Cryptographic processing apparatus, cryptographic processing system, and cryptographic processing method

US 9,411,984 B2
Filed: 10/07/2014
Issued: 08/09/2016
Est. Priority Date: 04/28/2014
Status: Active Grant

First Claim

Patent Images

1. A cryptographic processing apparatus for encrypting and decrypting data, the cryptographic processing apparatus comprising:

a key data storage area storing a plurality of pieces of key data used for encryption and/or decryption;

a mode setting circuit configured to set, for at least one of the plurality of pieces of key data stored in the key data storage area, a process mode of either of an encryption process or a decryption process in association with the stored at least one key data; and

a process limitation circuit operable to;

receive a mode specifying command specifying a process mode of either an encryption process or a decryption process in association with key data from another apparatus;

compare the process mode specified by the mode specifying command to the process mode associated with the stored at least one key data;

when, based on the compare, the received process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the mode setting circuit are determined to coincide with each other, permit performing a process corresponding to the process mode specified by the mode specifying command using the stored at least one key data; and

when, based on the compare, the process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the mode setting circuit are determined to not coincide with each other, prevent performing the process corresponding to the process mode specified by the mode specifying command using the stored at least one key data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process mode of either of an encryption process and a decryption process is set for at least one of a plurality of pieces of key data, in association with the key data. Then, a mode specifying command for specifying a process mode in association with key data is received from another apparatus, and if the received process mode and the process mode associated with the key data coincide with each other, the process in the process mode using the key data is permitted.

Citations

13 Claims

1. A cryptographic processing apparatus for encrypting and decrypting data, the cryptographic processing apparatus comprising:
- a key data storage area storing a plurality of pieces of key data used for encryption and/or decryption;
  
  a mode setting circuit configured to set, for at least one of the plurality of pieces of key data stored in the key data storage area, a process mode of either of an encryption process or a decryption process in association with the stored at least one key data; and
  
  a process limitation circuit operable to;
  
  receive a mode specifying command specifying a process mode of either an encryption process or a decryption process in association with key data from another apparatus;
  
  compare the process mode specified by the mode specifying command to the process mode associated with the stored at least one key data;
  
  when, based on the compare, the received process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the mode setting circuit are determined to coincide with each other, permit performing a process corresponding to the process mode specified by the mode specifying command using the stored at least one key data; and
  
  when, based on the compare, the process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the mode setting circuit are determined to not coincide with each other, prevent performing the process corresponding to the process mode specified by the mode specifying command using the stored at least one key data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The cryptographic processing apparatus according to claim 1, whereinthe at least one key data associated with the process mode of either of the encryption process or the decryption process is key data of a common key that can be used in the encryption process and the decryption process.
  - 3. The cryptographic processing apparatus according to claim 1, whereinthe at least one key data is written to the key data storage area when the cryptographic processing apparatus is started, andthe mode setting circuit sets a process mode corresponding to the written key data when the cryptographic processing apparatus is started.
  - 4. The cryptographic processing apparatus according to claim 1, whereinthe at least one key data is written to the key data storage area by execution of secure system firmware, anda process mode corresponding to the written key data is set in the mode setting circuit by execution of the system firmware.
  - 5. The cryptographic processing apparatus according to claim 4, whereinthe system firmware is a boot program stored in a boot ROM.
  - 6. The cryptographic processing apparatus according to claim 1, whereinif the process mode specified by the received mode specifying command and the process mode set in the mode setting circuit do not coincide with each other, the process limitation circuit erases the key data to be used in the process mode from the key data storage area.
  - 7. The cryptographic processing apparatus according to claim 1, whereinif the process mode specified by the received mode specifying command and the process mode set in the mode setting circuit do not coincide with each other, the process limitation circuit discards the mode specifying command.
  - 8. The cryptographic processing apparatus according to claim 1, further comprising a dummy key data storage area configured to store dummy key data different from the plurality of pieces of key data, whereinif the process mode specified by the received mode specifying command and the process mode set in the mode setting circuit do not coincide with each other, the process limitation circuit performs control for processing data in the process mode using the dummy key data in a processing circuit.
  - 9. The cryptographic processing apparatus according to claim 1, whereinif the process mode specified by the received mode specifying command and the process mode set in the mode setting circuit do not coincide with each other, the process limitation circuit refuses to receive data input to be processed in the process mode.
  - 10. The cryptographic processing apparatus according to claim 1, whereinif the process mode specified by the received mode specifying command and the process mode set in the mode setting circuit do not coincide with each other, the process limitation circuit outputs, as data processed in the process mode, data generated by a process different from the process of the processing mode.

