WO1998019420A1 - A circuit and method for ensuring interconnect security within a multi-chip integrated circuit package - Google Patents

A circuit and method for ensuring interconnect security within a multi-chip integrated circuit package Download PDF

Info

Publication number
WO1998019420A1
WO1998019420A1 PCT/US1997/014442 US9714442W WO9819420A1 WO 1998019420 A1 WO1998019420 A1 WO 1998019420A1 US 9714442 W US9714442 W US 9714442W WO 9819420 A1 WO9819420 A1 WO 9819420A1
Authority
WO
WIPO (PCT)
Prior art keywords
integrated circuit
interconnect
digital information
chip
circuit chip
Prior art date
Application number
PCT/US1997/014442
Other languages
French (fr)
Inventor
Derek L. Davis
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Priority to GB9909491A priority Critical patent/GB2334416B/en
Priority to AU42313/97A priority patent/AU4231397A/en
Priority to DE19782075A priority patent/DE19782075C2/en
Priority to DE19782075T priority patent/DE19782075T1/en
Publication of WO1998019420A1 publication Critical patent/WO1998019420A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present invention relates to the field of cryptography. More particularly, the present invention relates to a circuit and method for protecting digital information transferred between integrated circuits of a multi-chip module.
  • digital information may be protected within the computer by encrypting the data before it is transmitted through bus lines that support communications between electronic components each containing an integrated circuit (“IC") chip.
  • IC integrated circuit
  • the package may be made of a special packaging material or the integrated circuit may be coated with a special material within the package.
  • multi-chip module a multi-chip integrated circuit package (commonly referred to as a "multi-chip module”) that is designed to greatly mitigate the probability of successful physical attack.
  • the present invention relates to a circuit and method for protecting digital information transferred between integrated circuit chips of a multi-chip module.
  • the apparatus comprises a first integrated circuit chip and a second integrated circuit chip coupled together through an interconnect. Both the first and second integrated circuit chips include cryptographic engines coupled to the interconnect for the purpose of encrypting outgoing information being output across the interconnect and decrypting incoming information received from the interconnect.
  • Figure 1 is an illustrative block diagram of an electronic system including a multi-chip module employed as a bridge element.
  • Figure 2 is a block diagram of a preferred embodiment of the multi-chip module optimally shown as the bridge element of Figure 1.
  • Figure 3 is an illustrative flowchart of the initialization procedure performed by the multi-chip module of Figure 2.
  • Figure 4 is an illustrative flowchart of the normal operations of the multi- chip module of Figure 2.
  • the present invention relates to a circuit and technique for ensuring digital information, transmitted through an interconnect between individual IC chips of a multi-chip module, is protected from physical attack.
  • information is one or more bits of data, address, and/or control information.
  • a "key” is an encoding and/or decoding parameter used by conventional cryptographic algorithms such as Rivest, Shamir and Adleman ("RSA"), a Data Encryption Algorithm as specified in Data Encryption Standard ("DES”) and the like.
  • RSA Rivest, Shamir and Adleman
  • DES Data Encryption Algorithm as specified in Data Encryption Standard
  • a “cryptographic algorithm” (commonly referred to as a "cipher”) is a mathematical function used for encryption and decryption.
  • a "digital signature” is a sequence of information typically used for authentication purposes. The digital signature is created by applying a cipher to the information using a key to produce an encrypted sequence of information.
  • the computer system 100 comprises a central processing unit (“CPU") 105 and a main memory element 110 (e.g., random access memory "RAM”, cache, etc.) coupled to a system bus 115.
  • a bridge element 120 operates as an interface between the system bus 115 and an input/output (“I/O") bus 125 having at least one peripheral device 130 coupled thereto.
  • the I/O bus 125 may include a Peripheral Component Interconnect (“PCI”) bus, Industry Standard Architecture (“ISA”) bus and the like.
  • PCI Peripheral Component Interconnect
  • ISA Industry Standard Architecture
  • the peripheral device 130 may include, but is not limited to, a mass storage device (e.g., a hard drive, CD ROM, network interface circuit card, and the like).
  • a mass storage device e.g., a hard drive, CD ROM, network interface circuit card, and the like.
  • the bridge element 120 provides a communication path for information to be exchanged between the peripheral device 130 and the CPU 105 or main memory element 110 coupled to the system bus 115.
  • the bridge element 120 may be configured as a multi- chip module incorporating both logic circuitry and memory as separate integrated circuits coupled together through an interconnect.
  • the bridge element may include, but is not limited to a Triton IITM chip set manufactured by Intel Corporation of Santa Clara, California.
  • the present invention may be utilized by any electronic device implemented within a multi-chip module.
  • the CPU 105 may be implemented as a multi-chip module in which the processor core and on-chip cache may be separate IC chips representing logic circuitry and memory, respectively.
  • the multi-chip module 200 includes a first integrated circuit chip 205 and a second integrated circuit chip 210 coupled together through an interconnect 215.
  • the interconnect 215 includes a plurality of communication signal lines providing bi-directional (or uni-directional) communications between the first and second integrated circuit chips 205 and 210.
  • the multi-chip module 200 further includes a first plurality of I/O ports 220, and optionally, a second plurality of I/O ports 225.
  • the first plurality of I/O ports 220 are used to provide information to and receive information from the first integrated circuit chip 205 while the second plurality of I/O ports 225, if implemented, are used to provide information to and receive information from the second integrated circuit chip 210.
  • One embodiment of the multi-chip module 200 features the second integrated circuit chip 210 as memory 230 including a small amount of support logic.
  • the support logic includes a cryptographic engine 235 designed to perform cryptographic operations in accordance with a selected stream cipher such as, for example, "RC4" provided by RSA Data Security, Inc. of Redwood City, California, although other stream ciphers may be used.
  • the cryptographic engine 235 is primarily dedicated for the purpose of (i) encrypting information within the second integrated circuit chip 210 prior to transmission through the interconnect 215 and (ii) decrypting information received over the interconnect 215.
  • the memory 230 may be non-volatile memory, such as erasable programmable read-only memory (“EPROM”), electrically erasable programmable read-only memory (“EEPROM”) and various other types of flash memory.
  • key information (referred to as a "security key") 240 which is generated and stored in the non-volatile memory of the multi-chip module 200, normally at manufacture. It is contemplated that the security key 240 may be produced after manufacture of the multi-chip module 200 by an original equipment manufacturer or a trusted authority (e.g., trade association, governmental entity, etc.).
  • the security key 240 may be used as a symmetric key by both the first and second integrated circuits 205 and 210, namely their cryptographic engines, to encrypt and decrypt the information or to establish a "session" key used for that purpose.
  • the first integrated circuit chip 205 is logic circuitry (e.g., a processor core, etc.), including a small amount of non-volatile memory.
  • the logic circuitry includes a cryptographic engine 245 which is also used for the encryption of outgoing information within the first integrated circuit 205 prior to transmission through the interconnect 215 and the decryption of incoming information received over the interconnect 215.
  • the small amount of non-volatile memory 250 is used to contain the security key 240 also placed therein at manufacture. It is contemplated, however, that the logic circuitry may further include a random number generator (not shown) to produce the security key, or perhaps the session key, during initialization.
  • one of the cryptographic engines at the source e.g., cryptographic engine 245 in the first integrated circuit chip 205
  • the pseudo-random stream is logically XOR'ed with the digital information in its non-encrypted form prior to transmission to the cryptographic engine at the destination (e.g., cryptographic engine 235). This XOR'ing may be performed in serial bitwise fashion or in parallel with any number of bits in order to encrypt the digital information.
  • the cryptographic engine is used to decrypt the incoming information by again XOR'ing that digital information with portions of the similarly-generated, pseudo-random stream in order to obtain the information in a non-encrypted form.
  • This mechanism requires that the generation of the two pseudo-random streams remains in synchronization, typically assured by always processing the same amount of information at both the destination and source devices. This assures that the pseudo-random stream is "consumed” at a matching rate by both integrated circuit chips. Note that the above procedures are directed to the use of "RC4" cipher, but it is anticipated that other stream ciphers that may not use pseudorandom streams may be employed.
  • Step 300 a set-up key is implemented into their masks.
  • the set-up key is a fixed number and is static in nature.
  • the flash and logic dice are packaged to create a multi-chip module (Step 305). These dice are powered up, causing one of the dice, such as the logic die, to initially generate a random number internally or obtain a random number externally to be used as the security key (Step 310).
  • the logic die encrypts the security key with the set-up key to produce an encrypted "key establishment message” and loads the security key into its non-volatile memory (Step 315). Thereafter, the logic die transmits the key establishment message to the flash die (Step 320).
  • the flash die decrypts the key establishment message with its copy of the set-up key to obtain the security key and stores the security key in its non-volatile memory (Step 325). Thereafter, the security key may be used as a symmetric key for exchanging a session key to conduct high-speed cryptographic communications between both integrated circuit chips.
  • Step 400 the multi-chip module is powered up (Step 400). Thereafter, the first integrated circuit chip begins execution of instructions in its own ROM initially, and during that process, it generates a random session key (Step 405). Next, the first integrated circuit chip encrypts the session key with the security key which is stored in non-volatile memory of both the first and second integrated circuit chips (Step 410). Then, the first integrated circuit chip transmits the session key, encrypted with the security key, to the second integrated circuit chip (Step 415).
  • the second integrated circuit chip decrypts the encrypted session key to retrieve the session key in a non-encrypted form and stores the session key within any storage facilities (e.g., non-volatile memory, RAM, registers, etc.) of the second integrated circuit chip (Steps 420-425). From that point, the cryptographic engines utilize the session key to produce the pseudo-random stream which is used either to encrypt digital information transmitted through the interconnect or to decrypt digital information upon receiving encrypted digital information via the interconnect (Step 430).
  • any storage facilities e.g., non-volatile memory, RAM, registers, etc.

