Secure and backward-compatible processor and secure software execution thereon

US 7,380,275 B2
Filed: 01/31/2005
Issued: 05/27/2008
Est. Priority Date: 02/07/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

distinguishing operations on a single processor between a monitored mode and a secure mode;

generating a timer interrupt signal using parameters set by a secure mode switch circuit;

entering secure mode in response to the timer interrupt signal;

when the processor is operating in the secure mode;

executing on the processor, software loaded using a bootstrap loader that cryptographically authenticates the software; and

exiting the secure mode;

when the processor is operating in the monitored mode;

performing application software on the processor, without substantial change in original code for that application software, wherein the application software sees a processor environment that is not substantially different from an ordinary processor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure processor assuring application software is executed securely, and assuring only authorized software is executed, monitored modes and secure modes of operation. The former executes application software transparently to that software. The latter verifies execution of the application software is authorized, performs any extraordinary services required by the application software, and verifies the processor has obtained rights to execute the content. The secure processor (1) appears hardware-identical to an ordinary processor, with the effect that application software written for ordinary processors can be executed on the secure processor without substantial change, (2) needs only a minimal degree of additional hardware over and above those portions appearing hardware-identical to an ordinary processor. The secure processor operates without substantial reduction in speed or other resources available to the application software. Functions operating in secure mode might reside in an on-chip non-volatile memory, or might be loaded from external storage with authentication.

184 Citations

73 Claims

1. A method comprising:
- distinguishing operations on a single processor between a monitored mode and a secure mode;
  
  generating a timer interrupt signal using parameters set by a secure mode switch circuit;
  
  entering secure mode in response to the timer interrupt signal;
  
  when the processor is operating in the secure mode;
  
  executing on the processor, software loaded using a bootstrap loader that cryptographically authenticates the software; and
  
  exiting the secure mode;
  
  when the processor is operating in the monitored mode;
  
  performing application software on the processor, without substantial change in original code for that application software, wherein the application software sees a processor environment that is not substantially different from an ordinary processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising, when the processor is operating in the secure mode, verifying authorization to perform the application software.
  - 3. The method of claim 1, further comprising, when the processor is operating in the secure mode,checking a cryptographic signature from a trusted source;
    - andverifying that said application software is preserved in integrity and authenticity using the cryptographic signature.
  - 4. The method of claim 1, further comprising performing instructions for the processor substantially identical to those performable by a semiconductor die for an ordinary processor otherwise not responsive to said secure mode.
  - 5. The method of claim 1, further comprising, when the processor is operating in the secure mode, performing security services requested by, and authorized for, the application software.
  - 6. The method of claim 1, further comprising:
    - when the processor is operating in the monitored mode, entering the secure mode in response to a technique selected from the group consisting of;
      
      an interrupt, a reset signal, a power on signal, and a timer signal; and
      
      when the processor is operating in the secure mode, determining by which technique the secure mode was entered.
  - 7. The method of claim 1, further comprising:
    - when the processor is operating in the monitored mode;
      
      generating an interrupt in response to a request for services associated with the application software; and
      
      entering the secure mode;
      
      when the processor is operating in the secure mode;
      
      delivering the services in response to the application software on the processor; and
      
      exiting the secure mode.
  - 8. The method of claim 1, further comprising, in response to power-on,when the processor is operating in the secure mode:
    - loading additional code from one or more trusted sources;
      
      verifying authenticity of the trusted sources; and
      
      verifying content integrity of the additional code.
  - 9. The method of claim 1, wherein said application software includes at least one instruction for execution in the secure mode, further comprising:
    - performing said at least one instruction on behalf of a set of secure kernel code; and
      
      authenticating additional secure kernel code.
  - 10. The method of claim 1, further comprising:
    - performing a set of secure software;
      
      determining whether additional secure software is authentic;
      
      executing the additional secure software if the secure software is authentic;
      
      determining authorization to perform the additional secure software; and
      
      performing the additional secure software if authorization exists.
  - 11. The method of claim 10, further comprising:
    - loading the additional secure software; and
      
      validating the additional secure software using a cryptographic technique, wherein said validating establishes integrity or origin from a trusted source.
  - 12. The method of claim 10, further comprising:
    - loading additional application software; and
      
      determining authorization to perform the additional application software.

