Secure execution of program instructions provided by network interactions with processor
First Claim
Patent Images
1. A particularly configurable processor for processing computer programs which are selectively operable on said particularly configurable processor, comprising:
- a memory defining a storage location for a key;
an instruction decoder programmably configured for decoding encrypted instruction op codes when supplied with key information from said memory, without decrypting the encrypted op codes into standard op codes; and
circuitry for terminating decoding in the absence of timely receipt of additional key information.
2 Assignments
0 Petitions
Accused Products
Abstract
A CPU is provided with an ability to modify its operation in accordance with an encryption key. When a program is compiled, the program is modified in order that execution may be performed with the CPU with its operation modified. As a result, it is unnecessary to decrypt the program into standard op codes prior to execution. The keyed program operation permits secure transfer of program data through open channels such as the Internet. A programmable instruction decoder programmable decodes encrypted instruction op codes, without decrypting them into standard op codes. Logic is used to accomplish network handshaking. The network handshaking further used to provide additional key information for continued operation the CPU.
123 Citations
43 Claims
-
1. A particularly configurable processor for processing computer programs which are selectively operable on said particularly configurable processor, comprising:
-
a memory defining a storage location for a key;
an instruction decoder programmably configured for decoding encrypted instruction op codes when supplied with key information from said memory, without decrypting the encrypted op codes into standard op codes; and
circuitry for terminating decoding in the absence of timely receipt of additional key information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
the key is stored in more than one memory cell type including a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (E2PROM), and a Random Access Memory (RAM); and
a serial number in ROM which participates in allocation of logic gates and routing of signals, and communicated to the compiler to inform the compiler of custom allocation and routing.
-
-
5. The processor of claim 1, wherein an output register for data results is able to contain both correct results and plausible wrong results, the results in word locations in the output register coordinated by the key.
-
6. The processor of claim 1, further comprising:
-
program instruction op codes provided in a pipeline architecture; and
an information key established as instruction security commands at a plurality of steps in said pipeline architecture, wherein an arithmetic logic unit (ALU) provides variability of logic circuitry for execution of encrypted op codes or standard op codes that provide standard instruction operation types.
-
-
7. The processor of claim 1, wherein:
-
the key includes bits optionally expanded into a larger set of bits which control the instruction decoder, signal routing, and logic gate reconfiguration; and
the key provides a capability of controlling signal routing, and logic gate reconfiguration.
-
-
8. The processor of claim 7, further comprising an output register for data results able to contain both correct results and plausible wrong results which are in word locations in the output register coordinated by the key.
-
9. The processor of claim 8, further comprising:
-
a plurality of reconfigurable logic gates able to calculate results of execution of an instruction;
said plurality of the logic gates including provisions for accepting correct data operands and plausible wrong data operands; and
said plurality of the logic gates including provisions for outputting correct results along with plausible wrong results.
-
-
10. The processor of claim 9, wherein:
-
a plurality of the memories are dispersed within a layout;
a plurality of reconfigurable logic gates able to calculate results of execution of an instruction;
said plurality of the logic gates including provisions for accepting correct data operands and plausible wrong data operands; and
said plurality of the logic gates including provisions for outputting correct results along with plausible wrong results.
-
-
11. The processor of claim 1, further comprising:
-
the key providing a capability of re-allocating memory resources and register resources;
a serial number in ROM which participates in allocation of logic gates and routing of signals; and
the serial number used in combination with the key in providing said capability.
-
-
12. The processor of claim 1, wherein variations of data numeric representations are coordinated by the key and the encrypted instruction op codes.
-
13. The processor of claim 1, wherein an instruction buffer contains logic which can route a subset of the instruction bits from bit location in the buffer to destination logic circuitry which reach a programmable instruction decoder and an instruction buffer interdependency checking logic block.
-
14. The processor of claim 1, further comprising:
-
logic circuitry configured to process data coded in various numeric representations and the logic circuitry able to accept results of the instruction execution using various numeric representations;
logic circuitry configured to immediately process said coded data; and
the data representation able to change several times during the execution of a program so that numeric encodings of input data operands and output data results can vary.