Abstract

Circuitry implemented within a multi-chip module (200) comprising a first integrated circuit chip (205) and a second integrated circuit chip (210) coupled together through an interconnect (215). Both the first and second integrated circuit chips include a cryptographic engine (245, 235) coupled to the interconnect and a non-volatile memory element (250, 230) used to contain key information (240). These cryptographic engines are solely used to encrypt outgoing information being output across the interconnect or to decrypt incoming information received from the interconnect. This prevents fraudulent physical attack of information transmitted across the interconnect.

Description

A CIRCUIT AND METHOD FOR ENSURING INTERCONNECT SECURITY WITHIN A MULTI- CHIP INTEGRATED CIRCUIT PACKAGE
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of cryptography. More particularly, the present invention relates to a circuit and method for protecting digital information transferred between integrated circuits of a multi-chip module.
2. Description of Art Related to the Invention
Currently, many companies are now using personal computers and centralized mainframes to store sensitive information (e.g., confidential, proprietary, etc.) in digital form and to perform logical operations utilizing this information. These operations may include, but are not limited to adjusting credit card account balances, bank account balances, metering electronic content usage, applying digital signatures to electronic documents or contracts, etc. Due to the sensitive nature of this information, it has become necessary to ensure that its integrity is protected upon being transmitted outside the physical confines of the computer casing as well as during transmission within the casing.
Ideally, digital information may be protected within the computer by encrypting the data before it is transmitted through bus lines that support communications between electronic components each containing an integrated circuit ("IC") chip. Additionally, to prevent recovery of digital information stored or processed on-chip, normally accomplished by removing a portion of a single chip package covering the surface of the IC chip and directly examining the IC chip itself, the package may be made of a special packaging material or the integrated circuit may be coated with a special material within the package. These techniques have been in limited use for a number of years in order to protect integrated circuits, targeting the military market, by increasing the difficulty of exposing the integrated circuit through etching, dissolving or grinding away without damaging the surface of the IC chip.
However, for multi-chip packages containing a plurality of IC chips and an interconnect used to transfer information in a non-encrypted format between these IC chips, the special packaging material does not ensure, with a high degree of probability, that a physical attack on the interconnect will be unsuccessful. "Physical attack" is defined as an attempt in recovering sensitive information in a non-encrypted format directly from the internal circuitry of the integrated circuit. The reason that the multi-chip package is particularly susceptible to a physical attack is that access to sensitive data may be achieved directly on the interconnect rather than on the IC chip itself.
In the last few years, the use of multi-chip packages has increased dramatically in order to take advantage of semiconductor fabrication processes optimized for different types of circuitry (e.g., memory and logic circuitry). For example, a logic process is typically optimized for high performance, high transistor density, and low power with different priorities based on the specific target market. On the other hand, a memory process is typically optimized for high memory density, with less emphasis on logic transistor density or performance. However, information transferred between IC chips within a multi-chip package is susceptible to fraudulent modification or illicit observation because the packaging material proximate to the interconnect may be removed without harming any of the IC chips. Thus, systems utilizing a multi-chip module are susceptible to fraud by unauthorized persons unless an additional protective mechanism is implemented.
Therefore, it would be advantageous to develop a multi-chip integrated circuit package (commonly referred to as a "multi-chip module") that is designed to greatly mitigate the probability of successful physical attack.
SUMMARY OF THE INVENTION
The present invention relates to a circuit and method for protecting digital information transferred between integrated circuit chips of a multi-chip module. The apparatus comprises a first integrated circuit chip and a second integrated circuit chip coupled together through an interconnect. Both the first and second integrated circuit chips include cryptographic engines coupled to the interconnect for the purpose of encrypting outgoing information being output across the interconnect and decrypting incoming information received from the interconnect.
BRIEF DESCRIPTION OF THE DRAWINGS
The features and advantages of the present invention will become apparent from the following detailed description of the present invention in which:
Figure 1 is an illustrative block diagram of an electronic system including a multi-chip module employed as a bridge element.
Figure 2 is a block diagram of a preferred embodiment of the multi-chip module optimally shown as the bridge element of Figure 1.
Figure 3 is an illustrative flowchart of the initialization procedure performed by the multi-chip module of Figure 2.
Figure 4 is an illustrative flowchart of the normal operations of the multi- chip module of Figure 2.
DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention relates to a circuit and technique for ensuring digital information, transmitted through an interconnect between individual IC chips of a multi-chip module, is protected from physical attack. In the following description, some terminology is used to discuss certain well-known cryptographic functions. For example, "information" is one or more bits of data, address, and/or control information. A "key" is an encoding and/or decoding parameter used by conventional cryptographic algorithms such as Rivest, Shamir and Adleman ("RSA"), a Data Encryption Algorithm as specified in Data Encryption Standard ("DES") and the like. A "cryptographic algorithm" (commonly referred to as a "cipher") is a mathematical function used for encryption and decryption. A "digital signature" is a sequence of information typically used for authentication purposes. The digital signature is created by applying a cipher to the information using a key to produce an encrypted sequence of information.
Referring to Figure 1, an illustrative embodiment of a computer system 100 employing the present invention is shown. The computer system 100 comprises a central processing unit ("CPU") 105 and a main memory element 110 (e.g., random access memory "RAM", cache, etc.) coupled to a system bus 115. A bridge element 120 operates as an interface between the system bus 115 and an input/output ("I/O") bus 125 having at least one peripheral device 130 coupled thereto. The I/O bus 125 may include a Peripheral Component Interconnect ("PCI") bus, Industry Standard Architecture ("ISA") bus and the like. Additionally, the peripheral device 130 may include, but is not limited to, a mass storage device (e.g., a hard drive, CD ROM, network interface circuit card, and the like). As a result, the bridge element 120 provides a communication path for information to be exchanged between the peripheral device 130 and the CPU 105 or main memory element 110 coupled to the system bus 115.
It is contemplated that the bridge element 120 may be configured as a multi- chip module incorporating both logic circuitry and memory as separate integrated circuits coupled together through an interconnect. Examples of the bridge element may include, but is not limited to a Triton II™ chip set manufactured by Intel Corporation of Santa Clara, California. However, the present invention may be utilized by any electronic device implemented within a multi-chip module. For example, the CPU 105 may be implemented as a multi-chip module in which the processor core and on-chip cache may be separate IC chips representing logic circuitry and memory, respectively.
