Electrical computers and digital processing systems: support – Data processing protection using cryptography – Upgrade/install encryption
Reexamination Certificate
1999-09-13
2004-03-23
Smithers, Matthew (Department: 2134)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Upgrade/install encryption
C713S194000
Reexamination Certificate
active
06711684
ABSTRACT:
This invention related in general to data processing devices and more specifically to an apparatus and methods for allowing a processing device to utilize flexible security when receiving information downloads.
BACKGROUND INFORMATION
Processing devices often have embedded programs or firmware stored in non-volatile memory. The firmware is executed by an embedded processor to achieve the desired functionality. Conventional high security applications have relied upon read only memory (ROM) to store the firmware.
Lower security processing devices have begun storing firmware in a reprogrammable memory device. The ability to reprogram the processing device is desired because this feature allows efficient debugging of the firmware. Those skilled in the art appreciate that firmware development typically requires many revisions. Reprogrammable memory avoids the need to discard an integrated circuit which includes the memory each time the firmware revision changes. Furthermore, the ability to reprogram the memory allows firmware upgrades of the processing device in the field as new bugs are fixed or as new features are added.
Although reprogrammable memory is readily available, the ability to reprogram a high security processing device is problematic. In the cable television industry, for example, there are risks that a “cable pirate” could use the reprogrammability feature to disable any security features designed to thwart pirates by replacing the firmware. Accordingly, the reprogrammability aspect is desired, but is viewed as impractical for security reasons.
Conventional high security processing devices use an integral ROM which is masked into an application specific integrated circuit (ASIC) at the time of manufacture. Masked ROMs add little to the cost of the ASIC and cannot be changed by pirates in order to defeat the security.
However, the firmware cannot be changed once the ASIC is produced. Accordingly, all debugging of the firmware takes place on emulators and prototype ASIC devices before production ASICs are manufactured. Use of emulators is problematic because they are typically much slower than a production ASIC and they are often not exact replicas of the production ASIC. With regard to debugging with a prototype ASIC device, they are expensive and a number of prototype ASICs could be required to iteratively debug a design. It can take weeks to produce another iteration of prototype ASIC which could cause serious delay to a development program. As those skilled in the art appreciate, firmware debugging of masked ROMs is a slow and expensive proposition.
In summary, it appears desirable to develop a processing device which is reprogrammable, but not susceptible to later attack by pirates. This device should reduce the design cycle for producing the ASIC by allowing debug of the firmware after ASIC production. Furthermore, the device should allow field upgrades of the firmware as new bugs are found or as new features are added.
SUMMARY OF THE INVENTION
According to the invention, an apparatus and methods allow for a processing device to utilize flexible security when receiving information downloads. In a first embodiment, a method stores information within a processing device. The method receives a download via a first input path which includes a first breakable link and stores the download within the processing device. At some point, a key is also stored within the processing device. A ciphertext download is received via a second input path which includes a second breakable link. The ciphertext download is decrypted utilizing the key and the resulting plaintext download is stored within the processing device.
In another embodiment, a method stores information within a processing device utilizing two paths. First plaintext information is loaded through a first download path extending from outside the processing device to memory, whereafter, the first plaintext information is stored in memory. At some point, a key is stored within the processing device. To enhance security, the first download path is disabled. Ciphertext information is loaded through a second download path, whereupon the ciphertext information is decrypted with the key to produce second plaintext information.
In yet another embodiment, a processing device includes a download port, a decryption engine, a memory, a first download path, a second download path, and a mechanism for disabling the first download path. The download port interfaces with outside of the processing device. The first download path extends between the download port and memory and the second download path extends between the download port and a ciphertext input of the decryption engine. The mechanism for disabling the first download path prevents digital data from passing along that path.
REFERENCES:
patent: 5101121 (1992-03-01), Sourgen
patent: 5386469 (1995-01-01), Yearsley et al.
patent: 5423050 (1995-06-01), Taylor et al.
patent: 5434804 (1995-07-01), Bock et al.
patent: 5448576 (1995-09-01), Russell
patent: 5479652 (1995-12-01), Dreyer et al.
patent: 5483518 (1996-01-01), Whetsel
patent: 5559889 (1996-09-01), Easter et al.
patent: 5608881 (1997-03-01), Masumura et al.
patent: 5623604 (1997-04-01), Russell et al.
patent: 5708773 (1998-01-01), Jeppesen, III et al.
patent: 5768152 (1998-06-01), Battaline et al.
patent: 5799083 (1998-08-01), Brothers et al.
patent: 5930523 (1999-07-01), Kawasaki et al.
patent: 5978902 (1999-11-01), Mann
patent: 5983379 (1999-11-01), Warren
patent: 5995628 (1999-11-01), Kitaj et al.
patent: 6000773 (1999-12-01), Murray et al.
patent: 6307936 (2001-10-01), Ober et al.
patent: 6385727 (2002-05-01), Cassagnol et al.
patent: 6577734 (2003-06-01), Etzel et al.
patent: 0 636 976 (1994-07-01), None
patent: 0 702 239 (1995-08-01), None
patent: 0 720 092 (1995-12-01), None
patent: WO 94/10687 (1994-05-01), None
Richard York et al., “Real Time Debug for System-on-Chip Devices,” ARM Ltd., Cambridge, UK, Jun. 1999.
Morten Zilmer, “Non-intrusive On-chip Debug Hardware Accelerates Development for MIPS RISC Processors,”EE Times, available at http://www.amslink.com/mipsartl.html, Mar. 30, 1999, pps. 1-6.
“MIPS EJTAG Debug Solution,” 980818 Rev. 2.0.0, available at www.mips.com, Aug. 18, 1998, pp. 1-124.
Moroney Paul
Rappoport Adam L.
Sprunk Eric J.
Tang Lawrence W.
General Instrument Corporation
Nalven Andrew
Smithers Matthew
Townsend and Townsend / and Crew LLP
LandOfFree
Variable security code download for an embedded processor does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Variable security code download for an embedded processor, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Variable security code download for an embedded processor will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3278098