Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
1998-09-25
2002-08-20
Thai, Tuan V. (Department: 2186)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
C711S164000, C711S154000, C711S103000
Reexamination Certificate
active
06438666
ABSTRACT:
FIELD OF THE INVENTION
The invention relates generally to security in programmed devices, and, more particularly, to a method and apparatus for controlling access to confidential data stored in a memory.
BACKGROUND OF THE INVENTION
The financial value of data and/or programmed instructions (e.g., software) is often dependent upon its general availability to the interested public. For example, if information in the form of data or programmed instructions is made available free of charge on the Internet, the commercial value of that information will quickly fall toward zero as few people will pay to receive something they can readily obtain for free. Thus, the desirability of maintaining the secrecy of data and/or programmed instructions with respect to all but paying purchasers of the secret information has long been known.
There are many contexts in which the concept of deriving value from information by limiting access thereto has been exploited. For example, conditional access broadcasting networks such as cable television networks and, more recently, direct satellite broadcasting networks are based on the premise of limiting access to broadcasted information to paying subscribers. Even more recently, the idea of limiting access to broadcasted data has been expanded to the computer networking context by Hughes Network Systems' DirecPC™ product. The DirecPC™ product broadcasts requested information to a requesting computing device (typically, a personal computer) via a satellite as a means to expedite information delivery from the Internet.
Most such broadcasting systems employ one or more cryptographic techniques to control access to the broadcasted information. For example, most such systems employ one or more keys to encrypt broadcasted data in accordance with a mathematical algorithm that makes it very difficult to decrypt the data in a reasonable amount of time absent knowledge of the key used to encrypt the data. An explanation of many such cryptographic techniques including an explanation of the Data Encryption Standard (DES) algorithm that is frequently employed to encrypt broadcasted information is contained in Schneier, Applied Cryptography, (Second Ed. 1996), which is hereby incorporated in its entirety by reference.
The need to protect the secrecy of information is not limited to the broadcasting context. There are many applications wherein it is important from, for example, a commercial standpoint to maintain the secrecy of information as it is locally processed by a personal computer. By way of example, not limitation, in some applications it is desirable to permit processing of secret data while maintaining the secrecy of the data to the outside world. By way of another example, in some instances it is desirable to permit secret execution of programmed instructions (e.g., software) within a processor without permitting access to the decrypted instructions themselves outside of the processor.
Various devices have been developed for maintaining the secrecy of information. However, since the secret information protected by these devices often have significant commercial value, a sub-culture of individuals commonly referred to as “hackers” has developed. These individuals spend considerable amounts of time attempting to frustrate or “hack” the security measures of these devices in an effort to usurp the commercial value of the secret information. The hackers have had varying levels of success in their efforts. Accordingly, there is a need for an improved, more flexible, apparatus for providing a secure environment for processing information which achieves a higher level of security against hackers than known devices. In addition, there is a need for such an apparatus that overcomes memory limitations inherent in secure devices and whose software can be upgraded in the field.
It is a well known assumption of accepted cryptographic practice that secrecy must reside entirely in the keys of the system. In other words, for a device to be deemed secure, an attacker having access to all information about the system except for the keys must still be unable to decrypt encrypted information in a reasonable amount of time. Thus, the secrecy of the key material is of paramount importance in a device for providing a secure environment.
To this end, devices for encrypting, decrypting and/or maintaining the secrecy of information typically include a secure memory of some type for storing key material and other possibly sensitive data. In order to control access to that key material, it is often necessary to limit access to the secure memory to trusted software and/or hardware components. More specifically, it is often necessary to place restrictions on when, who, and under what circumstances the memory storing key material can be addressed.
One problem with limiting access to a memory is testability. Another problem is limiting access to field deployed units while still allowing initial programming in the factory. In order to verify that the memory is functioning properly before releasing a device into the field, it is often necessary to have full read/write access thereto. Moreover, such access must typically be provided after a device is completely, or nearly completely constructed. As a result, such devices often include a testing mode wherein, upon occurrence of a certain condition or event, the device assumes it is in test mode and permits full read/write access to the memory. If a hacker is able to fool a device containing key material into entering the test mode, the hacker may potentially obtain full access to the stored key material thereby completely compromising the security of the device.
In some prior art approaches, one or more mode bits stored in memory, or in an anti-fuse device, or the like, define whether the memory contains confidential data and/or whether the memory is in the testing mode. This mode bit(s) may be implemented as a simple checksum on the data in memory. In other words, the mode bit(s) may be set to equal some mathematical function(s) of some or all of the data stored in memory. Regardless of which traditional method for defining the mode bit(s) is employed, if a hacker changes the state of the mode bit(s), the hacker can potentially cause the memory to unlock into the testing mode thereby compromising the key material it contains Thus, it is desirable to provide an improved method and apparatus for determining whether a memory contains confidential data which is not dependent upon mode bit(s) stored in that memory or upon a checksum value stored in memory.
SUMMARY OF THE INVENTION
In accordance with an aspect of the invention, an apparatus for controlling access to confidential data is provided. The apparatus includes a non-volatile memory for storing data and a logic circuit for controlling access to the data contained in the memory. The logic circuit selectively accesses the memory to determine whether at least a portion of the data contained in the memory comprises confidential data by analyzing a property inherent in the accessed data.
In some embodiments, the logic circuit determines whether the data contained in the memory comprises confidential data by identifying data blocks in the accessed data having a predetermined characteristic, by counting the identified data blocks, and by comparing the count to a threshold value. In such embodiments, each of the data blocks may comprise a bit, and the predetermined characteristic may comprise a predefined logic state. Alternatively, each of the data blocks may comprise a plurality of bits, and the predetermined characteristic may comprise a binary value falling within a range of binary values.
Preferably, a change in the inherent property sufficient to cause the logic circuit to determine the data stored in the memory does not comprise confidential data will substantially destroy the data in memory.
In some embodiments, the logic circuit preferably comprises a hardware circuit. In some embodiments, the apparatus is provided with a processor and firmware cooperating with the logic circuit to
Bautz Brandon E.
Cassagnol Robert D.
Dillon Douglas M.
Kloper David S.
Weber Sandra J.
Hughes Electronics Corporation
Sales Michael W.
Thai Tuan V.
Whelan John T.
LandOfFree
Method and apparatus for controlling access to confidential... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for controlling access to confidential..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for controlling access to confidential... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2894775