Microprocessor that securely decrypts and executes encrypted instructions

US 8,880,902 B2
Filed: 10/29/2013
Issued: 11/04/2014
Est. Priority Date: 05/25/2010
Status: Active Grant

First Claim

Patent Images

1. A microprocessor that is operable to decrypt encrypted instruction data into plain text instruction data and securely execute the same, preventing observation of the encrypted instruction data outside the microprocessor, the microprocessor comprising:

a master key register file comprising a plurality of master keys;

selection logic circuitry that selects a combination of at least two of the plurality of master keys;

key expansion circuitry that performs at least one mathematical operation on the selected master keys to generate the decryption key;

instruction decryption circuitry that performs at least one mathematical operation on the encrypted instruction data and the decryption key to decrypt the encrypted instruction data into plain text instruction data; and

a fetch unit that fetches chunks of encrypted instruction data, wherein each chunk comprises a plurality of fetch quanta of encrypted instruction data, and each fetch quantum comprises a plurality of instruction data bytes, wherein each master key is at least as long as a fetch quantum of the fetch unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A microprocessor is provided with a method for decrypting encrypted instruction data into plain text instruction data and securely executing the same. The microprocessor includes a master key register file comprising a plurality of master keys. Selection logic circuitry in the microprocessor selects a combination of at least two of the plurality of master keys. Key expansion circuitry in the microprocessor performs mathematical operations on the selected master keys to generate a decryption key having a long effective key length. Instruction decryption circuitry performs an efficient mathematical operation on the encrypted instruction data and the decryption key to decrypt the encrypted instruction data into plain text instruction data.

Citations

24 Claims

1. A microprocessor that is operable to decrypt encrypted instruction data into plain text instruction data and securely execute the same, preventing observation of the encrypted instruction data outside the microprocessor, the microprocessor comprising:
- a master key register file comprising a plurality of master keys;
  
  selection logic circuitry that selects a combination of at least two of the plurality of master keys;
  
  key expansion circuitry that performs at least one mathematical operation on the selected master keys to generate the decryption key;
  
  instruction decryption circuitry that performs at least one mathematical operation on the encrypted instruction data and the decryption key to decrypt the encrypted instruction data into plain text instruction data; and
  
  a fetch unit that fetches chunks of encrypted instruction data, wherein each chunk comprises a plurality of fetch quanta of encrypted instruction data, and each fetch quantum comprises a plurality of instruction data bytes, wherein each master key is at least as long as a fetch quantum of the fetch unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The microprocessor of claim 1, wherein the key expansion circuitry performs a new mathematical operation on the selected master keys with every newly fetched quantum of encrypted instruction data bytes.
  - 3. The microprocessor of claim 1, wherein the selection logic selects a new combination of at least two of the plurality of master keys with every new chunk of encrypted instruction data fetched by the fetch unit.
  - 4. The microprocessor of claim 1, wherein the selection logic circuitry comprises a first multiplexer that selects a first master key from the master key register file and a second multiplexer that selects a second master key from the master key register file.
  - 5. The microprocessor of claim 1, wherein the selection logic circuitry uses a portion of the fetch address of the encrypted instruction data to select the master keys from the master key register file.
  - 6. The microprocessor of claim 1, wherein the key expansion circuitry selectively adds or subtracts two of the selected master keys.
  - 7. The microprocessor of claim 1, wherein the key expansion circuitry rotates at least one of the selected master keys by a shift amount.
  - 8. The microprocessor of claim 7, wherein the shift amount is a function of a fetch address of the instruction.
  - 9. The microprocessor of claim 8, wherein the shift amount is a function of a lowermost set of bits of a fetch address of a fetch quantum in which the instruction resides, so that the shift amount changes each time a new fetch quantum of encrypted instruction data is fetched.
  - 10. The microprocessor of claim 1, wherein the key expansion circuitry rotates one of the selected master keys by a shift amount and selectively adds or subtracts the rotated master key with another of the selected master keys.
  - 11. The microprocessor of claim 1, wherein the instruction decryption circuitry XORs the decryption key with the encrypted instruction data.