13. A method comprising:
- when a security signal indicates that a processor is operating in a monitored mode;
  
  refusing access to a secure function in response to the security signal;
  
  generating a non-maskable interrupt (NMI) signal based on a programmable timer-based interrupt;
  
  entering secure mode in response to the NMI signal;
  
  when the security signal indicates that the processor is operating in the secure mode;
  
  accessing the secure function in response to the security signal;
  
  accessing at least one secure circuit, whereinsaid secure function includes instructions for launching software content from an external source, measuring trustworthiness of the external source, and facilitating verification of the software content using said processor.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The method of claim 13, further comprising performing a set of application code in a manner that is substantially identical to performing the set of application code on a substantially identical non-secure processing unit that is not responsive to said security signal.
  - 15. The method of claim 13, further comprising, when the security signal indicates that the processor is operating in the monitored mode, performing a set of application code.
  - 16. The method of claim 13, further comprising:
    - receiving external instructions from the external source; and
      
      verifying the external instructions as authentic, or originating from a trusted source.
  - 17. The method of claim 13, further comprising:
    - monitoring access to an external device; and
      
      performing at least one secure function in response to an attempt to access the external device in violation of the security signal and a set of access rules.
  - 18. The method of claim 17, wherein said monitoring access to an external device is responsive to at least one of:
    - a number of accesses requested;
      
      a number of instructions performed;
      
      a parameter set when the processor is operating in the secure mode; and
      
      an interval of operation.
  - 19. The method of claim 17, further comprising maintaining a set of secure information for read-only access.
  - 20. The method of claim 19, further comprising reading the set of secure information from a non-volatile memory.
  - 21. The method of claim 19, further comprising:
    - reading the set of secure information from a non-volatile memory; and
      
      disabling writing to the non-volatile memory after packaging.
  - 22. The method of claim 13, further comprising:
    - receiving external data from the external source;
      
      constructing data responsive to the external data;
      
      comparing the data responsive to the external data with at least some of said secure information.
  - 23. The method of claim 22, further comprising:
    - determining a computed cryptographic value as a function of the external data; and
      
      using a public key cryptographic method to verify the computed cryptographic value using a recorded signature value from a trust verifiable source.
  - 24. The method of claim 13, further comprising:
    - requesting additional secure code from the external source;
      
      sending data responsive to the secure information to the external source, wherein the external source is capable of verifying authorization to perform the additional secure code; and
      
      receiving the additional secure code from the external source, wherein the additional secure code includes information that can be used by a secure device to determinate that it has permission to execute or use some software.
  - 25. The method of claim 13, further comprising:
    - requesting application software from the external source;
      
      sending data responsive to the secure information to the external source, wherein the external source is capable of verifying authorization to perform the application software; and
      
      receiving the application software from the external source, wherein the application software includes information that can be used by a secure device to determinate that it has permission to execute or use some software.

26. A method of reading secure information from non-volatile memory associated with a single secure processor capable of operating in a secure mode and a non-secure mode, comprising:
- entering secure mode in response to a reset signal;
  
  disabling writing to non-volatile memory when a processor with which the non-volatile memory is associated is packaged;
  
  maintaining secure information within the non-volatile memory;
  
  switching to non-secure mode;
  
  generating an non-maskable interrupt (NMI) signal in response to a timeout from a secure timer;
  
  switching to secure mode in response to NMI signal.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26, wherein said disabling includes making substantially inaccessible a non-bonded pin.
  - 28. The method of claim 27, wherein the secure information is unique to the processor.
  - 29. The method of claim 27, wherein the secure information is secret.

30. A single-processor processor chip apparatus comprising:
- a secure switch for switching between a monitored mode and a secure mode on a single processor;
  
  a secure timer circuit capable of generating a timer interrupt in response to programmable parameters;
  
  memory, coupled to the secure switch, including;
  
  security information;
  
  a bootstrap loader, wherein, using the security information, the bootstrap loader cryptographically authenticates software loaded in response to execution of the bootstrap loader;
  
  the processor coupled to the secure switch, the secure timer circuit, and the memory, wherein, in operation;
  
  the processor executes the bootstrap loader,when the processor is operating in the secure mode, the processor executes the software loaded in response to execution of the bootstrap loader and exits the secure mode,when the processor is operating in the monitored mode, the processor performs application software transparently to the application software, and the processor enters secure mode in response to receipt of the timer interrupt.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
- - 31. The apparatus of claim 30, wherein, when the processor is operating in the secure mode, the processor verifies authorization to perform the application software.
  - 32. The apparatus of claim 30, wherein, when the processor is operating in the secure mode, the processorchecks a cryptographic signature from a trusted source;
    - andverifies that said application software is preserved in integrity and authenticity using the cryptographic signature.
  - 33. The apparatus of claim 30, wherein, when the processor is operating in the secure mode, the processor performs security services requested by, and authorized for, the application software.
  - 34. The apparatus of claim 30, wherein,when the processor is operating in the monitored mode, the secure switch switches to the secure mode in response to a technique selected from the group consisting of:
    - an interrupt, a reset signal, a power on signal, and a timer signal; and
      
