Secure processor with external memory using block chaining and block re-ordering
First Claim
1. An apparatus for processing program information, comprising:
- a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information;
an external storage device which is adapted to store the program information external to said secure circuit;
a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and
a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
wherein;
the first block chain comprises authentication data derived from the group of blocks of program information; and
said secure circuit comprises an authentication circuit that is responsive to said at least one block buffer for processing the first block chain to verify the authentication data thereof prior to the program information being communicated to the CPU.
5 Assignments
0 Petitions
Accused Products
Abstract
A scrambled data transmission is descrambled by communicating encrypted program information and authentication information between an external storage device and block buffers of a secure circuit. The program information is communicated in block chains to reduce the overhead of the authentication information. The program information is communicated a block at a time, or even a chain at a time, and stored temporarily in block buffers and a cache, then provided to a CPU to be processed. The blocks may be stored in the external storage device according to a scrambled address signal, and the bytes, blocks, and chains may be further randomly re-ordered and communicated to the block buffers non-sequentially to obfuscate the processing sequence of the program information. Program information may be also be communicated from the secure circuit to the external memory. The program information need not be encrypted but only authenticated for security.
461 Citations
53 Claims
-
1. An apparatus for processing program information, comprising:
-
a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information; an external storage device which is adapted to store the program information external to said secure circuit; a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
wherein;the first block chain comprises authentication data derived from the group of blocks of program information; and said secure circuit comprises an authentication circuit that is responsive to said at least one block buffer for processing the first block chain to verify the authentication data thereof prior to the program information being communicated to the CPU. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An apparatus for communicating program information, comprising:
-
a secure circuit for providing said program information; an external storage device which is adapted to store the program information external to said secure circuit; and a first communication path which is adapted to communicate a group of blocks of said program information from said secure circuit to the external storage device in a first block chain;
wherein;units of said program information are communicated from said secure circuit to the external storage device using randomly varying sequences. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method for processing program information, comprising the steps of:
-
storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer; storing the program information external to said secure circuit in an external storage device; communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
wherein;the first block chain comprises authentication data derived from the group of blocks of program information; and said secure circuit comprises an authentication circuit that is responsive to said at least one block buffer for processing the first block chain to verify the authentication data thereof prior to the program information being communicated to the CPU.
-
-
44. An apparatus for processing program information, comprising:
-
a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information; an external storage device which is adapted to store the program information external to said secure circuit; a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
wherein;units of said program information are communicated from the external storage device to said at least one block buffer using randomly varying sequences. - View Dependent Claims (45)
-
-
46. An apparatus for processing program information, comprising:
-
a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information; an external storage device which is adapted to store the program information external to said secure circuit; a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
wherein;a plurality of units of program information is communicated from the external storage device to said secure circuit in units of varying length; and the length of each unit is determined according to a processing latency of the associated program information of the respective units.
-
-
47. An apparatus for processing program information, comprising:
-
a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information; an external storage device which is adapted to store the program information external to said secure circuit; a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein; a third communication path which is adapted to communicate a group of blocks of program information from said secure circuit to said external storage device in a second block chain; and a length determination circuit for randomly varying the length of units of the program information for the second block chain.
-
-
48. An apparatus for processing program information, comprising:
-
a secure circuit including a central processing unit (CPU) and at least one block buffer for storing at least one block of the program information; an external storage device which is adapted to store the program information external to said secure circuit; a first communication path which is adapted to communicate a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain; and a second communication path which is adapted to communicate the program information from the at least one block buffer to the CPU for processing therein;
wherein;said program information comprises a plurality of strings of instructions which are to be executed by said CPU in a first sequence; said secure circuit includes a re-ordering means; in said first block chain, the strings of instructions are provided in a second sequence that differs from the first sequence; and said re-ordering means are associated with the at least one block buffer for re-ordering the strings of instructions to the first sequence.
-
-
49. An apparatus for communicating program information, comprising:
-
a secure circuit for providing said program information; an external storage device which is adapted to store the program information external to said secure circuit; and a first communication path which is adapted to communicate a group of blocks of said program information from said secure circuit to the external storage device in a first block chain; wherein a plurality of chains of program information are communicated from said secure circuit to the external storage device in a randomly varying sequence.
-
-
50. A method for processing program information, comprising the steps of:
-
storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer; storing the program information external to said secure circuit in an external storage device; communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
wherein;units of said program information are communicated from the external storage device to said at least one block buffer using randomly varying sequences.
-
-
51. A method for processing program information, comprising the steps of:
-
storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer; storing the program information external to said secure circuit in an external storage device; communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
wherein;a plurality of units of program information is communicated from the external storage device to said secure circuit in units of varying length; and the length of each unit is determined according to a processing latency of the associated program information of the respective units.
-
-
52. A method for processing program information, comprising the steps of:
-
storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer; storing the program information external to said secure circuit in an external storage device; communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path; communicating a group of blocks of program information from said secure circuit to said external storage device in a second block chain via a third communication path; and randomly varying the length of units of the program information for the second block chain in accordance with a length determination circuit.
-
-
53. A method for processing program information, comprising the steps of:
-
storing at least one block of the program information in a secure circuit that includes a central processing unit (CPU) and at least one block buffer; storing the program information external to said secure circuit in an external storage device; communicating a group of blocks of said program information from said external storage device to said at least one block buffer in a first block chain via a first communication path; and communicating the program information from the at least one block buffer to the CPU for processing therein via a second communication path;
wherein;said program information comprises a plurality of strings of instructions which are to be executed by said CPU in a first sequence; in said first block chain, the strings of instructions are provided in a second sequence that differs from the first sequence; and said secure circuit includes a re-ordering means that is associated with the at least one block buffer for re-ordering the strings of instructions to the first sequence.
-
Specification