Authenticated process switching on a microprocessor

US 7,603,566 B2
Filed: 08/09/2004
Issued: 10/13/2009
Est. Priority Date: 12/26/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A microprocessor executing a program including a plurality of processes, the microprocessor comprising:

a first information acquiring unit which acquires, from outside the microprocessor, second process identification information for identifying a second process to be executed by a first process and first authentication information for authenticating the second process;

a first information holding unit which holds the second process identification information, the first authentication information and a program key so that the second process identification information, the first authentication information and the program key are associated with each other;

a second information acquiring unit which acquires the second process identification information from the first information holding unit, and which acquires the first authentication information as second authentication information for authenticating the second process, which is associated with the program key or is calculated by using the program key, from the first information holding unit, when the first process is executed;

a second information holding unit which denies access from outside the microprocessor, and holds the second process identification information and the second authentication information so that the second process identification information and the second authentication information are associated with each other; and

a switching authorization unit which compares, upon issuance of an instruction for switching from the first process to the second process, the first authentication information held on the first information holding unit at the time when the instruction is issued with the second authentication information, and allows, when the first authentication information and the second authentication information match, switching from the first process to the second process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A microprocessor includes a first information holding unit, a second information holding unit, and a switching authorization unit. The first information holding unit holds process identification information and authentication information which are associated with each other. The second information holding unit denies access from outside, and holds entry information of a process and the authentication information which are associated with each other. The switching authorization unit allows switching process when the authentication information held in the first information holding unit with the authentication information held in the second information holding unit match.

32 Citations

View as Search Results

19 Claims

1. A microprocessor executing a program including a plurality of processes, the microprocessor comprising:
- a first information acquiring unit which acquires, from outside the microprocessor, second process identification information for identifying a second process to be executed by a first process and first authentication information for authenticating the second process;
  
  a first information holding unit which holds the second process identification information, the first authentication information and a program key so that the second process identification information, the first authentication information and the program key are associated with each other;
  
  a second information acquiring unit which acquires the second process identification information from the first information holding unit, and which acquires the first authentication information as second authentication information for authenticating the second process, which is associated with the program key or is calculated by using the program key, from the first information holding unit, when the first process is executed;
  
  a second information holding unit which denies access from outside the microprocessor, and holds the second process identification information and the second authentication information so that the second process identification information and the second authentication information are associated with each other; and
  
  a switching authorization unit which compares, upon issuance of an instruction for switching from the first process to the second process, the first authentication information held on the first information holding unit at the time when the instruction is issued with the second authentication information, and allows, when the first authentication information and the second authentication information match, switching from the first process to the second process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The microprocessor according to claim 1, wherein the second process is a process encrypted with a shared key,the first authentication information includes a distribution key obtained by encrypting the shared key with a public key,the microprocessor further comprising:
    - a process decryption unit which, when the switching authorization unit allows switching from the first process to the second process, decrypts the second process with the shared key; and
      
      an execution unit which executes the decrypted second process.
  - 3. The microprocessor according to claim 2, further comprising a key decryption unit which obtains the shared key by decrypting the distribution key with a secret key held in the microprocessor.
  - 4. The microprocessor according to claim 2, further comprising a verifier generation unit which generates a verifier of the distribution key, whereinthe first information holding unit includes the verifier in the first authentication information, andthe switching authorization unit compares, upon issuance of the instruction for switching from the first process to the second process, the verifier included in the first authentication information with a verifier included in the second authentication information, and allows, when the verifiers match, switching from the first process to the second process.
  - 5. The microprocessor according to claim 1, further comprising:
    - a first register reserved by the first process; and
      
      a register setting unit which, upon issuance of the instruction for switching from the first process to the second process, sets in the first register the second process identification information and the first authentication information which are held in the first information holding unit, whereinthe switching authorization unit compares the first authentication information set in the first register with the second authentication information held in the second information holding unit.
  - 6. The microprocessor according to claim 5, wherein the first register includesa second-process specific register which holds the second process identification information and the first authentication information;
    - anda general register which holds information associated with execution of the first process, whereinthe register setting unit sets the second process identification information and the first authentication information in the second-process specific register, andthe switching authorization unit compares the first authentication information held in the second-process specific register with the second authentication information held in the second information holding unit.
  - 7. The microprocessor according to claim 6, wherein the second information holding unit further holds first process identification information for identifying the first process and third authentication information for authenticating the first process so that the first process identification information and the third authentication information are associated with each other,the first register further includes a first-process specific register which holds the first process identification information and which holds the third authentication information as fourth authentication information,the microprocessor further comprises:
    - a second register reserved by the second process; and
      
      a copy unit which, when the switching authorization unit allows switching from the first process to the second process, copies the fourth authentication information held in the first process-specific register to the second register, whereinthe switching authorization unit compares the fourth authentication information copied by the copy unit with the third authentication information held in the second information holding unit, and allows, when the third authentication information and the fourth authentication information match, switching from the second process to the first process.
  - 8. The microprocessor according to claim 5, further comprising:
    - a save unit which saves information held in the first register reserved by the first process during execution of the second process; and
      
      a register buffer which holds the information saved by the save unit.
  - 9. The microprocessor according to claim 8, further comprising:
    - a second register reserved by the second process; and
      
      a copy unit which copies to the second register the information saved to the register buffer.

