Secure transaction microcontroller with secure boot loader
First Claim
1. An integrated circuit, comprising:
- a processor;
a first amount of memory that stores a boot loader program;
a second amount of memory that stores an encryption key; and
tamper control circuitry that causes the encryption key to be erased before the boot loader program can be executed.
3 Assignments
0 Petitions
Accused Products
Abstract
A high security microcontroller (such as in a point of sale terminal) includes tamper control circuitry for detecting vulnerability conditions: a write to program memory before the sensitive financial information has been erased, a tamper detect condition, the enabling of a debugger, a power-up condition, an illegal temperature condition, an illegal supply voltage condition, an oscillator fail condition, and a battery removal condition. If the tamper control circuitry detects a vulnerability condition, then the memory where the sensitive financial information could be stored is erased before boot loader operation or debugger operation can be enabled. Upon power-up if a valid image is detected in program memory, then the boot loader is not executed and secure memory is not erased but rather the image is executed. The tamper control circuitry is a hardware state machine that is outside control of user-loaded software and is outside control of the debugger.
-
Citations
22 Claims
-
1. An integrated circuit, comprising:
-
a processor; a first amount of memory that stores a boot loader program; a second amount of memory that stores an encryption key; and tamper control circuitry that causes the encryption key to be erased before the boot loader program can be executed. - View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10)
-
-
4. An integrated circuit, comprising:
-
a processor; a first amount of memory that stores a boot loader program; a second amount of memory that stores an encryption key; tamper control circuitry that causes the encryption key to be erased before the boot loader program can be executed; and a debugger that can be enabled and disabled, wherein the tamper control circuitry detects an enabling of the debugger and in response thereto causes the encryption key to be erased from the second amount of memory.
-
-
11. An integrated circuit, comprising:
-
a processor; a first amount of memory that stores a boot loader program; a second amount of memory that stores an encryption key; tamper control circuitry that causes the encryption key to be erased before the boot loader program can be executed; and program memory, wherein the tamper control circuitry in response to a power-up condition determines whether a valid image is present in the program memory, and wherein if a valid image is determined to be present in program memory then the tamper control circuitry does not cause the key to be erased but rather causes the image to be executed by the processor.
-
-
12. A method, comprising:
-
(a) detecting a vulnerability condition on a microcontroller, the microcontroller storing an encryption key; (b) in response to said detecting in (a) automatically erasing said encryption key; and (c) only after said encryption key is erased in (b) executing a boot loader program on the microcontroller, wherein the boot loader program is stored on the microcontroller. - View Dependent Claims (13, 15, 17, 18)
-
-
14. A method, comprising:
-
(a) detecting a vulnerability condition on a microcontroller, the microcontroller storing an encryption key; (b) in response to the detecting in (a) automatically erasing the encryption key; and (c) only after the encryption key is erased in (b) executing a boot loader program on the microcontroller, wherein the boot loader program is stored on the microcontroller, wherein the microcontroller is part of a point of sale terminal, and wherein the vulnerability condition is an enabling of a debugger of the microcontroller.
-
-
16. A method, comprising:
-
(a) detecting a vulnerability condition on a microcontroller, the microcontroller having a debugger and storing an encryption key; (b) in response to the detecting in (a) automatically erasing the encryption key; (c) only after the encryption key is erased in (b) executing a boot loader program on the microcontroller, wherein the boot loader program is stored on the microcontroller; and (d) disabling the debugger in response to the detecting in (a) and prior to the execution of the boot loader program in (c).
-
-
19. An integrated circuit, comprising:
-
a processor; a first amount of memory that stores an encryption key; a second amount of memory that stores a boot loader program; and means for detecting a vulnerability condition and in response thereto automatically erasing the encryption key from the first amount of memory before the boot loader program can be executed by the processor. - View Dependent Claims (20, 21)
-
-
22. An integrated circuit, comprising:
-
a processor; a first amount of memory that stores an encryption key; a second amount of memory of memory that stores a boot loader program; and means for detecting a vulnerability condition and in response thereto automatically erasing the encryption key from the first amount of memory before the boot loader program can be executed by the processor, wherein the integrated circuit includes a debugger, and wherein the debugger is not usable to stop said erasing of the encryption key.
-
Specification