Referring now to Figure 2, a preferred embodiment of a multi-chip module 200 protecting digital information exchanged between two integrated circuit chips is shown. The multi-chip module 200 includes a first integrated circuit chip 205 and a second integrated circuit chip 210 coupled together through an interconnect 215. The interconnect 215 includes a plurality of communication signal lines providing bi-directional (or uni-directional) communications between the first and second integrated circuit chips 205 and 210. The multi-chip module 200 further includes a first plurality of I/O ports 220, and optionally, a second plurality of I/O ports 225. The first plurality of I/O ports 220 are used to provide information to and receive information from the first integrated circuit chip 205 while the second plurality of I/O ports 225, if implemented, are used to provide information to and receive information from the second integrated circuit chip 210. One embodiment of the multi-chip module 200 features the second integrated circuit chip 210 as memory 230 including a small amount of support logic. The support logic includes a cryptographic engine 235 designed to perform cryptographic operations in accordance with a selected stream cipher such as, for example, "RC4" provided by RSA Data Security, Inc. of Redwood City, California, although other stream ciphers may be used. The cryptographic engine 235 is primarily dedicated for the purpose of (i) encrypting information within the second integrated circuit chip 210 prior to transmission through the interconnect 215 and (ii) decrypting information received over the interconnect 215.
The memory 230 may be non-volatile memory, such as erasable programmable read-only memory ("EPROM"), electrically erasable programmable read-only memory ("EEPROM") and various other types of flash memory. Contained within memory 230 is key information (referred to as a "security key") 240 which is generated and stored in the non-volatile memory of the multi-chip module 200, normally at manufacture. It is contemplated that the security key 240 may be produced after manufacture of the multi-chip module 200 by an original equipment manufacturer or a trusted authority (e.g., trade association, governmental entity, etc.). The security key 240 may be used as a symmetric key by both the first and second integrated circuits 205 and 210, namely their cryptographic engines, to encrypt and decrypt the information or to establish a "session" key used for that purpose.
Referring still to Figure 2, the first integrated circuit chip 205 is logic circuitry (e.g., a processor core, etc.), including a small amount of non-volatile memory. The logic circuitry includes a cryptographic engine 245 which is also used for the encryption of outgoing information within the first integrated circuit 205 prior to transmission through the interconnect 215 and the decryption of incoming information received over the interconnect 215. The small amount of non-volatile memory 250 is used to contain the security key 240 also placed therein at manufacture. It is contemplated, however, that the logic circuitry may further include a random number generator (not shown) to produce the security key, or perhaps the session key, during initialization.
During communication between the two integrated circuit chips 205 and 210 in an effort to securely transfer digital information, one of the cryptographic engines at the source (e.g., cryptographic engine 245 in the first integrated circuit chip 205) is used to create a pseudo-random stream based on the security key contained within its non-volatile memory. The pseudo-random stream is logically XOR'ed with the digital information in its non-encrypted form prior to transmission to the cryptographic engine at the destination (e.g., cryptographic engine 235). This XOR'ing may be performed in serial bitwise fashion or in parallel with any number of bits in order to encrypt the digital information. At the destination, the cryptographic engine is used to decrypt the incoming information by again XOR'ing that digital information with portions of the similarly-generated, pseudo-random stream in order to obtain the information in a non-encrypted form. This mechanism requires that the generation of the two pseudo-random streams remains in synchronization, typically assured by always processing the same amount of information at both the destination and source devices. This assures that the pseudo-random stream is "consumed" at a matching rate by both integrated circuit chips. Note that the above procedures are directed to the use of "RC4" cipher, but it is anticipated that other stream ciphers that may not use pseudorandom streams may be employed.
Referring now to Figure 3, a flowchart illustrating the initialization procedure of the preferred embodiment performed at manufacture in order to load the security key within both the first and second integrated circuit chips of the multi-chip module is shown. When the first and second integrated circuit chips are manufactured as individual dice, such as a flash die and a logic die for example, a set-up key is implemented into their masks (Step 300). The set-up key is a fixed number and is static in nature. Next, the flash and logic dice are packaged to create a multi-chip module (Step 305). These dice are powered up, causing one of the dice, such as the logic die, to initially generate a random number internally or obtain a random number externally to be used as the security key (Step 310). The logic die encrypts the security key with the set-up key to produce an encrypted "key establishment message" and loads the security key into its non-volatile memory (Step 315). Thereafter, the logic die transmits the key establishment message to the flash die (Step 320).
Next, the flash die decrypts the key establishment message with its copy of the set-up key to obtain the security key and stores the security key in its non-volatile memory (Step 325). Thereafter, the security key may be used as a symmetric key for exchanging a session key to conduct high-speed cryptographic communications between both integrated circuit chips.
Referring now to Figure 4, a flowchart illustrating the normal operations of a multi-chip module in order to protect digital information transmitted through the interconnect is shown. First, the multi-chip module is powered up (Step 400). Thereafter, the first integrated circuit chip begins execution of instructions in its own ROM initially, and during that process, it generates a random session key (Step 405). Next, the first integrated circuit chip encrypts the session key with the security key which is stored in non-volatile memory of both the first and second integrated circuit chips (Step 410). Then, the first integrated circuit chip transmits the session key, encrypted with the security key, to the second integrated circuit chip (Step 415). The second integrated circuit chip decrypts the encrypted session key to retrieve the session key in a non-encrypted form and stores the session key within any storage facilities (e.g., non-volatile memory, RAM, registers, etc.) of the second integrated circuit chip (Steps 420-425). From that point, the cryptographic engines utilize the session key to produce the pseudo-random stream which is used either to encrypt digital information transmitted through the interconnect or to decrypt digital information upon receiving encrypted digital information via the interconnect (Step 430).
While certain exemplary embodiments have been described and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad invention, and that this invention not be limited to the specific constructions and arrangements shown and described, since various other modifications may occur to those ordinarily skilled in the art.

