Method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program
First Claim
1. A method for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
- receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address is determinable prior to a time in which the microprocessor runs the unencrypted program;
obtaining chunk information;
dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct;
replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than a chunk in which a conventional branch instruction resides with a branch and switch key instruction that includes distinct key reference and branch information fields, the key reference field referencing a set of encryption keys for encrypting a targeted chunk, and the branch information field including information for computing a target address; and
encrypting the unencrypted program based on the chunk information and the branch and switch key instruction.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for encrypting a program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program includes receiving an object file specifying an unencrypted program that includes conventional branch instructions whose target address may be determined pre-run time. The method also includes analyzing the program to obtain chunk information that divides the program into a sequence of chunks each comprising a sequence of instructions and that includes encryption key data associated with each of the chunks. The encryption key data associated with each of the chunks is distinct. The method also includes replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than the chunk in which the conventional branch instruction resides with a branch and switch key instruction. The method also includes encrypting the program based on the chunk information.
-
Citations
18 Claims
-
1. A method for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address is determinable prior to a time in which the microprocessor runs the unencrypted program; obtaining chunk information; dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than a chunk in which a conventional branch instruction resides with a branch and switch key instruction that includes distinct key reference and branch information fields, the key reference field referencing a set of encryption keys for encrypting a targeted chunk, and the branch information field including information for computing a target address; and encrypting the unencrypted program based on the chunk information and the branch and switch key instruction. - View Dependent Claims (2, 3)
-
-
4. A method, for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address is determinable prior to a time in which the microprocessor runs the unencrypted program; obtaining chunk information; dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than a chunk in which a conventional branch instruction resides with a branch and switch key instruction; for each block of instruction data of each of the chunks, generating an encryption key based on the encryption key data associated with the chunk and a portion of a memory address of a block by; selecting first and second key values from the encryption key data based on a first portion of the memory address; rotating the first key value based on a second portion of the memory address; adding or subtracting the rotated first key value to or from the second key value based on a third portion of the memory address to generate the encryption keys; for each block, performing a Boolean exclusive-OR (XOR) operation of the block with the generated encryption key. - View Dependent Claims (5)
-
-
6. A method, for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address is determinable prior to a time in which the microprocessor runs the unencrypted program; obtaining chunk information; dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than a chunk in which a conventional branch instruction resides with a branch and switch key instruction; and encrypting the unencrypted program based on the chunk information and the branch and switch key instruction through a process that comprises; for each block of instruction data of each of the chunks, generating an encryption key based on the encryption key data associated with the chunk and a portion of a memory address of a block; and performing a Boolean exclusive-OR (XOR) operation of the block with the generated encryption key; wherein the encryption key data includes K key values, a width of the encryption key and each of the K key values is W bytes, and P is a percentage of possible key combinations of the K key values used, wherein said generating the encryption key based on the encryption key data associated with the chunk and a portion of a memory address of the block yields an effective encryption key length of P×
W2×
(K!/(2×
(K−
2)!)) bytes.
-
-
7. A method for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address is determinable only at a time in which the microprocessor runs the unencrypted program; obtaining chunk information; dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions with a branch and switch key instruction that includes distinct key reference and branch information fields, the key reference field referencing a set of encryption keys for encrypting a targeted chunk, and the branch information field including information for computing a target address; and encrypting the unencrypted program based on the chunk information and the branch and switch key instruction. - View Dependent Claims (8, 9, 10)
-
-
11. A method, for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address is determinable only at a time in which the microprocessor runs the unencrypted program; obtaining chunk information; dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions with a branch and switch key instruction; and for each block of instruction data of each of the chunks, generating an encryption key based on the encryption key data associated with a chunk and a portion of a memory address of a block by; selecting first and second key values from the encryption key data based on a first portion of the memory address; rotating the first key value based on a second portion of the memory address; adding or subtracting the rotated first key value to or from the second key value based on a third portion of the memory address to generate the encryption keys; for each block, performing a Boolean exclusive-OR (XOR) operation of the block with the generated encryption key. - View Dependent Claims (12)
-
-
13. A method, for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the method comprising:
-
receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address is determinable only at a time in which the microprocessor runs the unencrypted program; obtaining chunk information; dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; replacing each of the conventional branch instructions with a branch and switch key instruction; and encrypting the unencrypted program based on the chunk information and the branch and switch key instruction through a process that comprises; for each block of instruction data of each of the chunks, generating an encryption key based on the encryption key data associated with the chunk and a portion of a memory address of a block; and performing a Boolean exclusive-OR (XOR) operation of the block with the generated encryption key;
wherein the encryption key data includes K key values, a width of the encryption key and each of the K key values is W bytes, and P is a percentage of possible key combinations of the K key values used, wherein said generating the encryption key based on the encryption key data associated with the chunk and a portion of a memory address of the block yields an effective encryption key length of P×
W2×
(K!/(2×
(K−
2)!)) bytes.
-
-
14. A computer program product encoded in at least one non-transitory computer usable medium for use with a computing device, the computer program product comprising:
-
computer usable program code embodied in said medium, for specifying a method for encrypting an unencrypted program for subsequent execution by a microprocessor configured to decrypt and execute the encrypted program, the computer usable program code comprising; first program code for receiving an object file specifying the unencrypted program that includes conventional branch instructions whose target address may be determined is determinable prior to the time in which the microprocessor runs the unencrypted program; second program code for obtaining chunk information, dividing the unencrypted program into a sequence of chunks, wherein each of the chunks comprises a sequence of instructions, wherein the chunk information further comprises encryption key data associated with each of the chunks, wherein the encryption key data associated with each of the chunks is distinct; third program code for replacing each of the conventional branch instructions that specifies a target address that is within a different chunk than a chunk in which a conventional branch instruction resides with a branch and switch key instruction; and fourth program code for generating an encryption key based on the encryption key data, for each block of instruction data for each of the chunks, by; selecting first and second key values from the encryption key data based on a first portion of the memory address; rotating the first key value based on a second portion of the memory address; and adding or subtracting the rotated first key value to or from the second key value based on a third portion of the memory address to generate the encryption key; performing a Boolean exclusive-OR (XOR) operation of a block with the generated encryption key. - View Dependent Claims (15, 16, 17, 18)
-
Specification