Control function with multiple security states for facilitating secure operation of an integrated system

US 7,089,419 B2
Filed: 04/18/2002
Issued: 08/08/2006
Est. Priority Date: 04/18/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for facilitating secure operation of an integrated device chip, the method comprising:

initially programming a data access controller by a master of the integrated device chip for secure operation, wherein the data access controller and the master are both disposed within the integrated device chip;

after initial programming, passing a request for data through the data access controller;

selectively qualifying the request for data passing through the data access controller in accordance with a security state of the data access controller determined pursuant to at least one security parameter set during the initial programming of the data access controller by the master of the integrated device chip, wherein the security state of the data access controller comprises one state of multiple possible security states; and

wherein the request for data comprises a request for boot code, and the security state comprises a secured state, and wherein the selectively qualifying includes;

replacing a standard boot code address associated with the request for boot code with a substitute boot code address held at the data access controller when in the secured state, wherein the substitute boot code address can be employed to access an encrypted version of boot code; and

decrypting the encrypted version of boot code prior to return thereof to a functional master initiating the request for boot code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is provided for facilitating secure operation of an integrated system. The technique includes passing a request for data through a data access controller incorporated within the integrated system, and selectively qualifying the request in accordance with a security state of the controller. The security state of the controller is one state of multiple possible security states, including a null state and a secured state. In the secured state, the controller replaces a standard boot code address associated with a request for boot code with a substitute boot code address. The substitute boot code address addresses an encrypted version of boot code, which is then decrypted by the controller employing a master key set held at the controller. When transitioning to the null state, the master key set is erased.

89 Citations

View as Search Results

16 Claims

1. A method for facilitating secure operation of an integrated device chip, the method comprising:
- initially programming a data access controller by a master of the integrated device chip for secure operation, wherein the data access controller and the master are both disposed within the integrated device chip;
  
  after initial programming, passing a request for data through the data access controller;
  
  selectively qualifying the request for data passing through the data access controller in accordance with a security state of the data access controller determined pursuant to at least one security parameter set during the initial programming of the data access controller by the master of the integrated device chip, wherein the security state of the data access controller comprises one state of multiple possible security states; and
  
  wherein the request for data comprises a request for boot code, and the security state comprises a secured state, and wherein the selectively qualifying includes;
  
  replacing a standard boot code address associated with the request for boot code with a substitute boot code address held at the data access controller when in the secured state, wherein the substitute boot code address can be employed to access an encrypted version of boot code; and
  
  decrypting the encrypted version of boot code prior to return thereof to a functional master initiating the request for boot code.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the decrypting includes employing a master key set held at the data access controller when in the secured state.
  - 3. The method of claim 2, wherein an additional state of the multiple possible security states comprises a null state, and wherein the method further includes transitioning the security state of the data access controller to the null state responsive to tampering occuring with the integrated device or with a computing environment within which the integrated device resides, wherein the transitioning includes erasing the master key set from the data access controller, thereby inhibiting retrieval and decryption of the encrypted version of boot code.
  - 4. The method of claim 3, wherein when the security state comprises the null state, the request for boot code is passed through the data access controller and accesses an open version of recovery code, wherein the open version of recovery code is different and functionally more limiting than the decrypted encrypted version of boot code obtained when the security state comprises the secured state.
  - 5. The method of claim 1, wherein the request for data comprises a request for boot code, and wherein the selectively qualifying comprises providing an address of a version of boot code to be employed during initialization of the integrated device, the version of boot code to be employed during initialization being dependent on the security state of the data access controller.

6. A method of fabricating an integrated device chip to facilitate secure operation thereof, the method comprising:
- providing, by a device manufacturer, an integrated device chip with a data access controller and master for selectively qualifying a request for data from a functional master within the integrated device chip, wherein the data access controller comprises multiple possible security states, and wherein the providing includes initially providing the data access controller in a null state of the multiple possible security states;
  
  assembling, by a system manufacturer, the integrated device chip into a computing environment, wherein the assembling includes writing a master key set and a substitute boot address to persistent storage within the data access controller of the integrated device chip for use in the selectively qualifying, initially programming at least one security parameter for the data access controller by the master of the integrated device for secure operation, and initiating transition of the data access controller to a secured state determined pursuant to the at least one security parameter set during initial programming of the data access controller by the master of the integrated device chip, the secured state comprising another state of the multiple possible security states; and
  
  wherein when in the secured state, the data access controller selectively qualifies requests for data passing therethrough, and wherein when a request for data comprises a request for boot code, the selectively qualifying includes replacing a standard boot code address associated with the request for boot code with a substitute boot code address held by the data access controller, wherein the substitute boot code address can be employed to access an encrypted version of boot code, and decrypting the encrypted version of boot code prior of return thereof to a functional master of the integrated device initiating the request for boot code.