11. A cryptographic processing apparatus for encrypting and decrypting data, the cryptographic processing apparatus comprising:
- a key data storage area storing key data used for encryption and/or decryption;
  
  a mode setting circuit operable to set, for at least one of the key data stored in the key data storage area, a process mode of either of an encryption process or a decryption process in association with the at least one key data; and
  
  a process limitation circuit operable to;
  
  receive a mode specifying command specifying a process mode of either an encryption process or a decryption process from another apparatus;
  
  compare the process mode specified by the mode specifying command to the process mode associated with the stored at least one key data;
  
  when, based on the compare, the process mode specified by the mode specifying command and the process mode set in the mode setting circuit are determined to coincide with each other, permit performing a process corresponding to the process mode specified by the mode specifying command using the stored at least one key data associated with the process mode; and
  
  when, based on the compare, the process mode specified by the mode specifying command and the process mode set in the mode setting circuit are determined to not coincide with each other, prevent performing the process corresponding to the process mode specified by the mode specifying command using the stored at least one key data associated with the process mode.

12. A cryptographic processing system including a cryptographic processing apparatus for encrypting and decrypting data and system firmware for controlling the cryptographic processing apparatus, the cryptographic processing apparatus comprising:
- a key data storage area storing a plurality of pieces of key data used for encryption and/or decryption are written by the system firmware;
  
  a mode setting circuit setting, for at least one of the plurality of pieces of key data stored in the key data storage area, a process mode of either of an encryption process or a decryption process in association with the at least one key data; and
  
  a process limitation circuit operable to;
  
  receive a mode specifying command specifying a process mode of either an encryption process or a decryption process in association with key data from another apparatus;
  
  compare the process mode specified by the mode specifying command to the process mode associated with the stored at least one key data;
  
  when, based on the compare, the process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the mode setting circuit are determined to coincide with each other, permit performing a process corresponding to the process mode specified by the mode specifying command using the stored at least one key data; and
  
  when, based on the compare, the process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the mode setting circuit are determined to not coincide with each other, prevent performing the process corresponding to the process mode specified by the mode specifying command using the stored at least one key data.

13. A cryptographic processing method for encrypting and decrypting data, the cryptographic processing method comprising:
- storing in a storage area a plurality of pieces of key data used for encryption and/or decryption;
  
  setting, for at least one of the plurality of pieces of key data stored in the storage area, a process mode of either of an encryption process or a decryption process in association with the stored at least one key data; and
  
  receiving a mode specifying command specifying a process mode of either an encryption process or a decryption process in association with key data from another apparatus;
  
  compare the process mode specified by the mode specifying command to the process mode associated with the stored at least one key data;
  
  when, based on the compare, the process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the setting in association with the key data are determined to coincide with each other, permitting performing a process corresponding to the process mode specified by the mode specifying command using the stored at least one key data; and
  
  when, based on the compare, the process mode specified by the mode specifying command and the process mode associated with the stored at least one key data set in the setting in association with the key data are determined to not coincide with each other, preventing performing the process corresponding to the process mode specified by the mode specifying command using the stored at least one key data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nintendo Company Limited
Original Assignee
Nintendo Company Limited
Inventors
Shirai, Tatsuhiro
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US14/508,058
Publication Number

US 20150310230A1
Time in Patent Office

672 Days
Field of Search

713/189
US Class Current

1/1
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/72   in cryptographic circuits

G06F 21/74   operating in dual or compar...

H04L 9/0894   Escrow, recovery or storing...

Cryptographic processing apparatus, cryptographic processing system, and cryptographic processing method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic processing apparatus, cryptographic processing system, and cryptographic processing method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links