Claims

CLAIMSWhat is claimed is:
1. A multi-chip module comprising: an interconnect; a first integrated circuit chip including a first cryptographic engine, said first cryptographic engine being coupled to the interconnect; and a second integrated circuit chip including a second cryptographic engine, said second cryptographic engine being coupled to the interconnect.
2. The multi-chip module according to claim 1 , wherein said first integrated circuit chip further includes a non-volatile memory element, said nonvolatile memory element contains key information used by the first cryptographic engine for encryption of outgoing digital information before transmission over the interconnect and for decryption of incoming digital information received by the first cryptographic engine over the interconnect.
3. The multi-chip module according to claim 1 , wherein said second integrated circuit chip further includes a non-volatile memory element, said nonvolatile memory element contains key information used by the second cryptographic engine for encryption of outgoing digital information before transmission over the interconnect and for decryption of incoming digital information received by the second cryptographic engine over the interconnect.
4. The multi-chip module according to claim 1, wherein said first integrated circuit chip executes a stream cipher algorithm to encrypt the outgoing digital information and alternatively to decrypt the incoming digital information.
5. The multi-chip module according to claim 1 , wherein said first cryptographic engine is dedicated to performing cryptographic operations on the outgoing digital information before transmission through the interconnect, and alternatively on the incoming digital information upon receipt over the interconnect.
6. The multi-chip module according to claim 1, wherein said first integrated circuit chip includes logic circuitry and an on-chip, non-volatile memory element, said on-chip, non-volatile memory element contains key information used by the first cryptographic engine to establish a session key used to encrypt digital information before transferring to the second integrated circuit chip over the interconnect and to decrypt incoming digital information received by the first cryptographic engine over the interconnect.
7. The multi-chip module according to claim 6 further including a random number generator.
8. The multi-chip module according to claim 7, wherein the random number generator produces at least the key information.
9. The multi-chip module according to claim 6, wherein said second integrated circuit chip includes memory and support logic.
10. An electronic device encapsulated within a multi-chip module, the electronic device comprising: first circuit means for processing information, said first circuit means encrypting outgoing digital information prior to transmission, and decrypting incoming digital information after receipt; second circuit means for storing information, said second circuit means encrypting the second set of digital information prior to outputting digital information to the first circuit means and decrypting outgoing digital information from the first circuit means after receipt; and connection means for interconnecting the first circuit means with the second circuit means.
11. The electronic device according to claim 10, wherein the first circuit means includes a first cryptographic engine and a first internal memory capable of storing key information to assist in encrypting the outgoing digital information before transmission to the second circuit means and in decrypting the digital information from the second circuit means.
12. The electronic device according to claim 11 further includes a random number generator.
13. The electronic device according to claim 11 , wherein the second circuit means includes a second cryptographic engine and a second internal memory capable of storing key information to assist in encrypting the digital information output to the first circuit means and in decrypting the outgoing digital information from the first circuit means.
14. A computer system comprising: a bus; a memory element coupled to the bus; and a central processing unit coupled to the bus and packaged as a multi-chip module, the central processing unit includes a first integrated circuit chip including a first cryptographic engine and a first internal memory element, a second integrated circuit chip including a second internal memory element and control logic including at least a second cryptographic engine, and an interconnect coupled to both said first integrated circuit chip and the second integrated circuit chip.
15. The computer system according to claim 14, wherein said first internal memory element of the first integrated circuit chip includes a on-chip cache that contains key information used by the first cryptographic engine for encryption of outgoing digital information transmission over the interconnect and for decryption of incoming digital information received by the first cryptographic engine over the interconnect.
16. The computer system according to claim 14, wherein said second integrated circuit chip further includes a non-volatile memory element, said nonvolatile memory element contains key information used by the second cryptographic engine for encryption of outgoing digital information before transmission over the interconnect and for decryption of incoming digital information received by the second cryptographic engine over the interconnect.
17. The computer system according to claim 16, wherein the second internal memory element of the second integrated circuit chip includes an off-chip cache.
18. The computer system according to claim 14, wherein said first integrated circuit chip of the central processing unit executes a stream cipher algorithm to encrypt the outgoing digital information and alternatively to decrypt the incoming digital information.
19. The computer system according to claim 14, wherein said first cryptographic engine is dedicated to performing cryptographic operations on the outgoing digital information before transmission through the interconnect, and alternatively, on the incoming digital information upon receipt over the interconnect.
20. The computer system according to claim 17, wherein the first integrated circuit chip includes a processor core including the first cryptographic engine and the first internal memory element that contains key information used by the first cryptographic engine to establish a session key used to encrypt outgoing digital information before transmission to the second integrated circuit chip over the interconnect, and to decrypt incoming digital information received by the first cryptographic engine over the interconnect.
21. The computer system according to claim 20, wherein the first integrated circuit chip includes a random number generator.
22. The computer system according to claim 21, wherein the random number generator produces at least the key information.
23. A method of transferring digital information between a first and second integrated circuit chips interconnected by an interconnected and implemented within a multi-chip module, the method comprising the steps of: generating a session key by the first integrated circuit chip; encrypting the session key with a symmetric key stored in a non-volatile memory element of the first integrated circuit chip at manufacture to produce a message; transferring the message through the interconnect; decrypting the message with the symmetric key stored in a non-volatile memory element of the second integrated circuit chip to retrieve the session key; and utilizing the session key for communications between the first integrated circuit chip and the second integrated circuit chip of the multi-chip module.
24. A method for initialization of a multi-chip module having at least two integrated circuit chips connected together by an interconnect, the method comprising the steps of: implementing static key into masks of a first integrated chip and a second integrated circuit chip; packaging the first integrated circuit chip and the second integrated circuit chip into the multi-chip module; powering the first integrated circuit chip and the second integrated circuit chip so that a randomly generated key is loaded into the first integrated circuit chip; encrypting the randomly generated key with the static key to produce a message; transferring the message to the second integrated circuit chip; decrypting the message to retrieve the randomly generated key; and utilizing the randomly generated key by both the first integrated circuit chip and the second integrated circuit chip to exchange session keys for secured communication over the interconnect.
AMENDED CLAIMS
[received by the International Bureau on 20 March 1998 (20.03.98); original claims 1-24 replaced by new claims 1-24 (5 pages)]
1. A multi-chip module comprising: an interconnect; a first integrated circuit chip including a first cryptographic engine, said first cryptographic engine being coupled to the interconnect; and a second integrated circuit chip including a second cryptographic engine, said second cryptographic engine being coupled to the interconnect.
