Secure processor and a program for a secure processor

US 9,536,110 B2
Filed: 11/27/2013
Issued: 01/03/2017
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A secure processor, comprisingan instruction execution circuit configured to execute an execution code of a process in a memory;

a secure process identifier generation circuit configured to generate a secure process identifier when an instruction to generate the process is issued;

a process information retention circuit configured to retain the secure process identifier and an authentication key for authentication of the execution code while the process is still present as information related to the process;

a translation look aside buffer including a page table entry of a page storing the execution code, the secure process identifier read from the process information retention circuit being set up in the page table entry when paging-in the execution code into the memory;

an authentication circuit configured to set a secure page flag in the page table entry when the execution code corresponding to the process is successfully authenticated using the authentication key, after the execution code corresponding to the process is stored in an unused page in the memory and the secure process identifier corresponding to an address of the unused page is stored in the page table entry; and

a memory access control circuit configured to compare the secure process identifier stored in the page table entry, in which the corresponding secure page flag is set, with the secure process identifier which is retained in the process information retention circuit, and to permit the instruction execution circuit to access the page in the memory where the execution code is stored and execute the execution code when the secure process identifier retained by the process information retention circuit matches the secure process identifier stored in the page table entry.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.

64 Citations

View as Search Results

14 Claims

1. A secure processor, comprisingan instruction execution circuit configured to execute an execution code of a process in a memory;
- a secure process identifier generation circuit configured to generate a secure process identifier when an instruction to generate the process is issued;
  
  a process information retention circuit configured to retain the secure process identifier and an authentication key for authentication of the execution code while the process is still present as information related to the process;
  
  a translation look aside buffer including a page table entry of a page storing the execution code, the secure process identifier read from the process information retention circuit being set up in the page table entry when paging-in the execution code into the memory;
  
  an authentication circuit configured to set a secure page flag in the page table entry when the execution code corresponding to the process is successfully authenticated using the authentication key, after the execution code corresponding to the process is stored in an unused page in the memory and the secure process identifier corresponding to an address of the unused page is stored in the page table entry; and
  
  a memory access control circuit configured to compare the secure process identifier stored in the page table entry, in which the corresponding secure page flag is set, with the secure process identifier which is retained in the process information retention circuit, and to permit the instruction execution circuit to access the page in the memory where the execution code is stored and execute the execution code when the secure process identifier retained by the process information retention circuit matches the secure process identifier stored in the page table entry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The secure processor according to claim 1, further comprising a secure process identifier elimination circuit configured to eliminate the secure process identifier which is generated and retained in the process information retention circuit when the process disappears.
  - 3. The secure processor according to claim 1, wherein the secure processor pages-in the execution code in a format in which authentication information is added.
  - 4. The secure processor according to claim 3, wherein the authentication information added to the execution code is information at a page unit in the memory.
  - 5. The secure processor according to claim 1, further comprising a direct memory access circuit configured to perform a calculation which is necessary for the authentication of the execution code in parallel with storing of the execution code in the memory, to retain the results of the calculation, and to give the results to the authentication circuit.
  - 6. The secure processor according to claim 1, further comprising:
    - a specific key for encryption/decryption which is specific to the processor; and
      
      an encryption processing circuit configured to perform encryption/decryption of information which includes a secure page flag and a secure process identifier stored in the page table entry and an address of a memory page storing an execution code, using the processor-specific key before evacuating the information to the outside or retrieving back the information from the outside.
  - 7. The secure processor according to claim 1, further comprising:
    - a specific key for encryption/decryption which is specific to the processor; and
      
