×

Secure processor

  • US 8,788,840 B2
  • Filed: 03/08/2013
  • Issued: 07/22/2014
  • Est. Priority Date: 02/22/2006
  • Status: Active Grant
First Claim
Patent Images

1. A secure processor, which decrypts an encrypted instruction code and executes the instruction code, comprising:

  • a processor core configured to execute the instruction code obtained by decrypting the encrypted instruction code;

    a secure bus that is not recognized by a program executed by the processor core; and

    a secure hardware connected to the secure bus, configured to perform authentication of the encrypted instruction code executed using the processor core and performing encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside, whereinthe secure hardware includes a secure pipe connected to the secure bus, the secure pipe being configured to perform encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside,the secure pipe includes;

    an encryption key table with an encryption key, license information of the encryption key, and an entry to register a first flag, which indicates whether the encryption key is reliable or not;

    a TLB/AMR (Translation Look-aside Buffer/Address Map Register) expansion unit with an entry corresponding one-to-one with TLB/AMR of the processor core, the TLB/AMR expansion unit configured to register in the entry, identification information of the encryption key registered in the encryption key table, a second flag, which is a copy of the first flag registered in the entry of the encryption key table designated by the encryption key identification information, and license information; and

    a license check unit to examine whether or not the license information registered in the entry of the TLB/AMR expansion unit matches the license information registered in the entry of the encryption key table designated by the encryption key identification information registered in the entry of the TLB/AMR expansion unit,the secure hardware, including a storage unit configured to store a built-in key, is initiated by a secure boot program encrypted by the built-in key,the secure boot program serves as a starting point of an instruction code authentication executed by the secure processor, by authenticating a first program which is a user application'"'"'s core program,the first program further authenticates a second program which is different from the first program, by setting an encrypted second program key to the secure hardware, by reading a second program key authentication'"'"'s status information from the secure hardware when receiving a notification indicating that a key authentication process by the secure hardware to authenticate the encrypted second program key is terminated from the secure hardware, and by determining whether the encrypted second program key is decrypted and authenticated on the basis of the key authentication'"'"'s status information,the first program obtains license information of a decrypted second program key from the secure hardware and sets the license information to the secure hardware, andthe secure hardware decrypts the second program by using the decrypted second program key and provides a decrypted second program to the processor core.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×