Cryptography – Key management – Having particular key generator
Reexamination Certificate
1997-10-23
2001-05-15
Swann, Tod R. (Department: 2767)
Cryptography
Key management
Having particular key generator
C380S052000, C713S194000
Reexamination Certificate
active
06233339
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an encryptor, a decryptor, a cryptographic processor, and a computer system, more specifically, to an encryptor for encrypting plain text, a decryptor for decrypting cypher text, and a cryptographic processor for cryptographic service, and a computer system for the purpose of protecting secret data against intrusion.
2. Description of the Prior Art
Recently, as computer networks are expanding rapidly, techniques for protecting critical digital information have been remarked. One of such techniques is to store digital information (referred to as secret data hereinbelow) to be secured into a storage device after encryption.
Sufficient attention should be paid for safety operation of encryption technique, especially in the dealing of secret information such as encryption keys and decryption keys. In general, for an encryption technique within an communication devices, such secret information is stored in a non-volatile memory. Such a non-volatile memory is enclosed in a molded resin so as to protect against intrusion. This may allow secret information not to be leaked if sufficient access control is performed.
However, if some highly value-added data is encrypted and if its secret information (decryption key) is protected with such a level of protection, the secret information may be stolen. A molded resin may be removed by melting it, then it may be possible that any secret information may be stolen by probing charge information in a memory cell. At present, smart cards have been applied in the field of electric money and electric commerce. In these fields, the problem described above becomes so serious that it cannot be ignored.
In order to prevent piracy, there is a method in which secret information is stored in a RAM (Random Access Memory), a kind of volatile memory (see, Japanese Published Examined Application No. S61-61740 entitled “communication secret apparatus”). RAM is supplied with power through a micro-switch. If the box incorporating the RAM is pulled out from its attachment for the purpose of stealing secret information, the micro-switch opens to cut off the power supply. When the power is interrupted, the secret information stored in the RAM evaporates to ensure the security.
However, this method has a disadvantage that the data is not evaporated by cutting off the power supply if the box incorporating the RAM is held in a cryogenic temperature environment.
There is also another method of making a special box for preventing intrusion (see, Japanese Published Examined Application No. S63-78250 entitled “a data security device for protecting stored data”). This special box is formed of a top plate, a bottom plate, and four side plates including curved conductive wires respectively. Two conductive wires compose parallel conductive lines. A detection circuit is formed to generate a reset signal if there is an intrusion by creating a short circuit or earth connection of the conductive lines. The secret information stored in a memory within this box is erased when a reset signal is generated. The plates forming the box are made of ceramics, which protect against chemical attack. In addition, a temperature sensor is provided within the box in order to protect from an attack attempting to knock out the detection circuit by freezing.
There has been proposed a method for improving the sensitivity against intrusion into the box, in which a barrier protects an electric assembly from mechanical or chemical attack (see, U.S. Pat. No. 5,027,397 and 5,159,629 entitled “Data protection by detection of intrusion into electric assembles”). The intrusion barrier includes a screen material surrounding the electronic assembly, on which screen conductive lines are formed, and conductors connected to power supply means and to signal detector means. These conductive lines are formed of conductive particles of material dispersed in a solidified matrix. These conductive lines are very finely patterned so as to change resistance when a mechanical or chemical attack is made to the intrusion barrier.
By applying such a intrusion barrier to the electronic assembly, if a chemical or mechanical attack is attempted, some conductive particles lose their mechanical integrity so that the intrusion detector detects the variance of resistance of conductor circuit and thereby erase the secret information in the volatile memory.
SUMMARY AND OBJECTS OF THE INVENTION
Problem to be Solved by the Invention
Both methods as described above require, always, an attack detecting circuit for detecting an attack attempt, and a data deleting circuit for erasing the secret information stored in a memory. The attack detecting circuit and data deleting circuit are to operate as long as any secret information is stored in the memory. However, for a portable communication device, the electricity to these circuits is an excessive load. In addition, these methods are not applicable for smart cards which incorporate no power supply.
In both methods as described above, the operation of the attack detector (detection of any attack) triggers deleting secret information, self destructively. Thus, for example, if an erroneous operation due to noise and the like occurs once, the secret data could not be decrypted thereafter.
The present invention has been made in view of these disadvantages in the prior art, by providing an encryptor, decryptor, and cryptographic processor which protect security information against intrusion.
For improving the ability of attack detection in any of the attack detecting method of the prior art, sensors or conductive particles forming an attack detector should be provided in any outer walls of the box in a high density, leading a huge quantity of circuits to be installed. In addition, in order to protect against a freezing attack to these attack detectors, a temperature sensor should be provided. This causes the device to be complex, and to be expensive.
The present invention has been made in view of these disadvantages in the prior art, by providing an encryptor, decryptor, and cryptographic processor comprising an attack detecting circuit which may detect any attacks with fewer circuits.
This invention decreases the number of components, while providing an encryptor, decryptor, and cryptographic processor which protects against intrusion and prevents secret data from being pirated.
Means for Solving the Problem
In order to solve the problems above, according to the present invention, an encryptor for encrypting secret data is provided which comprises: means for containing fluid in a sealed space; means for generating code specified by the pressure value of the fluid; means disposed in the sealed space for generating encryption key based on the code; and means disposed in the sealed space for generating encrypted secret data by encrypting the secret data.
In an encryption device having such a structure, a fluid container means retains fluid in a sealed space. The code generator means disposed in the sealed space generates codes specified by the pressure value of the fluid. The sealed space may be partitioned into a plurality of sections, where the code generator may generate specific codes from the ratio or the difference of the pressure value of the fluid contained in the plurality of sealed spaces. The encryption key generator disposed in the sealed space generates a encryption key based on a code thus generated. The encryption means disposed in the sealed space encrypts the secret data by using said encryption key.
As can be seen, according to the encryptor of the present invention, neither encryption key nor codes used for encryption of secret data are stored in a memory. This prevents any intrusion to the encryption processing of the secret data without providing an attack detection circuit or a data deleting circuit.
Also according to the present invention, in order to solve the problems described above an encryption device for encrypting secret data is provided which comprises: a capacitor being composed
Funada Masao
Hirota Masaki
Kawano Kenji
Okada Junji
Ozawa Takashi
Fuji 'Xerox Co., Ltd.
Meislahn Douglas J.
Oliff & Berridg,e PLC
Swann Tod R.
LandOfFree
Physical property based cryptographics does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Physical property based cryptographics, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Physical property based cryptographics will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2489521