2. The multi-chip module according to claim 1, wherein said first integrated circuit chip further includes a non-volatile memory element, said nonvolatile memory element to contain key information to be used by the first cryptographic engine for encryption of outgoing digital information before transmission over the interconnect and for decryption of incoming digital information received by the first cryptographic engine over the interconnect.
3. The multi-chip module according to claim 1, wherein said second integrated circuit chip further includes a non-volatile memory element, said nonvolatile memory element to contain key information to be used by the second cryptographic engine for encryption of outgoing digital information before transmission over the interconnect and for decryption of incoming digital information received by the second cryptographic engine over the interconnect.
4. The multi-chip module according to claim 1, wherein said first integrated circuit chip is capable of executing a stream cipher algorithm to encrypt the outgoing digital information and alternatively to decrypt the incoming digital information.
5. The multi-chip module according to claim 1, wherein said first cryptographic engine is dedicated to performing cryptographic operations on the outgoing digital information before transmission through the interconnect, and alternatively on the incoming digital information upon receipt over the interconnect.
6. The multi-chip module according to claim 1, wherein said first integrated circuit chip includes logic circuitry and an on-chip, non-volatile memory element, said non-volatile memory element to contain key information to be used by the first cryptographic engine to establish a session key used to encrypt digital information before transferring to the second integrated circuit chip over the interconnect and to decrypt incoming digital information received by the first cryptographic engine over the interconnect.
7. The multi-chip module according to claim 6 further including a random number generator.
8. The multi-chip module according to claim 7, wherein the random number generator is capable of producing signals used to produce at least the key information.
9. The multi-chip module according to claim 6, wherein said second integrated circuit chip includes memory and support logic.
10. An electronic device encapsulated within a multi-chip module, the electronic device comprising: first circuit means for processing information, said first circuit means encrypting outgoing digital information prior to transmission, and decrypting incoming digital information after receipt; second circuit means for storing information, said second circuit means encrypting the second set of digital information prior to outputting digital information to the first circuit means and decrypting outgoing digital information from the first circuit means after receipt; and connection means for interconnecting the first circuit means with the second circuit means.
11. The electronic device according to claim 10, wherein the first circuit means includes a first cryptographic engine and a first internal memory capable of storing key information to assist in encrypting the outgoing digital information before transmission to the second circuit means and in decrypting the digital information from the second circuit means.
12. The electronic device according to claim 11, wherein the second circuit means includes a second cryptographic engine and a second internal memory capable of storing key information to assist in encrypting the digital information output to the first circuit means and in decrypting the outgoing digital information from the first circuit means.
13. A computer system comprising: a bus; a memory element coupled to the bus; and a central processing unit coupled to the bus and packaged as a multi-chip module, the central processing unit includes a first integrated circuit chip including a first cryptographic engine and a first internal memory element, a second integrated circuit chip including a second internal memory element and control logic including at least a second cryptographic engine, and an interconnect coupled to both said first integrated circuit chip and the second integrated circuit chip.
14. The computer system according to claim 13, wherein said first internal memory element of the first integrated circuit chip includes an on-chip cache to contain key information to be used by the first cryptographic engine for encryption of outgoing digital information transmission over the interconnect and for decryption of incoming digital information received by the first cryptographic engine over the interconnect.
15. The computer system according to claim 13, wherein said second integrated circuit chip further includes a non-volatile memory element, said nonvolatile memory element to contain key information to be used by the second cryptographic engine for encryption of outgoing digital information before transmission over the interconnect and for decryption of incoming digital information received by the second cryptographic engine over the interconnect.
16. The computer system according to claim 15, wherein the second internal memory element of the second integrated circuit chip includes an off-chip cache.
17. The computer system according to claim 13, wherein said first integrated circuit chip of the central processing unit is capable of executing a stream cipher algorithm to encrypt the outgoing digital information and alternatively to decrypt the incoming digital information.
18. The computer system according to claim 13, wherein said first cryptographic engine is dedicated to performing cryptographic operations on the outgoing digital information before transmission through the interconnect, and alternatively, on the incoming digital information upon receipt over the interconnect.
19. The computer system according to claim 16, wherein the first integrated circuit chip includes a processor core including (i) the first cryptographic engine and (ii) the first internal memory element to contain key information to be used by the first cryptographic engine to establish a session key used to encrypt outgoing digital information before transmission to the second integrated circuit chip over the interconnect, and to decrypt incoming digital information received by the first cryptographic engine over the interconnect.
20. The computer system according to claim 19, wherein the first integrated circuit chip includes a random number generator.
21. The computer system according to claim 20, wherein the random number generator is capable of producing signals used to generate at least the key information.
22. A method of transferring digital information between a first and second integrated circuit chips interconnected by an interconnect and implemented within a multi-chip module, the method comprising: encrypting a first key with a second key stored in a non-volatile memory element of the first integrated circuit chip at manufacture to produce a message; transferring the message through the interconnect; decrypting the message with the second key stored in a non-volatile memory element of the second integrated circuit chip to retrieve the first key; and utilizing the first key for communications between the first integrated circuit chip and the second integrated circuit chip of the multi-chip module.
23. The method according to claim 22, wherein prior to the encrypting of the first key, the method further comprises generating the first key internally within the first integrated circuit chip, the first key being used as a session key.
24. A method for initialization of a multi-chip module having at least two integrated circuit chips connected together by an interconnect, the method comprising: implementing a static key into masks of a first integrated chip and a second integrated circuit chip; packaging the first integrated circuit chip and the second integrated circuit chip into the multi-chip module; powering the first integrated circuit chip and the second integrated circuit chip so that a randomly generated key is loaded into the first integrated circuit chip; encrypting the randomly generated key with the static key to produce a message; transferring the message to the second integrated circuit chip; decrypting the message to retrieve the randomly generated key; and utilizing the randomly generated key by both the first integrated circuit chip and the second integrated circuit chip to exchange session keys for secured communication over the interconnect.
PCT/US1997/014442 1996-10-25 1997-08-15 A circuit and method for ensuring interconnect security within a multi-chip integrated circuit package WO1998019420A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
GB9909491A GB2334416B (en) 1996-10-25 1997-08-15 A circuit and method for ensuring interconnect security within a multi-chip integrated cirecuit package
AU42313/97A AU4231397A (en) 1996-10-25 1997-08-15 A circuit and method for ensuring interconnect security within a multi-chip integrated circuit package
DE19782075A DE19782075C2 (en) 1996-10-25 1997-08-15 A circuit and method for securing connection security within a multi-chip package of an integrated circuit
DE19782075T DE19782075T1 (en) 1996-10-25 1997-08-15 A circuit and method for securing connection security within a multi-chip package of an integrated circuit