12. A method of securely executing encrypted instruction data within a microprocessor, the method comprising:
- selecting a combination of at least two master keys from a master key register file stored within the microprocessor;
  
  within the microprocessor, performing at least one mathematical operation on the selected master keys to generate the decryption key;
  
  within the microprocessor, decrypting the encrypted instruction data into plain text instruction data;
  
  securely executing the plain text instruction data within the microprocessor while preventing observation of the encrypted instruction data outside the microprocessor; and
  
  fetching chunks of encrypted instruction data, wherein each chunk comprises a plurality of fetch quanta of encrypted instruction data, and each fetch quantum comprises a plurality of instruction data bytes, wherein each master key is equal in length to a fetch quantum of the fetch unit.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, performing a new mathematical operation on the selected master keys with every newly fetched quantum of encrypted instruction data bytes.
  - 14. The method of claim 12, selecting a new combination of at least two of the plurality of master keys with every new chunk of encrypted instruction data fetched by the fetch unit.
  - 15. The method of claim 12, wherein selecting a combination of at least two master keys is performed by a first multiplexer that selects a first master key from the master key register file and a second multiplexer that selects a second master key from the master key register file.
  - 16. The method of claim 12, wherein selecting a combination of at least two master keys is performed using a portion of the fetch address of the encrypted instruction data to select the first and second master keys from the master key register file.
  - 17. The method of claim 12, wherein the at least one mathematical operation includes selectively adding or subtracting two of the selected master keys.
  - 18. The method of claim 12, wherein the at least one mathematical operation includes rotating at least one of the selected master keys by a shift amount.
  - 19. The method of claim 18, wherein the shift amount is a function of a fetch address of the instruction.
  - 20. The method of claim 19, wherein the shift amount is a function of a lowermost set of bits of a fetch address of a fetch quantum in which the instruction resides, so that the shift amount changes each time a new fetch quantum of encrypted instruction data is fetched.
  - 21. The method of claim 12, wherein the at least one mathematical operation includes rotating one of the master keys by a shift amount and selectively adding or subtracting the rotated master key with another of the selected master keys.
  - 22. The method of claim 12, wherein decrypting the encrypted instruction data is performed by exclusive-ORing the decryption key with the encrypted instruction data.

23. A method of securely executing encrypted instruction data within a microprocessor, the method comprising:
- fetching chunks of encrypted instruction data into the microprocessor, wherein each chunk comprises a plurality of fetch quanta;
  
  for each fetched chunk, receiving a plurality of keys securely within the microprocessor, wherein each key has a length at least as long as a length of a fetch quantum;
  
  for each fetch quantum, performing at least one key-expanding mathematical operation on the selected keys to generate a decryption key, wherein the key-expanding mathematical operation yields an effective decryption key length at least as long as the chunk;
  
  within the microprocessor, using the decryption key to decrypt the chunk of encrypted instruction data into plain text instruction data; and
  
  securely executing the plain text instruction data within the microprocessor while preventing observation of the encrypted instruction data outside the microprocessor; and
  
  wherein the key-expanding mathematical operation is a function of the fetch address of the fetch quantum.
- View Dependent Claims (24)
- - 24. The method of claim 23, wherein receiving a plurality of keys comprises selecting a plurality of keys as a function of the fetch address of the chunk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VIA Technologies Incorporated (VIA Technologies)
Original Assignee
VIA Technologies Incorporated (VIA Technologies)
Inventors
Henry, G. Glenn, Parks, Terry, Bean, Brent, Crispin, Thomas A.
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US14/066,428
Publication Number

US 20140195822A1
Time in Patent Office

371 Days
Field of Search

713/190
US Class Current

713/190
CPC Class Codes

G06F 12/0875   with dedicated cache, e.g. ...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2212/402   Encrypted data

G06F 2212/452   Instruction code

G06F 2221/2107   File encryption

G06F 9/30003   Arrangements for executing ...

G06F 9/30058   Conditional branch instruct...

G06F 9/30079   Pipeline control instructio...

G06F 9/30178   of compressed or encrypted ...

G06F 9/30189   according to execution mode...

H04L 2209/12   Details relating to cryptog...

H04L 2209/20   Manipulating the length of ...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/0827   involving distinctive inter...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894 : Escrow, recovery or storing...

View All

Microprocessor that securely decrypts and executes encrypted instructions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Microprocessor that securely decrypts and executes encrypted instructions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links