sequence; and
  
  said re-ordering means are associated with the at least one block buffer for re-ordering the strings of instructions to the first sequence.

49. An apparatus for communicating program information, comprising:
- a secure circuit for providing said program information;
  
  an external storage device which is adapted to store the program information external to said secure circuit; and
  
  a first communication path which is adapted to communicate a group of blocks of said program information from said secure circuit to the external storage device in a first block chain;
  
  wherein a plurality of chains of program information are communicated from said secure circuit to the external storage device in a randomly varying sequence.

50. A method for processing program information, comprising the steps of:
- storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer;
  
  storing the program information external to said secure circuit in an external storage device;
  
  communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and
  
  communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
  
  wherein;
  
  units of said program information are communicated from the external storage device to said at least one block buffer using randomly varying sequences.

51. A method for processing program information, comprising the steps of:
- storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer;
  
  storing the program information external to said secure circuit in an external storage device;
  
  communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and
  
  communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
  
  wherein;
  
  a plurality of units of program information is communicated from the external storage device to said secure circuit in units of varying length; and
  
  the length of each unit is determined according to a processing latency of the associated program information of the respective units.

52. A method for processing program information, comprising the steps of:
- storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer;
  
  storing the program information external to said secure circuit in an external storage device;
  
  communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and
  
  communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
  
  communicating a group of blocks of program information from said secure circuit to said external storage device in a second block chain via a third communication path; and
  
  randomly varying the length of units of the program information for the second block chain in accordance with a length determination circuit.

53. A method for processing program information, comprising the steps of:
- storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer;
  
  storing the program information external to said secure circuit in an external storage device;
  
  communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and
  
  communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
  
  wherein;
  
  said program information comprises a plurality of strings of instructions which are to be executed by said CPU in a first sequence;
  
  in said first block chain, the strings of instructions are provided in a second sequence that differs from the first sequence; and
  
  said secure circuit includes a re-ordering means that is associated with the at least one block buffer for re-ordering the strings of instructions to the first sequence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Candelore, Brant, Sprunk, Eric
Primary Examiner(s)
Hayes, Gail O.
Assistant Examiner(s)
Tucker, Christopher M.

Application Number

US08/949,111
Time in Patent Office

942 Days
Field of Search

380/28, 380/4, 380/36, 380/28.36
US Class Current

380/28
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/14   against software analysis o...

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

G06F 21/78   to assure secure storage of...

G06F 2207/7219   Countermeasures against sid...

Secure processor with external memory using block chaining and block re-ordering

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

461 Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Secure processor with external memory using block chaining and block re-ordering

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

461 Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links