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/735,976 1996-10-25
US08/735,976 US5828753A (en) 1996-10-25 1996-10-25 Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package

Publications (1)

Publication Number Publication Date
WO1998019420A1 true WO1998019420A1 (en) 1998-05-07

Family

ID=24957957

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/014442 WO1998019420A1 (en) 1996-10-25 1997-08-15 A circuit and method for ensuring interconnect security within a multi-chip integrated circuit package

Country Status (9)

Country Link
US (2) US5828753A (en)
KR (1) KR20000052797A (en)
CN (1) CN1118982C (en)
AU (1) AU4231397A (en)
DE (2) DE19782075C2 (en)
GB (1) GB2334416B (en)
MY (1) MY114467A (en)
TW (1) TW367569B (en)
WO (1) WO1998019420A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000001110A1 (en) * 1998-06-30 2000-01-06 Chantilley Corporation Limited Encryption and decryption key arrangements
KR100420555B1 (en) * 2002-04-19 2004-03-02 한국전자통신연구원 Block encrypting device for fast session switching and method of operating the same
US8997209B2 (en) 2012-06-13 2015-03-31 Samsung Electronics Co., Ltd. Memory device comprising a plurality of memory chips, authentication system and authentication method thereof
US9270445B2 (en) 2008-05-28 2016-02-23 Samsung Electronics Co., Ltd. Solid state disk and input/output method
CN110365480A (en) * 2019-07-19 2019-10-22 中安云科科技发展(山东)有限公司 A kind of multi-chip cipher key synchronization method, system and encryption device

