Apparatus for providing a secure processing environment

Abstract

An apparatus for providing a secure processing environment is disclosed. In one embodiment, the apparatus includes a read / write memory for storing encrypted information. It also includes a processor, a cipherer and an authenticator. The cipherer is in communication with the read / write memory for receiving encrypted information therefrom and is configured to decrypt the encrypted information into decrypted information to be returned to the memory for subsequent use by the processor. The authenticator authenticates the decrypted information prior to use by the processor and re-authenticates the information prior to re-encryption by the cipherer.

Description

FIELD OF THE INVENTION[0001] The invention relates generally to security in programmed devices, and, more particularly, to an apparatus for providing a secure environment for processing confidential data and / or confidential programmed steps such as software and the like.BACKGROUND OF THE INVENTION[0002] The financial value of data and / or programmed instructions (e.g., software) is often dependent upon its general availability to the interested public. For example, if information in the form of data or programmed instructions is made available free of charge on the Internet, the commercial value of that information will quickly fall toward zero as few people will pay to receive something they can readily obtain for free. Thus, the desirability of maintaining the secrecy of data and / or programmed instructions with respect to all but paying purchasers of the secret information has long been known.[0003] There are many contexts in which the concept of deriving value from information by ...

AI Technical Summary

Benefits of technology

[0011] In accordance with an aspect of the invention, an apparatus for providing a secure processing environment is provided. The apparatus includes a read / write memory for storing information; a first processor cooperating with the read / write memory for reading information therefrom and writing information thereto; and a cipherer in communication with the read / write memory. The cipherer is configured to selectively decrypt encrypted information into decrypted information and to deliver the decrypted information to the read / write memory for subsequent use by the first processor. The apparatus is further provided with an authenticator for authenticating the decrypted information prior to use by the first processor.

Problems solved by technology

For example, most such systems employ one or more keys to encrypt broadcasted data in accordance with a mathematical algorithm that makes it very difficult to decrypt the data in a reasonable amount of time absent knowledge of the key used to encrypt the data.

These individuals spend considerable amounts of time attempting to frustrate or "hack" the security measures of these devices in an effort to usurp the commercial value of the secret information.

In other words, for a device to be deemed secure, an attacker having access to all information about the system except for the keys must still be unable to decrypt encrypted information in a reasonable amount of time.

One problem with limiting access to a memory is testability.

Another problem is limiting access to field deployed units while still allowing initial programming in the factory.

If a hacker is able to fool a device containing key material into entering the test mode, the hacker may potentially obtain full access to the stored key material thereby completely compromising the security of the device.

Regardless of which traditional method for defining the mode bit(s) is employed, if a hacker changes the state of the mode bit(s), the hacker can potentially cause the memory to unlock into the testing mode thereby compromising the key material it contains.

Images