Methods and apparatus for secure data processing and transmission

US 7,502,928 B2
Filed: 11/12/2004
Issued: 03/10/2009
Est. Priority Date: 11/12/2004
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a local memory;

a bus operable to carry information to and from the local memory;

one or more arithmetic processing units operable to process data and operatively coupled to the local memory; and

a security circuit including a secret data area that is not accessible by devices outside the security circuit, the secret data area containing a first key and a second key, and the security circuit includes an accessible data area that is accessible by devices outside the security circuit, the security circuit being operable to;

place the apparatus into any of a plurality of operational modes, wherein the plurality of operational modes includes at least;

(i) a first mode whereby the apparatus and an external device are operable to initiate a transfer of information into or out of the local memory over the bus,(ii) a second mode whereby neither the apparatus nor the external device are operable to initiate a transfer of information into or out of the memory over the bus, and(iii) a third mode whereby the apparatus is operable to initiate a transfer of information into or out of the local memory over the bus, but the external device is not operable to initiate a transfer of information into or out of the local memory over the bus; and

place a copy of the first key in the accessible data area when the apparatus is in the second mode.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for placing a processing unit into one or more of a plurality of operational modes are disclosed wherein: the apparatus includes a local memory, a bus operable to carry information to and from the local memory, one or more arithmetic processing units operable to process data and operatively coupled to the local memory, and a security circuit operable to place the apparatus into the operational modes; and the plurality of operational modes includes a first mode whereby the apparatus and an external device may initiate a transfer of information into or out of the memory over the bus, a second mode whereby neither the apparatus nor the external device may initiate a transfer of information into or out of the memory over the bus, and a third mode whereby the apparatus may initiate a transfer of information into or out of the memory over the bus, but the external device may not initiate a transfer of information into or out of the memory over the bus.

17 Citations

View as Search Results

16 Claims

1. An apparatus, comprising:
- a local memory;
  
  a bus operable to carry information to and from the local memory;
  
  one or more arithmetic processing units operable to process data and operatively coupled to the local memory; and
  
  a security circuit including a secret data area that is not accessible by devices outside the security circuit, the secret data area containing a first key and a second key, and the security circuit includes an accessible data area that is accessible by devices outside the security circuit, the security circuit being operable to;
  
  place the apparatus into any of a plurality of operational modes, wherein the plurality of operational modes includes at least;
  
  (i) a first mode whereby the apparatus and an external device are operable to initiate a transfer of information into or out of the local memory over the bus,(ii) a second mode whereby neither the apparatus nor the external device are operable to initiate a transfer of information into or out of the memory over the bus, and(iii) a third mode whereby the apparatus is operable to initiate a transfer of information into or out of the local memory over the bus, but the external device is not operable to initiate a transfer of information into or out of the local memory over the bus; and
  
  place a copy of the first key in the accessible data area when the apparatus is in the second mode.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the security circuit places the apparatus into the second mode when the apparatus runs an authentication routine.
  - 3. The apparatus of claim 1, wherein:
    - the security circuit includes a secret data area that is not accessible by devices outside the security circuit, the secret data area containing a first key and a second key;
      
      the security circuit includes an accessible data area that is accessible by devices outside the security circuit; and
      
      the security circuit includes logic circuitry operable to place a copy of the first key in the accessible data area when the apparatus is in the second mode.
  - 4. The apparatus of claim 3, wherein the first key and the second key are stored in the secret data area in a controlled process whereby security is maintained prior to use of the apparatus.
  - 5. The apparatus of claim 3, wherein:
    - the security circuit places the apparatus into the second mode when the apparatus runs an authentication routine, which includes executing a decryption program and executing an authentication program, the authentication program including a copy of the second key, and the authentication program having been encrypted in accordance with the first key; and
      
      the apparatus executes the decryption program such that the copy of the first key contained in the accessible data area is used to decrypt the authentication program.
  - 6. The apparatus of claim 5, wherein:
    - the logic circuitry of the security circuit places a copy of the second key into the accessible data area in response to the execution of the authentication program; and
      
      the logic circuitry makes a determination as to whether the copy of the second key contained within the authentication program matches the copy of the second key contained in the accessible data area.
  - 7. The apparatus of claim 6, wherein the security circuit is operable to place the apparatus into the three modes of operation, the third mode being entered when the copy of the second key contained within the authentication program matches the copy of the second key contained in the accessible data area.
  - 8. The apparatus of claim 7, wherein the copies of the first and second keys contained in the accessible data area are cleared prior to the placement of the apparatus into the third mode.