Families Citing this family (133)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5828753A (en) * 1996-10-25 1998-10-27 Intel Corporation Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package
US6542610B2 (en) 1997-01-30 2003-04-01 Intel Corporation Content protection for digital transmission systems
US6151678A (en) * 1997-09-09 2000-11-21 Intel Corporation Anti-theft mechanism for mobile computers
DE69722403T2 (en) * 1997-09-23 2004-01-15 St Microelectronics Srl Banknote with an integrated circuit
US6357004B1 (en) 1997-09-30 2002-03-12 Intel Corporation System and method for ensuring integrity throughout post-processing
EP0994599A4 (en) * 1998-04-01 2009-06-03 Panasonic Corp Data transmitting/receiving method, data transmitter, data receiver, data transmitting/receiving system, av content transmitting method, av content receiving method, av content transmitter, av content receiver, and program recording medium
US6401208B2 (en) 1998-07-17 2002-06-04 Intel Corporation Method for BIOS authentication prior to BIOS execution
US6320964B1 (en) 1998-08-26 2001-11-20 Intel Corporation Cryptographic accelerator
US6389533B1 (en) 1999-02-05 2002-05-14 Intel Corporation Anonymity server
US6697489B1 (en) * 1999-03-30 2004-02-24 Sony Corporation Method and apparatus for securing control words
US7730300B2 (en) * 1999-03-30 2010-06-01 Sony Corporation Method and apparatus for protecting the transfer of data
US6643374B1 (en) 1999-03-31 2003-11-04 Intel Corporation Duty cycle corrector for a random number generator
US6795837B1 (en) 1999-03-31 2004-09-21 Intel Corporation Programmable random bit source
US6571335B1 (en) 1999-04-01 2003-05-27 Intel Corporation System and method for authentication of off-chip processor firmware code
US6516415B1 (en) * 1999-04-23 2003-02-04 Geneticware Co., Ltd Device and method of maintaining a secret code within an integrated circuit package
US6647494B1 (en) 1999-06-14 2003-11-11 Intel Corporation System and method for checking authorization of remote configuration operations
US6912513B1 (en) 1999-10-29 2005-06-28 Sony Corporation Copy-protecting management using a user scrambling key
US7039614B1 (en) 1999-11-09 2006-05-02 Sony Corporation Method for simulcrypting scrambled data to a plurality of conditional access devices
ATE454670T1 (en) * 1999-12-02 2010-01-15 Infineon Technologies Ag MICROPROCESSOR ARRANGEMENT WITH ENCRYPTION
WO2001054083A1 (en) * 2000-01-18 2001-07-26 Infineon Technologies Ag Microprocessor system with encoding
JP2001273194A (en) * 2000-03-27 2001-10-05 Toshiba Corp Interface security system
US6792438B1 (en) 2000-03-31 2004-09-14 Intel Corporation Secure hardware random number generator
US6687721B1 (en) 2000-03-31 2004-02-03 Intel Corporation Random number generator with entropy accumulation
EP1278154A4 (en) * 2000-04-28 2004-08-25 Hitachi Ltd Ic card
US6990387B1 (en) * 2000-05-18 2006-01-24 Intel Corporation Test system for identification and sorting of integrated circuit devices
US6895502B1 (en) 2000-06-08 2005-05-17 Curriculum Corporation Method and system for securely displaying and confirming request to perform operation on host computer
FR2810138B1 (en) * 2000-06-08 2005-02-11 Bull Cp8 METHOD FOR SECURE STORAGE OF SENSITIVE DATA IN A MEMORY OF AN ELECTRONIC CHIP-BASED SYSTEM, IN PARTICULAR A CHIP CARD, AND ON-BOARD SYSTEM IMPLEMENTING THE METHOD
US20030206631A1 (en) * 2000-06-22 2003-11-06 Candelore Brant L. Method and apparatus for scrambling program data for furture viewing
US20040205812A1 (en) * 2000-06-22 2004-10-14 Candelore Brant L. Method and apparatus for routing program data in a program viewing unit
US6678833B1 (en) * 2000-06-30 2004-01-13 Intel Corporation Protection of boot block data and accurate reporting of boot block contents
US7484081B1 (en) 2000-10-10 2009-01-27 Altera Corporation Method and apparatus for protecting designs in SRAM-based programmable logic devices
US7350083B2 (en) 2000-12-29 2008-03-25 Intel Corporation Integrated circuit chip having firmware and hardware security primitive device(s)
JP2002229861A (en) * 2001-02-07 2002-08-16 Hitachi Ltd Recording device with copyright protecting function
DE10113829A1 (en) * 2001-03-21 2002-09-26 Infineon Technologies Ag Processor for security-relevant applications has memory storing coded and compressed data coupled to computing unit via decoding and de-compression device
JP3719654B2 (en) * 2001-05-10 2005-11-24 松下電器産業株式会社 LSI test method
US7151831B2 (en) * 2001-06-06 2006-12-19 Sony Corporation Partial encryption and PID mapping
US7895616B2 (en) * 2001-06-06 2011-02-22 Sony Corporation Reconstitution of program streams split across multiple packet identifiers
US7747853B2 (en) 2001-06-06 2010-06-29 Sony Corporation IP delivery of secure digital content
US7350082B2 (en) * 2001-06-06 2008-03-25 Sony Corporation Upgrading of encryption
CA2450584C (en) 2001-06-12 2011-01-04 Research In Motion Limited Certificate management and transfer system and method
EP1410293A2 (en) * 2001-06-12 2004-04-21 Research In Motion Limited System and method for compressing secure e-mail for exchange with a mobile data communication device
AU2002317062A1 (en) * 2001-06-12 2002-12-23 Research In Motion Limited Method for processing encoded messages for exchange with a mobile data communication device
US20030009676A1 (en) * 2001-07-09 2003-01-09 Cole Terry L. Peripheral device with secure driver
US20040205248A1 (en) * 2001-07-10 2004-10-14 Herbert A Little System and method for secure message key caching in a mobile communication device
TWI222609B (en) * 2001-07-25 2004-10-21 Matsushita Electric Ind Co Ltd A method of producing a decrypting apparatus having a cryptographic device and cryptographic information, a system for providing such device and information, and the decrypting apparatus produced by the production method
US8019081B2 (en) * 2001-08-06 2011-09-13 Research In Motion Limited System and method for processing encoded messages
US20030048908A1 (en) * 2001-08-31 2003-03-13 Hamilton Jon W. System and method for protecting the content of digital cinema products
JP2003108949A (en) * 2001-09-28 2003-04-11 Rohm Co Ltd Authentication system and semiconductor device
US7248585B2 (en) * 2001-10-22 2007-07-24 Sun Microsystems, Inc. Method and apparatus for a packet classifier
EP1359550A1 (en) * 2001-11-30 2003-11-05 STMicroelectronics S.A. Regeneration of a secret number by using an identifier of an integrated circuit
EP1391853A1 (en) * 2001-11-30 2004-02-25 STMicroelectronics S.A. Diversification of the unique identifier of an integrated circuit
DE10162310A1 (en) * 2001-12-19 2003-07-03 Philips Intellectual Property Method for signal transmission e.g. for small computers in credit card format, signal transmission takes place via smart card controller
US7376233B2 (en) * 2002-01-02 2008-05-20 Sony Corporation Video slice and active region based multiple partial encryption
US7823174B2 (en) * 2002-01-02 2010-10-26 Sony Corporation Macro-block based content replacement by PID mapping
US7218738B2 (en) * 2002-01-02 2007-05-15 Sony Corporation Encryption and content control in a digital broadcast system
US7765567B2 (en) * 2002-01-02 2010-07-27 Sony Corporation Content replacement by PID mapping
US7233669B2 (en) * 2002-01-02 2007-06-19 Sony Corporation Selective encryption to enable multiple decryption keys
US7155012B2 (en) * 2002-01-02 2006-12-26 Sony Corporation Slice mask and moat pattern partial encryption
US7039938B2 (en) * 2002-01-02 2006-05-02 Sony Corporation Selective encryption for video on demand
US7242773B2 (en) * 2002-09-09 2007-07-10 Sony Corporation Multiple partial encryption using retuning
US7215770B2 (en) * 2002-01-02 2007-05-08 Sony Corporation System and method for partially encrypted multimedia stream
US7302059B2 (en) * 2002-01-02 2007-11-27 Sony Corporation Star pattern partial encryption
US20090180025A1 (en) * 2002-05-28 2009-07-16 Sony Corporation Method and apparatus for overlaying graphics on video
US20030226029A1 (en) * 2002-05-29 2003-12-04 Porter Allen J.C. System for protecting security registers and method thereof
US8818896B2 (en) * 2002-09-09 2014-08-26 Sony Corporation Selective encryption with coverage encryption
US8572408B2 (en) * 2002-11-05 2013-10-29 Sony Corporation Digital rights management of a digital device
US7724907B2 (en) 2002-11-05 2010-05-25 Sony Corporation Mechanism for protecting the transfer of digital content
US8645988B2 (en) * 2002-12-13 2014-02-04 Sony Corporation Content personalization for digital content