-
-
15. The processor of claim 1, further comprising:
-
program instruction op codes provided in a pipeline architecture; and
information keys established as instruction security commands at a plurality of steps in said pipeline architecture, wherein an arithmetic logic unit (ALU) provides variability of logic circuitry for execution of encrypted op codes or standard op codes that provide standard instruction operation types.
-
-
16. The processor of claim 1, wherein the logic circuitry is reconfigurable and including provisions for outputting correct results along with plausible wrong results.
-
17. The processor of claim 1, wherein data and instructions are provided to a computer via program information includes an intentional introduction of errors which are correctable with error correction algorithms, said correction algorithms pre-selected according to the key.
-
18. The processor of claim 17, further comprising:
-
an instruction buffer which contains logic which can route a subset of the instruction bits from bit location in the buffer to destination logic gates which reach a programmable instruction decoder and an instruction buffer interdependency checking logic block; and
said correction algorithms pre-selected according to long instruction words and changed on a periodic basis by codes provided in the instructions gathered into the instruction buffer.
-
-
19. The processor of claim 18, wherein instruction buffer interdependency checking logic includes any combination of the following:
-
multiplexers to select a subset of bits from each long instruction word in the instruction buffer to be logically combined to match a sequencer value;
a sequencer incremented at times determined by the key and which is reset upon the occurrence of the sequencer reset code in the instruction buffer;
distribution of bits for one encrypted op code across several long instruction words in the instruction buffer;
distribution of several encrypted op codes around the long instruction words in the instruction buffer;
a program counter which does not normally increment by one, but which increments by some other constant or variable amount determined by a serial number, the key, and the sequencer value so that encrypted op codes which will be used sequentially in time do not occur sequentially in the instruction buffer, and for which, the time sequential chosen op codes are selected by the multiplexer controlled by the key, the serial number, and the sequencer;
error correction circuits controlled by the key, sequencer, and supplementary error correcting codes received from the instruction buffer by means of the multiplexers; and
dependency validation codes received through the multiplexer of the instruction buffer checked by logic circuits that depend on the key, the serial number, instruction bits, and camouflage bits.
-
-
20. The processor of claim 17, wherein dependency validation codes received through the multiplexer of the instruction buffer are checked by logic circuits that depend on the key, a serial number, instruction bits, and camouflage bits so that incorrect validation bits provide an alarm.
-
21. The processor of claim 20, wherein upon receipt of said alarm, interdependency checking logic writes an audit code and is capable of terminating program execution.
-
22. The processor of claim 1, further comprising:
-
a plurality of storage locations for keys, with the keys further determining storage locations of satellite keys and satellite access flags, said locations intentionally varied;
key-dependent storage of remote access approval flags, the remote access approval flags encoded so as to obscure the locations of said approval flags;
the instruction decoder programmably configured for using a null key for a default unencrypted instruction set; and
the instruction decoder programmably configured for selecting from any of several stored keys so that several independent encrypted and unencrypted programs may be executed sequentially by installing each different key when needed, which also reallocates memory and register resources that are securely partitioned from each other.
-
-
23. Method for processing computer programs selectively operable on one or more selected individual processors, comprising:
-
programming an instruction decoder to decode encrypted instruction op codes, without decrypting them into standard op codes;
using logic circuitry for requiring network handshaking; and
providing additional key information through the network handshaking, said additional key information required for continued operation. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
using the reconfigurable logic gates for calculating the results of execution of an instruction;
the calculation of results of the execution of an instruction including accepting correct data operands and plausible wrong data operands; and
outputting correct results along with plausible wrong results.
-
-
25. The method of claim 24, further comprising:
-
using at least a portion of the reconfigurable logic gates for calculating the results of the execution of an instruction;
using said portion of the logic gates for accepting correct data operands and plausible wrong data operands; and
using said portion of the logic gates for outputting correct results along with plausible wrong results.
-
-
26. The method of claim 24, further comprising:
-
providing a key shared with a compiler;
encrypting standard instruction op codes with the compiler using the key; and
expanding key bits in the key into a larger set of bits which control the instruction decoder, signal routing, and logic gate reconfiguration.
-
-
27. The method of claim 23, further comprising:
-
providing program instructions in a pipeline architecture; and
establishing information keys as instruction security commands at a plurality of steps in said pipeline architecture, wherein an arithmetic logic unit (ALU) provides variability of logic gates for execution of encrypted op codes or standard op codes that provide standard instruction operation types.
