Secure system-on-chip

US 8,356,188 B2
Filed: 12/21/2006
Issued: 01/15/2013
Est. Priority Date: 12/23/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A secure system-on-chip for processing data, the system-on-chip comprising:

at least a central processing unit;

an input channel;

an output channel;

an encryption/decryption engine; and

a memory;

wherein said input channel comprises a virtual input encryption module configured to pass all incoming data to the encryption/decryption engine to add an internal encryption layer to all incoming data, said output channel comprises a virtual output decryption module which is configured to pass all outgoing data to the encryption/decryption engine to remove the internal encryption layer on all outgoing data, and said central processing unit is configured to perform the steps of receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, reading the stored data from the memory, requesting the removal of the internal encryption layer of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine to add the internal encryption layer and storing the encrypted result, outputting the result to the output decryption module for removing the internal encryption layer and outputting the result via the output channel wherein data encrypted with the internal encryption layer is never present outside the system-on-chip.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

The aim of the present invention is to provide a secure system-on-chip for processing data, this system-on-chip comprising at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory, characterized in that, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said central processing unit receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said central processing unit reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel.

45 Citations

View as Search Results

14 Claims

1. A secure system-on-chip for processing data, the system-on-chip comprising:
- at least a central processing unit;
  
  an input channel;
  
  an output channel;
  
  an encryption/decryption engine; and
  
  a memory;
  
  wherein said input channel comprises a virtual input encryption module configured to pass all incoming data to the encryption/decryption engine to add an internal encryption layer to all incoming data, said output channel comprises a virtual output decryption module which is configured to pass all outgoing data to the encryption/decryption engine to remove the internal encryption layer on all outgoing data, and said central processing unit is configured to perform the steps of receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, reading the stored data from the memory, requesting the removal of the internal encryption layer of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine to add the internal encryption layer and storing the encrypted result, outputting the result to the output decryption module for removing the internal encryption layer and outputting the result via the output channel wherein data encrypted with the internal encryption layer is never present outside the system-on-chip.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A secure system-on-chip according to claim 1, wherein the algorithm to encrypt and decrypt the data is a symmetrical algorithm.
  - 3. A secure system-on-chip according to claim 2, wherein the encryption/decryption algorithm uses a set of initialization constants and all or part of the initialization constants are randomly generated within the system-on-chip.
  - 4. A secure system-on-chip according to claim 1, wherein the algorithm to encrypt and decrypt the data is an asymmetrical algorithm.
  - 5. A secure system-on-chip according to claim 1, wherein the secure system-on-chip is configured to generate randomly the key or key pair used by the encryption/decryption engine.
  - 6. A secure system-on-chip according to claim 1, wherein the input encryption module as well as the output decryption module comprises several encryption or decryption units respectively, at least one of these units being loaded with a key which is non-volatile and at least one of these units being loaded with a permanent key.
  - 7. A secure system-on-chip according to claim 1, wherein the encryption/decryption operations can be executed on one single data or a set of data at a time.
  - 8. A secure system-on-chip according to claim 1, wherein the encryption/decryption engine is initialized by a key known only by the secure system-on-chip.

9. A method for processing data on a secure system-on-chip, the system-on-chip comprising a central processing unit, an input channel, an output channel, an encryption/decryption engine and a memory, the method comprising the steps of:
- passing input data received via the input channel through a virtual encryption module to the encryption/decryption engine to add a first internal encryption layer to the input data;
  
  storing the input data with the first internal encryption layer in the memory;
  
  retrieving the input data with the first internal encryption layer from the memory;
  
  passing the input data retrieved from the memory through a virtual encryption module to the encryption/decryption engine to remove the first internal encryption layer from the input data retrieved from the memory;
  
  processing the data after the first internal encryption layer has been removed to form processed data; and
  
  outputting the processed data without the first internal encryption layer via the output channel wherein data encrypted with the internal encryption layer is never present outside the system-on-chip.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, further comprising the steps of:
    - adding a second internal encryption layer to the processed data;
      
      storing the processed data with the second internal encryption layer in the memory;
      
      retrieving the processed data with the second internal encryption layer from the memory; and
      
      removing the second internal encryption layer from the processed data prior to outputting the processed data via the output channel.
  - 11. The method of claim 9, wherein the first internal encryption layer uses a key known only by the secure system-on-chip.
  - 12. The method of claim 10, wherein the input data is encrypted with an external encryption layer, and wherein the processing step comprises removing the external encryption layer.
  - 13. The method of claim 10, wherein the first internal encryption layer is added by an input encryption module forming part of the input channel.

14. A method for processing data within a secure system-on-chip comprising the steps of:
- processing data to form processed data;
  
  passing the processed data through a virtual encryption module to an encryption/decryption engine to add an internal encryption layer to the processed data;
  
  storing the processed data with the internal encryption layer in the memory;
  
  retrieving the processed data with the internal encryption layer from the memory;
  
  passing the processed data retrieved from the memory through the virtual encryption module to the encryption/decryption engine to remove the internal encryption layer from the processed data within the system on chip; and
  
  outputting the processed data from the system on chip without the internal encryption layer via the output channel wherein data encrypted with the internal encryption layer is never present outside the system-on-chip.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Kudelski, Andre
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US11/614,816
Publication Number

US 20070150756A1
Time in Patent Office

2,217 Days
Field of Search

None
US Class Current

713/194
CPC Class Codes

G06F 21/72 in cryptographic circuits

H04L 63/0428 wherein the data content is...

Secure system-on-chip

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

45 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Secure system-on-chip

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others