      when the processor is operating in the secure mode, the processor determines by which technique the secure mode was entered.
  - 35. The apparatus of claim 30, wherein:
    - when the processor is operating in the monitored mode;
      
      the processor responds to an interrupt generated when a request for services associated with the application software is recorded; and
      
      the secure switch switches to the secure mode;
      
      when the processor is operating in the secure mode;
      
      the processor delivers the services in response to the application software; and
      
      the secure switch switches to the monitored mode.
  - 36. The apparatus of claim 30, wherein, in response to a power-on state,when the processor is operating in the secure mode:
    - the processor loads additional code from one or more trusted sources;
      
      the processor verifies authenticity of the trusted sources; and
      
      the processor verifies content integrity of the additional code.
  - 37. The apparatus of claim 30, wherein said application software includes at least one instruction for execution in the secure mode, wherein:
    - the processor performs said at least one instruction on behalf of a set of secure kernel code; and
      
      the processor authenticates additional secure kernel code.
  - 38. The apparatus of claim 30, wherein the processor:
    - performs a set of secure software;
      
      determines whether additional secure software is authentic;
      
      executes the additional secure software if the secure software is authentic;
      
      determines authorization to perform the additional secure software; and
      
      performs the additional secure software if authorization exists.
  - 39. The apparatus of claim 38, wherein the processor:
    - loads the additional secure software; and
      
      validates the additional secure software using a cryptographic technique, wherein said validating establishes integrity or origin from a trusted source.
  - 40. The apparatus of claim 38, wherein the processor:
    - loads additional application software; and
      
      determines authorization to perform the additional application software.
  - 41. The apparatus of claim 38, wherein access rights to internal resources are issued from a trust verifiable authority, wherein when the processor is operating in the secure mode, the processor validates trust and verifies access rights as authentic using a public key cryptographic verification technique, and wherein the processor sets up access rights in secure mode and the access rights are unmodifiable in the monitored mode.
  - 42. The apparatus of claim 41, wherein the processor applies the access rights to resources, wherein the resources may be designated as “
    - enabled”
      
      , “
      
      disabled”
      
      , or “
      
      restricted”
      
      .
  - 43. The apparatus of claim 42, wherein the resources include software resources and hardware resources.
  - 44. The apparatus of claim 42, wherein the designation is application-specific.
  - 45. The apparatus of claim 42, wherein the designation is user-specific.
  - 46. The apparatus of claim 42, wherein the designation is device-specific.
  - 47. The apparatus of claim 42, wherein the designation is associated with one or more of the group consisting of bandwidth, time-of-use, dates, memory use, a limitation on internal resources, conditional on internal secure data, access rights from a server, rights dependent on secure state, and consumption data.
  - 48. The apparatus of claim 30, wherein said security information includes information maintained in a non-volatile memory, said non-volatile memory having a circuit capable of enabling writing of said non-volatile memory, said circuit being disabled when said secure processor is packaged.
  - 49. The apparatus of claim 30, wherein said security information includes information maintained in a non-volatile memory, said non-volatile memory having a circuit capable of enabling writing of said non-volatile memory, said circuit including a pin which is substantially inaccessible when said secure processor is packaged.
  - 50. The apparatus of claim 30, wherein said security information includes an identity value substantially unique to the apparatus, or a set of private key information substantially unique to the processor;
    - wherein a selected set of content or software is assured to be executed when authorization to consume said content or execute said software exists.
  - 51. The apparatus of claim 30, including means for combining said key information and a substantially unique identity value, with the effect of implementing a digital rights management scheme for enforcing intellectual property rights.
  - 52. The apparatus of claim 30, wherein at least a portion of said secure information is digitally signed using either a public key/secret private key system or a symmetric encryption/decryption key.
  - 53. The apparatus of claim 30, wherein at least a portion of said secure information is encrypted using either a public key/secret private key system or a symmetric encryption/decryption key.
  - 54. The apparatus of claim 30, wherein, in operation, the processor verifies authenticity of a purchase receipt or license or other digital rights management data, wherein the purchase receipt or license or other digital rights management data facilitates verification of a selected set of content or software as authentic and authorized.
  - 55. The apparatus of claim 54, wherein, in an operational configuration, the processor is permitted to consume the content or execute the software in response to an attempt to verify authenticity of a purchase receipt or license or other digital rights management data.
  - 56. The apparatus of claim 54, wherein said receipt includes information sufficient to substantially identify the processor and information sufficient to substantially identify an identity value substantially unique to said content or software.
  - 57. The apparatus of claim 54, wherein, in an operational configuration, the processor is permitted to consume the content or execute the software in response to verifying said digital signature.
  - 58. The apparatus of claim 54, wherein, in an operational configuration, the processor is permitted to consume the content or execute the software in response to an attempt to decrypt a portion of the secure information.

