Computational system

US 9,195,857 B2
Filed: 09/30/2013
Issued: 11/24/2015
Est. Priority Date: 09/30/2013
Status: Active Grant

First Claim

Patent Images

1. A computational system configured to protect against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked, wherein the critical resource is configured to intermittently transmit a polling value to the processing unit, the processing unit being configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource, and the critical resource being configured to check the response value for correctness so as to obtain a check result, and subject controllability of the critical resource by the processing unit to a dependency on the check result, andwherein the critical resource comprises a register, the critical resource being configured to read the polling value for a first polling value for a first transmission to the processing unit from the register and to write back to the register the response value sent to the critical resource in response to the polling value for the first polling value, wherein the response value received in response to the polling value for the first polling value serves as a next polling value for a next transmission to the processing unit,wherein the processing unit is configured to control the critical resource so as to be locked when the critical resource is not required for an operation of the computational system, and unlocked when the critical resource is required for the operation of the computational system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computational system is configured to protect against integrity violation. The computational system includes a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked. The critical resource is configured to intermittently transmit a polling value to the processing unit, and the processing unit is configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource. The critical resource is configured to check the response value on correctness so as to obtain a check result, and subject the controllability to a dependency on the check result.

Citations

17 Claims

1. A computational system configured to protect against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked, wherein the critical resource is configured to intermittently transmit a polling value to the processing unit, the processing unit being configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the critical resource, and the critical resource being configured to check the response value for correctness so as to obtain a check result, and subject controllability of the critical resource by the processing unit to a dependency on the check result, andwherein the critical resource comprises a register, the critical resource being configured to read the polling value for a first polling value for a first transmission to the processing unit from the register and to write back to the register the response value sent to the critical resource in response to the polling value for the first polling value, wherein the response value received in response to the polling value for the first polling value serves as a next polling value for a next transmission to the processing unit,wherein the processing unit is configured to control the critical resource so as to be locked when the critical resource is not required for an operation of the computational system, and unlocked when the critical resource is required for the operation of the computational system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computational system according to claim 1, wherein the critical resource is configured to initiate the transmission of the polling value to the processing unit upon receipt of a command from the processing unit controlling the critical resource so as to unlock.
  - 3. The computational system according to claim 1, wherein the controllability of the critical resource by the processing unit is subject to a dependency on the check result of the response value of a sequence of polling values.
  - 4. The computational system according to claim 1, wherein the controllability of the critical resource by the processing unit is subject to a dependency on the check result of the response value of a sequence of polling values, wherein the critical resource comprises a plurality of registers and is configured to read different polling values of the sequence of polling values from different registers.
  - 5. The computational system according to claim 1, wherein the critical resource is configured to intermittently change a storage content of the register.
  - 6. The computational system according to claim 1, wherein the critical resource is configured to intermittently change a storage content of the register using a random or pseudo-random sequence of values.
  - 7. The computational system according to claim 1, wherein the processing unit is configured to sequentially change the transformation in a deterministic manner.
  - 8. The computational system according to claim 1, wherein the critical resource is configured to count a number of accesses of the processing unit to the critical resource during the critical resource being unlocked, so as to automatically lock upon the number of accesses exceeding a predetermined value.
  - 9. The computational system according to claim 1, wherein the critical resource is configured to measure a time duration of the critical resource being unlocked, so as to automatically lock upon the time duration exceeding a predetermined value.

10. A method for protecting a computational system against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked, wherein the method comprises:
- intermittently transmitting a polling value from the critical resource to the processing unit;
  
  applying a transformation onto the polling value so as to obtain a response value;
  
  sending the response value from the processing unit back to the critical resource;
  
  checking the response value for correctness so as to obtain a check result;
  
  subjecting controllability of the critical resource by the processing unit to a dependency on the check result;
  
  reading the polling value of a first polling value for a first transmission to the processing unit from a register and writing back to the register the response value sent to the critical resource in response to the polling value for the first polling value, wherein the response value received in response to the polling value for the first polling value serves as a next polling value for a next transmission to the processing unit; and
  