9. A plurality of processing units disposed in a single device, at least two of the processing units comprising:
- a local memory;
  
  a bus operable to carry information to and from the local memory;
  
  one or more arithmetic processing units operable to process data and operatively coupled to the local memory; and
  
  a security circuit including a secret data area that is not accessible by devices outside the security circuit, the secret data area containing a first key and a second key, and the security circuit includes an accessible data area that is accessible by devices outside the security circuit, the security circuit being operable to;
  
  place the apparatus into the operational modes, wherein the plurality of operational modes includes at least;
  
  (i) a first mode whereby the apparatus and an external device are operable to initiate a transfer of information into or out of the memory over the bus,(ii) a second mode whereby neither the apparatus nor the external device are operable to initiate a transfer of information into or out of the memory over the bus, and(iii) a third mode whereby the apparatus is operable to initiate a transfer of information into or out of the local memory over the bus, but the external device is not operable to initiate a transfer of information into or out of the local memory over the bus; and
  
  place a copy of the first key in the accessible data area when the apparatus is in the second mode.

10. A method, comprising:
- placing an apparatus into at least one of a plurality of operational modes, wherein;
  
  the apparatus includes a local memory, a bus operable to carry information to and from the local memory, one or more arithmetic processing units operable to process data and operatively coupled to the local memory, and a security circuit operable to place the apparatus into the operational modes; and
  
  the plurality of operational modes includes at least;
  
  (i) a first mode whereby the apparatus and an external device are operable to initiate a transfer of information into or out of the memory over the bus,(ii) a second mode whereby neither the apparatus nor the external device are operable to initiate a transfer of information into or out of the memory over the bus, and(iii) a third mode whereby the apparatus is operable to initiate a transfer of information into or out of the local memory over the bus, but the external device is not operable to initiate a transfer of information into or out of the local memory over the bus,wherein the security circuit includes a secret data area that is not accessible by devices outside the security circuit, the secret data area containing a first key and a second key, and the security circuit includes an accessible data area that is accessible by devices outside the security circuit, and the method further comprises placing a copy of the first key in the accessible data area when the apparatus is in the second mode.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising placing the apparatus into the second mode when the apparatus runs an authentication routine.
  - 12. The method of claim 10, further comprising storing the first key and the second key in the secret data area in a controlled process whereby security is maintained prior to use of the apparatus.
  - 13. The method of claim 10, further comprising:
    - placing the apparatus into the second mode when the apparatus runs an authentication routine, wherein the routine includes executing a decryption program and executing an authentication program, the authentication program includes a copy of the second key, and the authentication program has been encrypted in accordance with the first key; and
      
      executing the decryption program such that the copy of the first key contained in the accessible data area is used to decrypt the authentication program.
  - 14. The method of claim 13, further comprising:
    - placing a copy of the second key into the accessible data area in response to the execution of the authentication program; and
      
      determining whether the copy of the second key contained within the authentication program matches the copy of the second key contained in the accessible data area.
  - 15. The method of claim 14, wherein any of the three modes may be entered, and the method further comprises placing the apparatus into the third mode when the copy of the second key contained within the authentication program matches the copy of the second key contained in the accessible data area.
  - 16. The method of claim 15, further comprising clearing the copies of the first and second keys contained in the accessible data area prior to the placement of the apparatus into the third mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Original Assignee
Sony Computer Entertainment Incorporated (Sony Group Corp.)
Inventors
Suzuoki, Masakazu, Hatakeyama, Akiyuki
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US10/985,354
Publication Number

US 20060112213A1
Time in Patent Office

1,579 Days
Field of Search

713/162, 713/164, 713/166, 711/100, 711/147, 711/148, 711/154
US Class Current

713/166
CPC Class Codes

G06F 21/72 in cryptographic circuits

G06F 21/74 operating in dual or compar...

Methods and apparatus for secure data processing and transmission

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for secure data processing and transmission

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links