59. A method comprising:
- including a security code verification module in a bootstrap loader;
  
  implementing the bootstrap loader in firmware;
  
  initializing non-volatile memory with a first security code verification value associated with the security code module, wherein security code includes instructions to enable access rights to hardware and software resources when in a secure mode, wherein the access rights to resources are issued from a trust verifiable source, and wherein access rights data is verifiable as authentic from a source using a public key cryptographic verification method, using a single microprocessor;
  
  providing security logic wherein, in operation, the security logic generates a non-maskable interrupt (NMI) signal in response to a timeout from the secure timer, and wherein the single microprocessor enters secure mode in response to the NMI signal.
- View Dependent Claims (60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73)
- - 60. The method of claim 59, further comprising configuring the first security code verification value.
  - 61. The method of claim 59, further comprising:
    - locating security code using the security code verification module;
      
      computing a second security code verification value associated with the security code; and
      
      executing the security code if the first security code verification value verifies correctly with respect to the second security code verification value.
  - 62. The method of claim 59, further comprising:
    - loading security code associated with the security code verification module into volatile memory;
      
      computing a second security code verification value associated with the security code; and
      
      executing the security code if the first security code verification value verifies correctly with respect to the second security code verification value.
  - 63. The method of claim 59, further comprising:
    - loading a first module of security code associated with the security code verification module into volatile memory;
      
      computing a second security code verification value associated with the security code; and
      
      executing the first module of the security code if the first security code verification value verifies correctly with respect to the second security code verification value.
  - 64. The method of claim 63, wherein said first module of security code has been loaded into volatile memory, further comprising:
    - authenticating a second module of the security code using data in the first module of the security code; and
      
      loading the second module of the security code into volatile memory when authenticated.
  - 65. The method of claim 59, further comprising implementing a non-maskable interrupt that is triggered at specified times.
  - 66. The method of claim 65, further comprising executing security code associated with the security code verification module when the non-maskable interrupt is triggered.
  - 67. The method of claim 65, wherein said specified times include on reset.
  - 68. The method of claim 65, further comprising using a timer to trigger the non-maskable interrupt at intervals defined by security code associated with the security code verification module, wherein triggering at intervals facilitates monitoring running applications.
  - 69. The method of claim 65, further comprising switching to a secure mode, different in security level from a backward-compatible monitored mode.
  - 70. The method of claim 65, further comprising embedding chip identities and keys to facilitate a procedure selected from the group consisting of:
    - tracking the chip, implementation of licensing schemes, and authenticated software loading.
  - 71. The method of claim 59, further comprising using the NV memory to maintain secure versioning or sequencing of state.
  - 72. The method of claim 71, wherein said using the NV memory to maintain secure versioning or sequencing of state further comprises maintaining a version or sequence number in the NV memory, wherein access to the version or sequence number is allowed in a security mode and restricted in an application mode.
  - 73. The method of claim 71, further comprising refusing to update a version or sequence number maintained in the NV memory to a previous state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Broadon Communications Corp. (Acer, Inc.)
Inventors
Yen, Wei, Srinivasan, Pramila, Princen, John, Blythe, David, Saperstein, William, Berndt, Frank
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US11/048,515
Publication Number

US 20050132217A1
Time in Patent Office

1,212 Days
Field of Search

None
US Class Current

726/17
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/71   to assure secure computing ...

G06F 21/73   by creating or determining ...

G06F 21/74   operating in dual or compar...

Secure and backward-compatible processor and secure software execution thereon

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

184 Citations

73 Claims

Specification

Solutions

Use Cases

Quick Links

Secure and backward-compatible processor and secure software execution thereon

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

73 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links