7. A system for facilitating secure operation of an integrated device chip, the system comprising:
- means for initially programming a data access controller by a master of the integrated device chip for secure operation, wherein the data access controller and the master are both disposed within the integrated device chip;
  
  means for passing a request for data through the data access controller, the data access controller receiving the request for data from a functional master of the integrated device chip;
  
  wherein the data access controller comprises means for selectively qualifying the request for data received by the data access controller in accordance with a security state of the data access controller determined pursuant to at least one security parameter set during the initial programming of the data access controller by the master of the integrated device chip, wherein the security state of the data access controller comprises one state of multiple possible security states; and
  
  wherein the request for data comprises a request for boot code, and the security state comprises a secured state, and wherein the means for selectively qualifying includes;
  
  means for replacing a standard boot code address associated with the request for boot code with a substitute boot code address held at the data access controller when in the secured state, wherein the substitute boot code address can be employed to access an encrypted version of boot code; and
  
  means for decrypting the encrypted version of boot code prior to return thereof to a functional master initiating the request for boot code.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein the means for decrypting includes means for employing a master key set held at the data access controller when in the secured state.
  - 9. The system of claim 8, wherein an additional state of the multiple possible security states comprises a null state, and wherein the system further includes means for transitioning the security state of the data access controller to the null state responsive to tampering occuring with the integrated device or with a computing environment within which the integrated device resides, wherein the means for transitioning includes means for erasing the master key set from the data access controller, thereby inhibiting retrieval and decryption of the encrypted version of boot code.
  - 10. The system of claim 9, wherein when the security state comprises the null state, the request for boot code is passed through the data access controller and accesses an open version of recovery code, wherein the open version of recovery code is different and functionally more limiting than the decrypted encrypted version of boot code obtained when the security state comprises the secured state.
  - 11. The system of claim 7, wherein the request for data comprises a request for boot code, and wherein the means for selectively qualifying comprises means for providing an address of a version of boot code to be employed during initialization of the integrated device, the version of boot code to be employed during initialization being dependent on the security state of the data access controller.

12. At least one program storage device readable by a machine, tangibly embodying at least one program of instructions executable by the machine to perform a method for facilitating secure operation of an integrated device chip, the method comprising:
- initially programming a data access controller by a master of the integrated device chip for secure operation, wherein the data access controller and the master are both disposed within the integrated device chip;
  
  after initial programming, passing a request for data through the data access controller;
  
  selectively qualifying the request for data passing through the data access controller in accordance with a security state of the data access controller determined pursuant to at least one security parameter set during the initial programming of the data access controller by the master of the integrated device chip, wherein the security state of the data access controller comprises one state of multiple possible security states;
  
  wherein the request for data comprises a request for boot code, and the security state comprises a secured state, and wherein the selectively qualifying includes;
  
  replacing a standard boot code address associated with the request for boot code with a substitute boot code address held at the data access controller when in the secured state, wherein the substitute boot code address can be employed to access an encrypted version of boot code; and
  
  decrypting the encrypted version of boot code prior to return thereof to a functional master initiating the request for boot code.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The at least one program storage device of claim 12, wherein the decrypting includes employing a master key set held at the data access controller when in the secured state.
  - 14. The at least one program storage device of claim 13, wherein an additional state of the multiple possible security states comprises a null state, and wherein the method further includes transitioning the security state of the data access controller to the null state responsive to tampering occuring with the integrated device or with a computing environment within which the integrated device resides, wherein the transitioning includes erasing the master key set from the data access controller, thereby inhibiting retrieval and decryption of the encrypted version of boot code.
  - 15. The at least one program storage device of claim 14, wherein when the security state comprises the null state, the request for boot code is passed through the data access controller and accesses an open version of recovery code, wherein the open version of recovery code is different and functionally more limiting than the decrypted encrypted version of boot code obtained when the security state comprises the secured state.
  - 16. The at least one program storage device of claim 12, wherein the request for data comprises a request for boot code, and wherein the selectively qualifying comprises providing an address of a version of boot code to be employed during initialization of the integrated device, the version of boot code to be employed during initialization being dependent on the security state of the data access controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hall, William E., Rosu, Marcel-Catalin, Foster, Eric M.
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
ABYANEH, ALI S

Application Number

US10/125,115
Publication Number

US 20030200453A1
Time in Patent Office

1,573 Days
Field of Search

713/166, 713/189, 713/2
US Class Current

713/166
CPC Class Codes

G06F 21/575 Secure boot

G06F 2221/2105 Dual mode as a secondary as...

Control function with multiple security states for facilitating secure operation of an integrated system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Control function with multiple security states for facilitating secure operation of an integrated system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links