  wherein the processing unit is configured to control the critical resource so as to be locked when the critical resource is not required for an operation of the computational system, and unlocked when the critical resource is required for the operation of the computational system.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method according to claim 10, comprising:
    - initiating the transmission of the polling value to the processing unit upon receipt of a command from the processing unit controlling the critical resource so as to unlock.
  - 12. The method according to claim 10, comprising:
    - subjecting the controllability of the critical resource by the processing unit to a dependency on the check result of the response value of a sequence of polling values.
  - 13. The method according to claim 10, wherein the critical resource comprises a plurality of registers, wherein the method comprises:
    - subjecting the controllability of the critical resource by the processing unit to a dependency on the check result of the response value of a sequence of polling values; and
      
      reading different polling values of the sequence of polling values from different registers.
  - 14. The method according to claim 10, wherein subjecting the controllability of the critical resource by the processing unit to a dependency on the check result comprises counting a number of accesses of the processing unit to the critical resource during the critical resource being unlocked, so as to automatically lock upon the number of accesses exceeding a predetermined value.
  - 15. The method according to claim 10, wherein subjecting the controllability of the critical resource by the processing unit to a dependency on the check result comprises measuring a time duration of the critical resource being unlocked, so as to automatically lock upon the time duration exceeding a predetermined value.

16. A non-transitory computer-readable storage medium storing program instructions which when executed by a computational system protects the computational system against integrity violation, the computational system comprising a processing unit and a critical resource, the critical resource being controllable by the processing unit so as to be locked or unlocked, the program instructions comprising:
- first program code for causing the computational system to execute processing of intermittently transmitting a polling value from the critical resource to the processing unit;
  
  second program code for causing the computational system to execute processing of applying a transformation onto the polling value so as to obtain a response value;
  
  third program code for causing the computational system to execute processing of sending the response value from the processing unit back to the critical resource;
  
  forth fourth program code for causing the computational system to execute processing of checking the response value for correctness so as to obtain a check result; and
  
  fifth program code for causing the computational system to execute processing of subjecting controllability of the critical resource by the processing unit to a dependency on the check result;
  
  sixth program code for reading the polling value of a first polling value for a first transmission to the processing unit from a register and for writing back to the register the response value sent to the critical resource in response to the polling value for the first polling value, wherein the response value received in response to the polling value for the first polling value serves as a next polling value for a next transmission to the processing unit; and
  
  wherein the processing unit is configured to control the critical resource so as to be locked when the critical resource is not required for an operation of the computational system, and unlocked when the critical resource is required for the operation of the computational system.

17. An integrated chip comprising a central processing unit and a cryptographic peripheral, the cryptographic peripheral being controllable by the central processing unit so as to be locked or unlocked,wherein the cryptographic peripheral is configured to intermittently transmit a polling value to the central processing unit, the central processing unit being configured to apply a transformation onto the polling value so as to obtain a response value and send the response value back to the cryptographic peripheral, and the cryptographic peripheral being configured to check the response value for correctness so as to obtain a check result, and subject controllability of the cryptographic peripheral by the central processing unit to a dependency on the check result,wherein the central processing unit is configured to control the cryptographic peripheral so that the cryptographic peripheral is locked when the cryptographic peripheral is not required by a program executed on the central processing unit, and unlocked when the cryptographic peripheral is required by the program executed on the central processing unit, andwherein the cryptographic peripheral comprises a register, the cryptographic peripheral being configured to read the polling value of a first polling value for a first transmission to the processing unit from the register and to write back to the register the response value sent to the cryptographic peripheral in response to the polling value for the first polling value, wherein the response value received in response to the polling value for the first polling value serves as a next polling value for a next transmission to the processing unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
Gammel, Berndt, Felicijan, Tomaz, Mangard, Stefan
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
LYNCH, SHARON S

Application Number

US14/040,840
Publication Number

US 20150095660A1
Time in Patent Office

785 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 2221/2103   Challenge-response

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 9/004   for fault attacks

Computational system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Computational system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links