Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-05-21
2003-12-23
Hua, Ly V. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C700S121000, C716S030000, C716S030000, C380S279000, C380S030000, C705S404000
Reexamination Certificate
active
06668326
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to secure processing devices generally, and particularly to smart cards which operate in conjunction with an external host, such as a set-top box.
BACKGROUND OF THE INVENTION
Smart cards are typically employed in systems such as pay television systems and telephone systems to provide access to various services. Typically, the smart cards include secure algorithms which, when executed, are operative to generate access codes or keys which allow access to the services.
However, smart cards are generally limited by their low capacity memories and low processing performance which become a limitation when heavy computation tasks are executed. In such a case, a memory in a smart card has to be emptied and loaded many times during execution of a heavy computation task. This generally has an effect on computation speed and on the output of data from the smart. The tradeoff between memory size and computation speed is well known in the art.
SUMMARY OF THE INVENTION
The present invention seeks to provide an improved method and system for performing heavy computation tasks in systems based on secure processors.
In the present invention a secure processor, such as a smart card processor comprised in a smart card, classifies or receives a classification of computation tasks as either real-time tasks or non-real-time tasks, and processes real-time computation tasks without interruption. However, non-real-time tasks, which are generally heavy computation tasks, are computed uninterrupted only as long as a new real-time task is not waiting to be processed.
If a non-real-time task is processed and a new real-time task which is waiting to be processed is detected, the smart card processor interrupts the processing of the non-real-time task, thus resulting in computation of only a portion of the non-real-time task, and starts processing the new real-time task. Interruption of processing is performed either in response to an internal instruction in the smart card processor, or in response to an instruction transmitted to the smart card processor by the host.
At the end of the processing of the portion of the heavy computation task, the smart card processor obtains a setting representation of settings of processing components of the smart card processor. The setting representation generally includes settings of at least one of the following processing components: a program counter; a register; a RAM; a stack pointer; and a stack.
The setting representation obtained at the end of the portion of the computation task is typically encrypted and is transmitted in an encrypted form to a memory external to the smart card for storage therein. The memory external to the smart card may be a memory in a host, such as a computer or a set-top box (STB), and the smart card typically communicates with the host and the host memory via a conventional smart card reader.
When the smart card processor is ready to resume computation of the heavy computation task, or when the smart card processor receives from the host an instruction to resume computation, the smart card processor retrieves the encrypted setting representation from the host memory, decrypts the encrypted setting representation, separates the decrypted setting representation to regenerate the settings of the processing components, and resumes computation of the heavy computation task by using the settings of the processing components as initial conditions for the rest of the heavy computation task.
The communication of setting representation between the smart card processor and the host memory is typically a two-way serial communication via serial ports included in the smart card and in the smart card reader.
There is thus provided in accordance with a preferred embodiment of the present invention a method for performing a computation task in a secure processor removably operatively associated with a host including a memory external to the secure processor, the method including:
computing a portion of the task in the secure processor;
obtaining a setting representation of settings of processing components of the secure processor at the end of the computing step;
transmitting the setting representation to the external memory;
retrieving the setting representation from the external memory;
providing the setting representation to the secure processor; and
resuming computation of the task in the secure processor by employing the setting representation.
Preferably, the secure processor is included in a smart card.
Further preferably, the setting representation includes settings of at least one of the following processing components: a program counter; a register; a RAM; a stack pointer; and a stack. The setting of the RAM preferably includes a representation of the RAM content. The setting of the stack preferably includes a representation of the stack content.
Additionally, the method also includes the steps of:
encrypting the setting representation prior to the transmitting step; and
decrypting the setting representation prior to the step of resuming computation.
Preferably, the step of providing includes the step of providing the setting representation to the secure processor in an encrypted form.
Additionally, the step of providing also includes the step of decrypting the setting representation prior to the step of resuming computation.
Preferably, the step of obtaining includes converting at least one of the settings of the processing components to a data bit stream.
Further preferably, the transmitting step includes:
combining data bit streams corresponding to the settings of the processing components to form a combined data bit stream; and
transmitting the combined data bit stream to the external memory.
The external memory is preferably included in a host including a set-top box (STB). Alternatively, the external memory is included in a host including a computer.
Preferably, the computation task is operative to provide conditional access to at least one service provided via the STB.
Additionally, the method also includes the step of:
deleting the setting representation from the external memory in response to a disrupting event.
Preferably, the step of deleting includes deleting the setting representation after a time-out period.
Additionally, the method also includes the step of determining the portion of the task prior to the computing step by determining an end of the portion of the task.
Preferably, the end of the portion of the task is determined in response to a hardware interrupt.
Preferably, the computing step includes:
computing the task in the secure processor until a hardware interrupt indicating a request to process a new real-time task is received at the secure processor; and
determining the portion of the task as a portion of the task computed until reception of the hardware interrupt indicating a request to process the new real-time task.
Further preferably, the computing step includes:
periodically checking whether a new computation task classified as a real-time task is waiting to be processed;
computing the task in the secure processor as long as a real-time task is not waiting to be processed; and
if a real-time task is waiting to be processed:
ceasing computation of the task when the real-time task waiting to be processed is detected; and
determining the portion of the task as a portion of the task computed until detection of the real-time task waiting to be processed.
Additionally, the method also includes the step of executing the real-time task waiting to be processed.
There is also provided in accordance with a preferred embodiment of the present invention a method for performing a computation task in a secure processor operatively associated with an external memory external to the secure processor, the method including:
computing at least a portion of the task in the secure processor;
obtaining a setting representation of settings of processing components of the secure processor at the end of the computing step; and
employing serial communication to transmit the setting repre
Sella Yaron
Shlissel Moshe
Hua Ly V.
Ladas & Parry
NDS Limited
LandOfFree
Context saving system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Context saving system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Context saving system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3184058