Secure processor

US 8,788,840 B2
Filed: 03/08/2013
Issued: 07/22/2014
Est. Priority Date: 02/22/2006
Status: Active Grant

First Claim

Patent Images

1. A secure processor, which decrypts an encrypted instruction code and executes the instruction code, comprising:

a processor core configured to execute the instruction code obtained by decrypting the encrypted instruction code;

a secure bus that is not recognized by a program executed by the processor core; and

a secure hardware connected to the secure bus, configured to perform authentication of the encrypted instruction code executed using the processor core and performing encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside, whereinthe secure hardware includes a secure pipe connected to the secure bus, the secure pipe being configured to perform encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside,the secure pipe includes;

an encryption key table with an encryption key, license information of the encryption key, and an entry to register a first flag, which indicates whether the encryption key is reliable or not;

a TLB/AMR (Translation Look-aside Buffer/Address Map Register) expansion unit with an entry corresponding one-to-one with TLB/AMR of the processor core, the TLB/AMR expansion unit configured to register in the entry, identification information of the encryption key registered in the encryption key table, a second flag, which is a copy of the first flag registered in the entry of the encryption key table designated by the encryption key identification information, and license information; and

a license check unit to examine whether or not the license information registered in the entry of the TLB/AMR expansion unit matches the license information registered in the entry of the encryption key table designated by the encryption key identification information registered in the entry of the TLB/AMR expansion unit,the secure hardware, including a storage unit configured to store a built-in key, is initiated by a secure boot program encrypted by the built-in key,the secure boot program serves as a starting point of an instruction code authentication executed by the secure processor, by authenticating a first program which is a user application'"'"'s core program,the first program further authenticates a second program which is different from the first program, by setting an encrypted second program key to the secure hardware, by reading a second program key authentication'"'"'s status information from the secure hardware when receiving a notification indicating that a key authentication process by the secure hardware to authenticate the encrypted second program key is terminated from the secure hardware, and by determining whether the encrypted second program key is decrypted and authenticated on the basis of the key authentication'"'"'s status information,the first program obtains license information of a decrypted second program key from the secure hardware and sets the license information to the secure hardware, andthe secure hardware decrypts the second program by using the decrypted second program key and provides a decrypted second program to the processor core.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure hardware comprises a secure pipe, a secure DMA, a secure assist and a secure bus, which connects between those blocks. The secure pipe stores a common encryption key in an encryption key table so as not to be able to access from software. The secure DMA comprises a data common key system process function and a hashing process function. The secure assist comprises a common key system process function and an authentication process function, receives an issued command from a program executed by the processor core via a public IF, and performs setting/control of the secure pipe and the secure DMA via the secure bus.

Citations

17 Claims

1. A secure processor, which decrypts an encrypted instruction code and executes the instruction code, comprising:
- a processor core configured to execute the instruction code obtained by decrypting the encrypted instruction code;
  
  a secure bus that is not recognized by a program executed by the processor core; and
  
  a secure hardware connected to the secure bus, configured to perform authentication of the encrypted instruction code executed using the processor core and performing encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside, whereinthe secure hardware includes a secure pipe connected to the secure bus, the secure pipe being configured to perform encryption and decryption of the encrypted instruction code and data that the processor core inputs from and outputs to the outside,the secure pipe includes;
  
  an encryption key table with an encryption key, license information of the encryption key, and an entry to register a first flag, which indicates whether the encryption key is reliable or not;
  
  a TLB/AMR (Translation Look-aside Buffer/Address Map Register) expansion unit with an entry corresponding one-to-one with TLB/AMR of the processor core, the TLB/AMR expansion unit configured to register in the entry, identification information of the encryption key registered in the encryption key table, a second flag, which is a copy of the first flag registered in the entry of the encryption key table designated by the encryption key identification information, and license information; and
  
  a license check unit to examine whether or not the license information registered in the entry of the TLB/AMR expansion unit matches the license information registered in the entry of the encryption key table designated by the encryption key identification information registered in the entry of the TLB/AMR expansion unit,the secure hardware, including a storage unit configured to store a built-in key, is initiated by a secure boot program encrypted by the built-in key,the secure boot program serves as a starting point of an instruction code authentication executed by the secure processor, by authenticating a first program which is a user application'"'"'s core program,the first program further authenticates a second program which is different from the first program, by setting an encrypted second program key to the secure hardware, by reading a second program key authentication'"'"'s status information from the secure hardware when receiving a notification indicating that a key authentication process by the secure hardware to authenticate the encrypted second program key is terminated from the secure hardware, and by determining whether the encrypted second program key is decrypted and authenticated on the basis of the key authentication'"'"'s status information,the first program obtains license information of a decrypted second program key from the secure hardware and sets the license information to the secure hardware, andthe secure hardware decrypts the second program by using the decrypted second program key and provides a decrypted second program to the processor core.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The secure processor according to claim 1, wherein the secure pipe permits access to an authenticated data space only to an authenticated program executed in the processor core.
  - 3. The secure processor according to claim 1, wherein the secure hardware includes a secure assist connected to the secure bus configured to transmit and receive a command and information to and from a program executed in the processor core via a public interface and also to execute a public key system encryption process and a public key system authentication process.
  - 4. The secure processor according to claim 1, wherein the secure hardware includes a secure DMA (Direct Memory Access) connected to the secure bus, comprising a DMA transfer function configured to perform a page verification of an instruction code or data transferred by the DMA transfer function.
  - 5. The secure processor according to claim 4, wherein the secure DMA includes:
    - an encryption process unit configured to perform a common key cryptography encryption process; and
      