      a falsification detection circuit configured to generate a falsification detection information for information which includes a secure page flag and a secure process identifier stored in the page table entry and an address of a memory page storing an execution code, using the processor-specific key when saving the information to the outside, or detecting falsification for the information using the processor-specific key when retrieving the information back from the outside.
  - 8. The secure processor according to claim 1, further comprising cores having respective instruction execution circuit and a cache:
    - a secure core configured to execute only the execution code which is authenticated, and a normal core configured to execute regular execution code which is not authenticated.
  - 9. The secure processor according to claim 8, wherein the normal core also executes the authenticated code in addition to the regular non-authenticated code.
  - 10. The secure processor according to claim 1, further comprising a mode specifying circuit configured to select either a secure mode in which the secure processor having the instruction execution circuit executes only the authenticated execution code or a normal mode in which the secure processor executes only the non authenticated regular execution code, and the secure processor executes either in the secure mode or in the normal mode in response to the selection by the mode specifying circuit.
  - 11. The secure processor according to claim 1, further comprising:
    - a key for encryption/decryption specific to the processor; and
      
      an encryption processing circuit configured to perform encryption/decryption of the information which contains the secure process identifier and is retained in the process information retention circuit, using the processor-specific key when evacuating the information to the outside or when retrieving the information back from the outside.
  - 12. The secure processor according to claim 1, further comprising:
    - a specific key which is specific to the processor; and
      
      a falsification detection circuit configured to generate falsification detection information for the information which contains the secure process identifier and is retained in the process information retention circuit using the processor-specific key when evacuating the information to the outside, to add the falsification detection information to the information, and to detect falsification of the information using the processor-specific key when retrieving the information back from the outside.

13. A non-transitory computer readable storage medium used by a computer when paging-in an execution code into a memory, storing a program for causing the computer to execute the following operations:
- generating a secure process identifier and retaining the secure process identifier by a process information retention circuit when an instruction to generate a process corresponding to the execution code is issued, prior to the execution of the process corresponding to the execution code;
  
  requesting a direct memory access mechanism in the computer to transfer a page storing the execution code in an unused page in a memory;
  
  setting up data regarding the page in a page table entry in a translation look aside buffer of the computer and storing the secure process identifier corresponding to an address of the unused page in the page table entry, after the page is transferred successfully;
  
  requesting hardware to perform authentication of the page and to set a secure page flag in the page table entry when the execution code corresponding to the process is successfully authenticated by using an authentication key after the execution code is stored in the unused page in the memory and the secure process identifier corresponding to an address of the unused page is stored in the page table entry; and
  
  comparing the secure process identifier retained by the process information retention circuit with the secure process identifier stored in the page table entry, in which the corresponding secure page flag is set, before an instruction execution circuit of the computer executes the execution code, and permitting the instruction execution circuit to execute the execution code when the secure process identifier retained by the process information retention circuit matches the secure process identifier stored in the page entry table.

14. A non-transitory computer readable storage medium used by a computer when a page including an execution code is authenticated, storing a program for causing the computer to execute the following operations:
- performing a hash calculation for the page read into a main memory from a secondary memory storing the page and a first electronic signature, the first electronic signature corresponding to the page;
  
  decrypting a second electronic signature stored in a storage circuit of a processor of the computer, the second electronic signature corresponding to the first electronic signature, by using an authentication key generated with a specific key retained inside the processor;
  
  comparing the decryption result of the second electronic signature with the result of the hash calculation; and
  
  setting a secure page flag, indicating that authentication of the page is successful, in a page table entry within a translation look aside buffer in the computer when the decryption result of the second electronic signature matches the result of the hash calculation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Socionext Inc.
Original Assignee
Socionext Inc.
Inventors
Goto, Seiji, Kamada, Jun, Tamiya, Taiji
Primary Examiner(s)
RAHIM, MONJUR

Application Number

US14/091,488
Publication Number

US 20140089681A1
Time in Patent Office

1,133 Days
Field of Search

713/190
US Class Current

1/1
CPC Class Codes

G06F 12/1027   using associative or pseudo...

G06F 12/1408   by using cryptography for d...

G06F 13/24   using interrupt G06F13/32 t...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/554   involving event detection a...

G06F 21/575   Secure boot

G06F 21/64   Protecting data integrity, ...

G06F 21/70   Protecting specific interna...

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/74   operating in dual or compar...

G06F 2212/1052   Security improvement

G06F 2212/682   Multiprocessor TLB consistency

Secure processor and a program for a secure processor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure processor and a program for a secure processor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links