Security within integrated circuits

US 8,913,745 B2
Filed: 08/05/2013
Issued: 12/16/2014
Est. Priority Date: 06/24/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A machine-implemented method for hindering detection of secret information unintentionally leaked from a secret held in a memory unit, the method comprising:

storing the secret information in a location within the memory unit;

episodically re-deriving the secret information by performing the following;

retrieving a first key from a location in a second memory unit;

generating a second key;

performing one of;

decrypting the secret information with the first key and encrypting it with the second key; and

deobfuscating the secret information with the first key and obfuscating it again with the second key; and

storing the second key in the second location in memory; and

storing the re-derived secret information at the location within the memory unit,wherein the episodic re-deriving of the secret information causes an episodic change of physical contents of the memory unit holding the secret information, thereby causing the secret information unintentionally leaked from the memory unit to vary over time causing any detector of leaked information requiring long collection times which are longer than feasible to receive an average of the leaked information, the average of the leaked information not revealing the leaked information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for hindering detection of information unintentionally leaked from a secret held in a memory unit is described, the method including receiving a triggering event waiting for at least a first amount of time to pass after the receipt of the triggering event, the memory unit being in a non-operational state during the at least a first amount of time after the at least a first amount of time has passed, changing at least one first condition under which the memory unit operates, thereby causing the memory unit to enter an operational state, waiting for a second amount of time to pass after the changing at least one first condition, and changing, after the second amount of time, at least one second condition under which the memory unit operates, thereby causing the memory unit to enter the non-operational state, wherein access to the secret information is enabled only during the second amount of time, and detection of secret information unintentionally leaked is limited during the first amount of time. Related apparatus and methods are also described.

Citations

12 Claims

1. A machine-implemented method for hindering detection of secret information unintentionally leaked from a secret held in a memory unit, the method comprising:
- storing the secret information in a location within the memory unit;
  
  episodically re-deriving the secret information by performing the following;
  
  retrieving a first key from a location in a second memory unit;
  
  generating a second key;
  
  performing one of;
  
  decrypting the secret information with the first key and encrypting it with the second key; and
  
  deobfuscating the secret information with the first key and obfuscating it again with the second key; and
  
  storing the second key in the second location in memory; and
  
  storing the re-derived secret information at the location within the memory unit,wherein the episodic re-deriving of the secret information causes an episodic change of physical contents of the memory unit holding the secret information, thereby causing the secret information unintentionally leaked from the memory unit to vary over time causing any detector of leaked information requiring long collection times which are longer than feasible to receive an average of the leaked information, the average of the leaked information not revealing the leaked information.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1 and wherein the memory unit comprises one of:
    - a register; and
      
      random access memory.
  - 3. The method according to claim 1 wherein the re-deriving the secret information comprises a XOR-ing the secret information with one of a random number;
    - and a pseudo-random number.
  - 4. The method according to claim 1 and wherein the episodically re-deriving the secret information is performed at time intervals dependent on a timing mechanism which is tamper resistant.
  - 5. The method according to claim 4 and wherein the time intervals are random time intervals.
  - 7. The method according to claim 1 and wherein the secret information comprised in the memory unit is comprised in the memory unit in an obfuscated form.
  - 8. The method according to claim 7 and wherein the obfuscation comprises cryptographic obfuscation.
  - 9. The method according to claim 1 and wherein the second memory location comprises one of:
    - a register; and
      
      RAM.
  - 10. The method according to claim 1 wherein the deobfuscating the secret information with the first key and obfuscating it again with the second key comprises a XOR-ing the secret information with a pseudo-random number.
  - 11. The method according to claim 1 wherein the deobfuscating the secret information with the first key and obfuscating it again with the second key comprises holding the secret information in a shift register which is changed each time the register is clocked, and the first and second keys comprise the number of fast shifts of the shift register which are required to restore every bit of the original secret information.
  - 12. The method according to claim 1 wherein the episodically re-deriving the secret information comprises episodically changing each bit of the secret information.

6. A system for hindering detection of secret information unintentionally leaked from a secret held in a memory unit, the system comprising:
- a secret information store which stores the secret information in a location within the memory unit;
  
  an episodic secret information re-deriver, the re-deriver comprising;
  
  a second memory location storing a first key;
  
  a key generator which generates a second key;
  
  a processor operative to perform one of;
  
  decrypt the secret information with the first key and encrypt it with the second key; and
  
  deobfuscate the secret information with the first key and obfuscate it again with the second key; and
  
  the second memory location then storing the second key; and
  
  the secret information store being operative to store the re-derived secret information at the location within the memory unit,wherein the episodic re-deriving of the secret information causes an episodic change of physical contents of the memory unit holding the secret information, thereby causing the secret information unintentionally leaked from the memory unit to vary over time causing any detector of leaked information requiring long collection times which are longer than feasible to receive an average of the leaked information, the average of the leaked information not revealing the leaked information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Shen-Orr, Chaim, Shkedy, Zvi, Elbaum, Reuven, Shlomovich, Yonatan, Shapiro, Yigal, Belenky, Yaacov, Levy, Yaakov (Jordan), Sumner, Reuben, Mantin, Itsik
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US13/958,986
Publication Number

US 20130326632A1
Time in Patent Office

498 Days
Field of Search

None
US Class Current

380/262
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/79   in semiconductor storage me...

H04L 9/003   for power analysis, e.g. di...

Security within integrated circuits

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Security within integrated circuits

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links