Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1997-09-02
2001-10-16
Barron, Jr., Gilberto (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C709S241000
Reexamination Certificate
active
06304970
ABSTRACT:
TECHNICAL FIELD
This invention relates to a hardware locking mechanism to limit access to code, data and devices to only when a computer system is executing trusted code.
DESCRIPTION OF THE PRIOR ART
Due to the recent explosive development of the internet and other wide ranging data communications, there is a growing interest in secure processor technology as a means to assure secure communications and transactions. To make these systems more useful, it is desirable to enable updating of internal persistent software (stored in FLASH or EEPROM memory), and to permit the loading of external application software into the system's RAM for execution. Enabling such updating and downloading, however, creates the problem that the introduction of intentionally or unintentionally hostile software could create an information leak, or grant access to controls for changing the contents of secret data or the FLASH.
Secure computing systems all have the problem of controlling access to various hardware and software objects so that only authorized software processes can access certain data or hardware. In most cases the design of the central processing unit can do this job adequately by use of common mechanisms such as a supervisor or high privilege state. However, if the operating system software has an unintentional hole in its coverage, or an intentional trapdoor or other unauthorized path, it may be possible for that software to access objects that it normally should not be able to access.
There is therefore a need to limit access to many components of a computer system, where the controlled access cannot be circumvented by hostile software running on the system.
SUMMARY OF THE INVENTION
This invention is a method to minimize the above risks by creating a system that can limit access to memory containing secret data, and to the signals that control the access to many parts of the system via hardware control that cannot be circumvented by software running on the system even if that software is intentionally hostile. By applying these techniques to a secure processor that is packaged in a secure enclosure, a very secure system can be developed.
By use of hardware locking devices, one can limit access to many objects, either to software that has been given access to a secret, like a key consisting of a string of bits; or access to code that runs at a particular time, e.g., the tested, trusted, unchangeable ROM (read only memory) code that must execute as the first thing each time the processor is reset.
Each of the locking devices function by means of adding an additional control signal required to access the protected hardware device. The protected devices may include, but are not limited to, random access memory devices (RAM), read only memory devices (ROM), erasable/re-writable read only memory devices (EEPROM or FLASH). Access can be controlled in either the read or write modes, or both. Virtually, any input/output (I/O) device or port that has conventional digital access controls can also have its access controlled in this manner.
Note that there does not need to be any special signal input to the protected device itself, except for the enable signal can be used. The control signal can be added to the standard address or function based control logic which is usually applied in standard design practice.
Accordingly, this invention is an apparatus for protecting access to code, data or devices of a computer system so that access can only be obtained when the processor of the system is executing trusted code. This invention comprises a state machine which is used to determine when the computer is in one of a number of trusted states, where each trusted state is defined as a state in which the computer executing trusted code in a correct context. The correct context conditions. One such condition could be the entry of a secret key. This invention also comprises a means for allowing access to the protected code, data or device when the system is determined to be in one of the trusted states. This invention will also prevent access to the protected code, data or devices when the computer exits one of the trusted states. By implication, this invention also includes the means for exiting the trusted state, which usually occurs after the processor has completed execution of the trusted code.
REFERENCES:
patent: 5027317 (1991-06-01), Pepera et al.
patent: 5113518 (1992-05-01), Durst, Jr. et al.
patent: 5398196 (1995-03-01), Chambers
patent: 5421006 (1995-05-01), Jablon et al.
patent: 5758182 (1998-05-01), Rosenthal et al.
patent: 5809544 (1998-09-01), Doresey et al.
patent: 5870543 (1999-02-01), Ronning
patent: 5887190 (1999-03-01), Priem et al.
patent: 5909595 (1999-06-01), Rosenthal et al.
Bizzaro Mario
Condorelli Vincenzo
Hack Michel Henri Theodore
Kravitz Jeffrey Kenneth
Lindemann Mark John
Barron Jr. Gilberto
Cameron Douglas W.
International Business Mcahines Corporation
Revak Christopher A.
LandOfFree
Hardware access control locking does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Hardware access control locking, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Hardware access control locking will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2610909