10. A method of executing a program including a plurality of processes, the method comprising:
- acquiring, from outside the microprocessor, second process identification information for identifying a second process to be executed by a first process and first authentication information for authenticating the second process;
  
  storing, in a first information holding unit, the second process identification Information, the first authentication information and a program key so that the second process identification information, the first authentication information and the program key are associated with each other;
  
  acquiring, from the first information holding unit, the first authentication information as second authentication information for authenticating the second process, which is associated with the program key or is calculated by using the program key and the second process identification information, when the first process is executed;
  
  storing, in a second information holding unit which denies access from outside the microprocessor, the second process identification information and the second authentication information so that the second process identification information and the second authentication information are associated with each other; and
  
  comparing, upon issuance of an instruction for switching from the first process to the second process, the first authentication information held on the first information holding unit at the time when the instruction is issued with the second authentication information; and
  
  allowing, when the first authentication information and the second authentication information match, switching from the first process to the second process.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method according to claim 10, wherein the second process is a process encrypted with a shared key,the first authentication information includes a distribution key obtained by encrypting the shared key with a public key,the method further comprising:
    - decrypting, when the switching authorization unit allows switching from the first process to the second process, the second process with the shared key; and
      
      executing the decrypted second process.
  - 12. The method according to claim 11, further comprising obtaining the shared key by decrypting the distribution key with a secret key held in the microprocessor.
  - 13. The method according to claim 11, further comprising generating a verifier of the distribution key, whereinthe first authentication information includes the verifier,the comparing includes comparing, upon issuance of the instruction for switching from the first process to the second process, the verifier included in the first authentication information with a verifier included in the second authentication information, andthe allowing includes allowing, when the verifiers match, switching from the first process to the second process.
  - 14. The method according to claim 10, further comprising setting, upon issuance of the instruction for switching from the first process to the second process, the second process identification information and the first authentication information which are stored in the first information holding unit, in a first register reserved by the first process, whereinthe comparing includes comparing the first authentication information set in the first register with the second authentication information stored in the second information holding unit.
  - 15. The method according to claim 14, wherein the first register includesa second-process specific register which holds the second process identification information and the first authentication information;
    - anda general register which holds information associated with execution of the first process, whereinthe setting includes setting the second process identification information and the first authentication information in the second-process specific register, andthe comparing includes comparing the first authentication information held in the second-process specific register with the second authentication information held in the second information holding unit.
  - 16. The method according to claim 15, further comprising storing, in the second information holding unit, first process identification information for identifying the first process and third authentication information for authenticating the first process so that the first process identification information and the third authentication information are associated with each other,the first register further includes a first-process specific register which holds the first process identification information and which holds the third authentication information as fourth authentication information,the method further comprises:
    - copying, when the switching authorization unit allows switching from the first process to the second process, the fourth authentication information held in the first process-specific register to a second register reserved by the second process, whereinthe comparing includes comparing the fourth authentication information copied with the third authentication information held in the second information holding unit, andthe allowing includes allowing, when the third authentication information and the fourth authentication information match, switching from the second process to the first process.
  - 17. The method according to claim 14, further comprising saving information held in the first register reserved by the first process during execution of the second process, whereinthe information saved is held in a register buffer.
  - 18. The method according to claim 17, further comprising copying to a second register reserved by the second process the information saved to the register buffer.

19. A microprocessor executing a program including a plurality of processes, the microprocessor comprising:
- first information acquiring means for acquiring, from outside the microprocessor, second process identification information for identifying a second process to be executed by a first process and first authentication information for authenticating the second process;
  
  first information holding means for holding the second process identification Information, the first authentication information and a program key so that the second process identification information, the first authentication information and the program key are associated with each other;
  
  second information acquiring means for acquiring the second process identification information from the first information holding means, and for acquiring the first authentication information as second authentication information for authenticating the second process, which is associated with the program key or is calculated by using the program key, from the first information holding means, when the first process is executed;
  
  second information holding means, which denies access from outside the microprocessor, for holding the second process identification information and the second authentication information so that the second process identification information and the second authentication information are associated with each other; and
  
  switching authorization means for comparing, upon issuance of an instruction for switching from the first process to the second process, the first authentication information held on the first information holding means at the time when the instruction is issued with the second authentication information, and for allowing, when the first authentication information and the second authentication information match, switching from the first process to the second process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Haruki, Hiroyoshi, Hashimoto, Mikio
Primary Examiner(s)
Simitoski; Michael J

Application Number

US10/913,537
Publication Number

US 20050144438A1
Time in Patent Office

1,891 Days
Field of Search

713/2, 713/168, 713/187, 726/30, 712/43, 712/228, 712/229, 718/102, 718/108
US Class Current

713/187
CPC Class Codes

G06F 21/123 by using dedicated hardware...

G06F 21/72 in cryptographic circuits

Authenticated process switching on a microprocessor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated process switching on a microprocessor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links