-
-
28. The method of claim 23, further comprising using the logic circuitry for requiring network handshaking on a periodic basis.
-
29. The method of claim 23, further comprising using the logic circuitry for requiring network handshaking periodically based on time of a previous network handshaking procedure.
-
30. The method of claim 23, further comprising:
-
providing a key shared with a compiler, the key used by the compiler to encrypt standard instruction op codes into encrypted instruction op codes; and
using the key to coordinate the variations of the data numeric representations and the encrypted instruction op codes.
-
-
31. The method of claim 30, further comprising using the key to provide a capability of re-allocating memory resources and register resources.
-
32. The method of claim 23, further comprising routing a subset of the instruction bits through an instruction buffer to destination logic gates, which reach a programmable instruction decoder and an instruction interdependency checking logic block.
-
33. The method of claim 23, further comprising providing a choice of using encrypted instruction op codes or standard instruction op codes.
-
34. The method of claim 23, further comprising:
-
providing a key shared with a compiler;
encrypting standard instruction op codes with the compiler using the key; and
providing data and instructions to a computer via program information including an intentional introduction of errors correctable with error correction algorithms, said correction algorithms pre-selected according to the key.
-
-
35. The method of claim 23, further comprising:
-
providing a key shared with a compiler;
encrypting standard instruction op codes with the compiler using the key;
providing data and instructions to the computer via program information includes an intentional introduction of errors which are correctable with error correction algorithms, said correction algorithms pre-selected according to the key and long instruction words; and
changing the correction algorithms on a periodic basis by codes hidden in the instructions gathered into an instruction buffer.
-
-
36. The method of claim 23, further comprising:
-
providing dependency validation codes buffer checked by logic circuits that depend on a key; and
in the case of incorrect validation bits, providing an alarm.
-
-
37. The method of claim 33, further comprising writing an audit code in response to said alarm and terminating program execution.
-
38. The method of claim 23, further comprising:
-
using logic for requiring network handshaking; and
further using the network handshaking to provide additional key information for continued operation.
-
-
39. Method for compiling computer programs for operability on selected ones of individual processors, comprising:
-
providing encrypted instruction op codes for execution by an instruction decoder to decode without decrypting into standard op codes; and
providing additional key information through network handshaking, said additional key information required for continued operation. - View Dependent Claims (40, 41, 42)
providing a key shared with a compiler; and
encrypting standard instruction op codes with the compiler using the key.
-
-
41. The method of claim 40, further comprising using a serial number in combination with the key.
-
42. The method of claim 39, further comprising:
-
providing dependency validation codes; and
in the case of incorrect validation bits, providing an alarm.
-
-
43. A particularly configurable processor for processing computer programs which are selectively operable on said particularly configurable processor, characterized by:
-
variable logic circuitry able to execute encrypted op codes; and
logic for requiring network handshaking, the network handshaking further used to enable continued operation.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeOracle America, Inc. (Oracle Corporation)
-
Original AssigneeSun Microsystems Incorporated (Oracle Corporation)
-
InventorsFolmsbee, Alan
-
Primary Examiner(s)Treat, William M.
-
Application NumberUS09/377,297Time in Patent Office797 DaysField of Search712/36, 712/37, 712/43, 712/208, 712/209, 712/220, 712/226, 712/229, 712/248, 713/187, 713/190, 711/164, 380/45, 380/281, 380/284US Class Current712/209CPC Class CodesG06F 21/101 by binding digital rights t...G06F 21/123 by using dedicated hardware...G06F 21/72 in cryptographic circuitsG06F 2207/7219 Countermeasures against sid...G06F 2211/007 Encryption, En-/decode, En-...G06F 9/30145 Instruction analysis, e.g. ...G06F 9/30178 of compressed or encrypted ...G06F 9/3867 using instruction pipelinesG09C 1/00 Apparatus or methods whereb...H04L 2209/12 Details relating to cryptog...H04L 2209/125 Parallelization or pipelini...H04L 2209/16 Obfuscation or hiding, e.g....H04L 2209/34 Encoding or coding, e.g. Hu...H04L 9/06 the encryption apparatus us...H04L 9/0844 with user authentication or...H04L 9/0894 Escrow, recovery or storing...
