Secure processor
First Claim
1. A secure processor, which decrypts an encrypted instruction code and executes the instruction code, comprising:
- a processor core configured to execute the instruction code obtained by decrypting the encrypted instruction code;
a secure bus that is not recognized by a program executed by the processor core; and
a secure hardware connected to the secure bus, configured to perform authentication of the encrypted instruction code executed using the processor core and performing encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside, whereinthe secure hardware comprises;
a secure pipe connected to the secure bus, for performing encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside;
a secure assist connected to the secure bus configured to transmit and receive a command and information to and from a program executed in the processor core via a public interface and to execute a public key system encryption process and a public key system authentication process; and
a secure DMA comprising a DMA transfer function and connected to the secure bus configured to perform page verification of an instruction code or data transferred by the DMA transfer function,the secure assist performs setting and control of the secure pipe and the secure DMA via the secure bus,the secure hardware, further comprising a storage unit configured to store a built-in key, is initiated by a secure boot program encrypted by the built-in key,the secure boot program serves as a starting point of an instruction code authentication executed by the secure processor, by authenticating a first program which is a user application'"'"'s core program,the first program further authenticates a second program which is different from the first program, by setting an encrypted second program key to the secure hardware, by reading a second program key authentication'"'"'s status information from the secure hardware when receiving a notification indicating that a key authentication process by the secure hardware to authenticate the encrypted second program key is terminated from the secure hardware, and by determining whether the encrypted second program key is decrypted and authenticated on the basis of the key authentication'"'"'s status information,the first program obtains license information of a decrypted second program key from the secure hardware and sets the license information to the secure hardware, andthe secure hardware decrypts the second program by using the decrypted second program key and provides a decrypted second program to the processor core.
4 Assignments
0 Petitions
Accused Products
Abstract
A secure hardware comprises a secure pipe, a secure DMA, a secure assist and a secure bus, which connects between those blocks. The secure pipe stores a common encryption key in an encryption key table so as not to be able to access from software. The secure DMA comprises a data common key system process function and a hashing process function. The secure assist comprises a common key system process function and an authentication process function, receives an issued command from a program executed by the processor core via a public IF, and performs setting/control of the secure pipe and the secure DMA via the secure bus.
46 Citations
16 Claims
-
1. A secure processor, which decrypts an encrypted instruction code and executes the instruction code, comprising:
-
a processor core configured to execute the instruction code obtained by decrypting the encrypted instruction code; a secure bus that is not recognized by a program executed by the processor core; and a secure hardware connected to the secure bus, configured to perform authentication of the encrypted instruction code executed using the processor core and performing encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside, wherein the secure hardware comprises; a secure pipe connected to the secure bus, for performing encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside; a secure assist connected to the secure bus configured to transmit and receive a command and information to and from a program executed in the processor core via a public interface and to execute a public key system encryption process and a public key system authentication process; and a secure DMA comprising a DMA transfer function and connected to the secure bus configured to perform page verification of an instruction code or data transferred by the DMA transfer function, the secure assist performs setting and control of the secure pipe and the secure DMA via the secure bus, the secure hardware, further comprising a storage unit configured to store a built-in key, is initiated by a secure boot program encrypted by the built-in key, the secure boot program serves as a starting point of an instruction code authentication executed by the secure processor, by authenticating a first program which is a user application'"'"'s core program, the first program further authenticates a second program which is different from the first program, by setting an encrypted second program key to the secure hardware, by reading a second program key authentication'"'"'s status information from the secure hardware when receiving a notification indicating that a key authentication process by the secure hardware to authenticate the encrypted second program key is terminated from the secure hardware, and by determining whether the encrypted second program key is decrypted and authenticated on the basis of the key authentication'"'"'s status information, the first program obtains license information of a decrypted second program key from the secure hardware and sets the license information to the secure hardware, and the secure hardware decrypts the second program by using the decrypted second program key and provides a decrypted second program to the processor core. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification