Secure execution of downloaded software
First Claim
1. A method of securely distributing program instructions for execution in a single-chip secure cryptoprocessor that contains chip identifier data that distinguishes different cryptoprocessor units, encryption circuitry for encrypting said identifier, decryption circuitry for decrypting encrypted digital program instructions, writable program memory for storing decrypted instructions, and processor core for executing said decrypted instructions which are inaccessible from said secure cryptoprocessor chip from locations outside of said chip after fabrication of said chip is completed;
- the method comprising;
(a) encrypting in a network server a first program of executable digital instructions under control of a first encryption key;
(b) transmitting said encrypted first program of digital instructions from said server to said cryptoprocessor;
(c) encrypting said chip identifier in said cryptoprocessor chip to produce an encrypted identifier;
(d) transmitting said encrypted identifier to said server;
(e) reencrypting in said server said chip identifier together with a decryption key corresponding to said first encryption key to produce at least one encrypted data block such that each bit in said encrypted data block is a complex function of every bit in said decryption key and every bit in said chip identifier;
(f) transmitting said data block to said cryptoprocessor chip;
(g) decrypting said encrypted data block in said cryptoprocessor chip to produce a decrypted identifier and said decryption key in said cryptoprocessor chip;
(h) decrypting said encrypted first program in said cryptoprocessor chip under control of said decryption key to produce executable digital instructions stored in said program memory; and
(i) executing said digital instructions in said processor core in said cryptoprocessor chip to generate output data if said decrypted identifier has a predetermined relationship with said chip identifier in said cryptoprocessor chip.
0 Assignments
0 Petitions
Accused Products
Abstract
Proprietary programs for execution in game systems or other computers are downloaded from an Internet server in encrypted form to protect the programs from unauthorized use. The encrypted programs can be decrypted and executed only in a secure cryptoprocessor that initially ordered the software for download. Unlike DRM protected music, video, and text, decrypted program instructions need never be revealed to users. Each cryptoprocessor contains a unique chip identifier that is transmitted to the server in encrypted form to control encryption of a random session key that controls decryption of the downloaded programs. Hence, each copy of the encrypted software is encrypted differently. If the crypto processor is in a cartridge, it can be manually unplugged from one computer or game system and plugged into another system. Although some of the software may be non-encrypted and be executed and processed in conventional processor(s), this non-encrypted software would be useless without the decrypted program instructions executing in the cryptoprocessor.
-
Citations
16 Claims
-
1. A method of securely distributing program instructions for execution in a single-chip secure cryptoprocessor that contains chip identifier data that distinguishes different cryptoprocessor units, encryption circuitry for encrypting said identifier, decryption circuitry for decrypting encrypted digital program instructions, writable program memory for storing decrypted instructions, and processor core for executing said decrypted instructions which are inaccessible from said secure cryptoprocessor chip from locations outside of said chip after fabrication of said chip is completed;
- the method comprising;
(a) encrypting in a network server a first program of executable digital instructions under control of a first encryption key; (b) transmitting said encrypted first program of digital instructions from said server to said cryptoprocessor; (c) encrypting said chip identifier in said cryptoprocessor chip to produce an encrypted identifier; (d) transmitting said encrypted identifier to said server; (e) reencrypting in said server said chip identifier together with a decryption key corresponding to said first encryption key to produce at least one encrypted data block such that each bit in said encrypted data block is a complex function of every bit in said decryption key and every bit in said chip identifier; (f) transmitting said data block to said cryptoprocessor chip; (g) decrypting said encrypted data block in said cryptoprocessor chip to produce a decrypted identifier and said decryption key in said cryptoprocessor chip; (h) decrypting said encrypted first program in said cryptoprocessor chip under control of said decryption key to produce executable digital instructions stored in said program memory; and (i) executing said digital instructions in said processor core in said cryptoprocessor chip to generate output data if said decrypted identifier has a predetermined relationship with said chip identifier in said cryptoprocessor chip. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- the method comprising;
-
9. A computer readable data storage medium having stored thereon encrypted digital program instructions for execution in a single-chip secure cryptoprocessor that contains chip identifier data that distinguishes different cryptoprocessor units, encryption circuitry for encrypting said identifier, decryption circuitry for decrypting encrypted digital program instructions, writable program memory for storing decrypted instructions, and processor core for executing said decrypted instructions which are inaccessible from said secure cryptoprocessor chip from locations outside of said chip after fabrication of said chip is completed, wherein said cryptoprocessor chip performs the following:
-
(a) encrypting said chip identifier in said cryptoprocessor chip to produce an encrypted identifier for transmission to a network server that encrypts and downloads a first program of executable digital instructions for use in said cryptoprocessor, wherein said server decrypts said encrypted identifier to produce a decrypted identifier, and wherein said server reencrypts said decrypted identifier together with a decryption key corresponding to said encrypted first program to produce at least one encrypted data block for transmission to said cryptoprocessor chip such that each bit in said encrypted data block is a complex function of every bit in said decryption key and every bit in said chip identifier; (b) decrypting said encrypted data block in said cryptoprocessor chip to produce a decryption key in said cryptoprocessor chip; (c) decrypting said encrypted first program in said cryptoprocessor chip under control of said decryption key to produce executable digital instructions stored in said program memory; and (d) executing said digital instructions in said processor core in said cryptoprocessor chip to generate output data if said decrypted identifier has a predetermined relationship with said chip identifier in said cryptoprocessor chip. - View Dependent Claims (10, 11)
-
-
12. A single-chip secure cryptoprocessor comprising:
-
(a) non-volatile data memory storing chip identifier data that distinguishes different cryptoprocessor chips; (b) encryption circuitry for encrypting said chip identifier to produce an encrypted identifier for transmission to a network server; (c) wherein said server encrypts and downloads a first program of executable digital instructions for use in said cryptoprocessor, wherein said server decrypts said encrypted identifier to produce a decrypted identifier, and wherein said server reencrypts said decrypted identifier together with a digital decryption key corresponding to said encrypted first program to produce at least one encrypted data block for use in said cryptoprocessor chip such that each bit in said encrypted data block is a complex function of every bit in said decryption key and every bit in said chip identifier; (d) decryption circuitry for decrypting said encrypted data block to produce a decrypted key; (e) writable data memory for storing said decrypted key; (f) decryption circuitry for decrypting said first program under control of said decrypted key to produce executable digital decrypted instructions; (g) writable program memory for storing said decrypted instructions; (h) processor core for executing said decrypted instructions to produce output data if said decrypted identifier has a predetermined relationship with said chip identifier; and (i) wherein said data memory, encryption circuitry, decryption circuitry, processor core, program memory, and decrypted instructions are inaccessible from said secure cryptoprocessor chip from locations outside of said secure cryptoprocessor chip after fabrication of said chip is completed. - View Dependent Claims (13, 14, 15, 16)
-
Specification