      a hashing process unit configured to apply hashing process to data in the DMA transfer region.
  - 6. The secure processor according to claim 1, wherein the entry of TLB/AMR of the processor core includes a third flag having the same function as the second flag of the TLB/AMR expansion unit.
  - 7. The secure processor according to claim 6, wherein the value of the third flag, when it is determined by the license check unit that the license information match each other, is updated to the value of the second flag.
  - 8. The secure processor according to claim 1, wherein an empty entry of the encryption key table is managed by a program executed in the processor core.
  - 9. The secure processor according to claim 1, wherein the secure assist includes:
    - a first register, where a command can be set by a program executed in the processor core; and
      
      a second register, where license information can be set by the program.
  - 10. The secure processor according to claim 9, wherein the secure assist includes:
    - an encryption key generation unit configured to generate an encryption key to generate a key to be registered in the empty entry of the encryption key table when a key generating command is set to the first register;
      
      a license information generation unit configured to generate license information of the encryption key generated by the encryption key generation unit; and
      
      a third register, which can be accessed by the program, configured to store the license information generated by the license information generation unit.
  - 11. The secure processor according to claim 9, wherein the secure assist includes:
    - a public key operation unit configured to public-key encrypt an encryption key corresponding to the license information set to the second register registered in the encryption key table when a key storage command is set to the first register; and
      
      a third register, which can be accessed by the program, for storing the encryption key public-key encrypted by the public key operation unit.
  - 12. The secure processor according to claim 1, wherein the secure hardware includes:
    - a key authentication unit configured to authenticate a public-key encrypted key of an instruction code;
      
      a license information generation unit configured to generate license information of the public-key encrypted key when the public-key encrypted key is authenticated by the key authentication unit; and
      
      a key decryption unit configured to decrypt the public-key encrypted key when the public-key encrypted key is authenticated by the key authentication unit,wherein license information generated by the license information generation unit is stored by a program in execution in the processor core, which requested authentication to the authentication unit, and the key decrypted by the key decryption unit is registered to the encryption key table.
  - 13. The secure processor according to claim 12, wherein the key authentication unit performs authentication of the public-key encryption key based on an attribute of the public-key encrypted key, a key signature of the public-key encrypted key, a signature verification key of the key signature, and a signature verification key signature of the signature verification key.
  - 14. The secure processor according to claim 1 wherein the secure hardware includes:
    - a key authentication unit configured to generate a public-key encrypted key of an instruction code;
      
      a page verification unit configured to verify the instruction code in units of pages;
      
      a license information generation unit configured to generate license information of the public-key encrypted key when the public-key encrypted key is authenticated by the key authentication unit and a page of the instruction code is verified by the page verification unit; and
      
      a key decryption unit configured to decrypt the public-key encrypted key, when the public-key encrypted key is authenticated by the key authentication unit and a page of the instruction code is verified by the page verification unit,wherein license information generated by the license information generation unit is stored by an executing program in the processor core, which requested authentication to the authentication unit, and the key decrypted by the key decryption unit is registered to the encryption key table.
  - 15. The secure processor according to claim 14, whereinthe key authentication unit performs authentication of the public-key encryption key based on an attribute of the public-key encrypted key, a key signature of the public-key encrypted key, a signature verification key of the key signature, and a signature verification key signature of the signature verification key, andthe page verification unit performs page verification based on the page signature of the instruction code.
  - 16. The secure processor according to claim 15, wherein the processor core executes only instruction code that is verified by the page verification unit.
  - 17. The secure processor according to claim 1, wherein the second program is a secure application program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Socionext Inc.
Original Assignee
Fujitsu Semiconductor Limited (Fujitsu Limited)
Inventors
Goto, Seiji
Primary Examiner(s)
LEE, JASON T

Application Number

US13/790,535
Publication Number

US 20130198526A1
Time in Patent Office

501 Days
Field of Search

713/187, 713/189
US Class Current

713/187
CPC Class Codes

G06F 12/145   the protection being virtua...

G06F 21/12   Protecting executable software

G06F 21/54   by adding security routines...

G06F 21/72   in cryptographic circuits

Secure processor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Secure processor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links