US8667525B2 (en) * 2002-12-13 2014-03-04 Sony Corporation Targeted advertisement selection from a digital stream
US7409702B2 (en) * 2003-03-20 2008-08-05 Sony Corporation Auxiliary program association table
US8234504B2 (en) * 2003-04-15 2012-07-31 Broadcom Corporation Method and system for data encryption and decryption
US7392399B2 (en) * 2003-05-05 2008-06-24 Sun Microsystems, Inc. Methods and systems for efficiently integrating a cryptographic co-processor
FR2857534B1 (en) * 2003-07-09 2005-10-28 Innova Card INTEGRATED CIRCUIT COMPRISING A REGULAR MODULE AND A SECURED MODULE CONNECTED BY A PROTECTED LINK
US7177888B2 (en) * 2003-08-01 2007-02-13 Intel Corporation Programmable random bit source
US20050036067A1 (en) * 2003-08-05 2005-02-17 Ryal Kim Annon Variable perspective view of video images
US7530108B1 (en) 2003-09-15 2009-05-05 The Directv Group, Inc. Multiprocessor conditional access module and method for using the same
US20050066357A1 (en) * 2003-09-22 2005-03-24 Ryal Kim Annon Modifying content rating
US7346163B2 (en) * 2003-10-31 2008-03-18 Sony Corporation Dynamic composition of pre-encrypted video on demand content
US20050097596A1 (en) * 2003-10-31 2005-05-05 Pedlow Leo M.Jr. Re-encrypted delivery of video-on-demand content
US7620180B2 (en) * 2003-11-03 2009-11-17 Sony Corporation Preparation of content for multiple conditional access methods in video on demand
US20050097597A1 (en) * 2003-10-31 2005-05-05 Pedlow Leo M.Jr. Hybrid storage of video on demand content
US7263187B2 (en) * 2003-10-31 2007-08-28 Sony Corporation Batch mode session-based encryption of video on demand content
US7853980B2 (en) * 2003-10-31 2010-12-14 Sony Corporation Bi-directional indices for trick mode video-on-demand
US7343013B2 (en) * 2003-12-16 2008-03-11 Sony Corporation Composite session-based encryption of video on demand content
US20050102702A1 (en) * 2003-11-12 2005-05-12 Candelore Brant L. Cablecard with content manipulation
CN1332522C (en) * 2003-12-25 2007-08-15 电子科技大学 Method for making cipher chip having security protection function
US20050169473A1 (en) * 2004-02-03 2005-08-04 Candelore Brant L. Multiple selective encryption with DRM
DE102004014435A1 (en) * 2004-03-24 2005-11-17 Siemens Ag Arrangement with an integrated circuit
EP1605359A1 (en) * 2004-06-11 2005-12-14 Axalto SA Hiding information transmitted on a data bus
US7348887B1 (en) 2004-06-15 2008-03-25 Eigent Technologies, Llc RFIDs embedded into semiconductors
US20060036849A1 (en) * 2004-08-09 2006-02-16 Research In Motion Limited System and method for certificate searching and retrieval
US9094429B2 (en) 2004-08-10 2015-07-28 Blackberry Limited Server verification of secure electronic messages
US7631183B2 (en) 2004-09-01 2009-12-08 Research In Motion Limited System and method for retrieving related certificates
US7549043B2 (en) * 2004-09-01 2009-06-16 Research In Motion Limited Providing certificate matching in a system and method for searching and retrieving certificates
US7640428B2 (en) * 2004-09-02 2009-12-29 Research In Motion Limited System and method for searching and retrieving certificates
US8566616B1 (en) 2004-09-10 2013-10-22 Altera Corporation Method and apparatus for protecting designs in SRAM-based programmable logic devices and the like
US8612772B1 (en) 2004-09-10 2013-12-17 Altera Corporation Security core using soft key
US8074082B2 (en) * 2004-10-08 2011-12-06 Aprolase Development Co., Llc Anti-tamper module
US8281132B2 (en) * 2004-11-29 2012-10-02 Broadcom Corporation Method and apparatus for security over multiple interfaces
US7895617B2 (en) * 2004-12-15 2011-02-22 Sony Corporation Content substitution editor
US8041190B2 (en) 2004-12-15 2011-10-18 Sony Corporation System and method for the creation, synchronization and delivery of alternate content
US8276185B2 (en) * 2005-01-19 2012-09-25 Micron Technology, Inc. Enhanced security memory access method and architecture
KR100666328B1 (en) * 2005-02-11 2007-01-09 삼성전자주식회사 Security apparatus using on-chip memory, and the security method using the same
US7712674B1 (en) 2005-02-22 2010-05-11 Eigent Technologies Llc RFID devices for verification of correctness, reliability, functionality and security
DE102005063482B4 (en) * 2005-03-24 2012-09-06 Infineon Technologies Ag Data transmission device for use in data processing device, has interface performing preventive measure against transferring of data from that interface to other interface, if decoding data stream does not correspond to expected data stream
DE102005013830B4 (en) 2005-03-24 2008-11-20 Infineon Technologies Ag Device and method for the encrypted transmission of data
JP2006279868A (en) * 2005-03-30 2006-10-12 Sharp Corp Semiconductor device, and ic card comprising the same
US9171187B2 (en) * 2005-05-13 2015-10-27 Nokia Technologies Oy Implementation of an integrity-protected secure storage
DE602005020482D1 (en) * 2005-10-14 2010-05-20 Research In Motion Ltd Masterverschlüsselung
US7900022B2 (en) * 2005-12-30 2011-03-01 Intel Corporation Programmable processing unit with an input buffer and output buffer configured to exclusively exchange data with either a shared memory logic or a multiplier based upon a mode instruction
US20070157030A1 (en) * 2005-12-30 2007-07-05 Feghali Wajdi K Cryptographic system component
US8185921B2 (en) 2006-02-28 2012-05-22 Sony Corporation Parental control of displayed content using closed captioning
US7555464B2 (en) * 2006-03-01 2009-06-30 Sony Corporation Multiple DRM management
DE102006021297A1 (en) * 2006-05-08 2008-01-10 Mühlbach, Sascha Full-transparent, coded, multi-masterable communication providing method, involves performing code exchange in initialization phase, where authentication takes place during initialization of cipher, which is made possible by secret code
US7814161B2 (en) 2006-06-23 2010-10-12 Research In Motion Limited System and method for handling electronic mail mismatches
KR100773057B1 (en) * 2006-09-06 2007-11-02 삼성전자주식회사 Method and apparatus for near field communication in terminal with extension slot
US8255988B2 (en) * 2007-03-28 2012-08-28 Microsoft Corporation Direct peripheral communication for restricted mode operation
US7506176B1 (en) * 2008-03-10 2009-03-17 International Business Machines Corporation Encryption mechanism on multi-core processor
JP2012080295A (en) * 2010-09-30 2012-04-19 Toshiba Corp Information storage device, information storage method, and electronic device
PL2461265T3 (en) 2010-12-03 2019-10-31 Novomatic Ag Device for and method of handling sensitive data
JP5954030B2 (en) * 2012-08-02 2016-07-20 富士通株式会社 Cryptographic processing apparatus and method
US10103872B2 (en) * 2014-09-26 2018-10-16 Intel Corporation Securing audio communications
US10726162B2 (en) * 2014-12-19 2020-07-28 Intel Corporation Security plugin for a system-on-a-chip platform
US9674162B1 (en) 2015-03-13 2017-06-06 Amazon Technologies, Inc. Updating encrypted cryptographic key pair
US9479340B1 (en) 2015-03-30 2016-10-25 Amazon Technologies, Inc. Controlling use of encryption keys
CN105528548A (en) * 2015-12-09 2016-04-27 乐鑫信息科技(上海)有限公司 Method for encoding and automatically decoding codes in chip OutNvMem in batches
US10382410B2 (en) * 2016-01-12 2019-08-13 Advanced Micro Devices, Inc. Memory operation encryption
DE102016123178A1 (en) * 2016-11-30 2018-05-30 genua GmbH Encryption device for encrypting a data packet
US10614232B2 (en) * 2018-09-10 2020-04-07 John Almeida Storing and using multipurpose secret data
US10892895B2 (en) * 2018-09-10 2021-01-12 Atense, Inc. Storing and using multipurpose secret data
CN113675097B (en) * 2021-08-16 2024-02-20 深圳市国微电子有限公司 Manufacturing method of three-dimensional chip and three-dimensional chip
TWI809741B (en) * 2022-03-02 2023-07-21 大陸商星宸科技股份有限公司 Multichip system having command transfer mechanism and address generating method
CN115694813B (en) * 2022-12-30 2023-03-17 三未信安科技股份有限公司 Multi-chip key management system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5377264A (en) * 1993-12-09 1994-12-27 Pitney Bowes Inc. Memory access protection circuit with encryption key
US5396609A (en) * 1989-01-19 1995-03-07 Gesellschaft Fur Strahlen- Und Umweltforschung Mbh (Gsf) Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions
US5428685A (en) * 1992-01-22 1995-06-27 Fujitsu Limited IC memory card and method of protecting data therein
US5483596A (en) * 1994-01-24 1996-01-09 Paralon Technologies, Inc. Apparatus and method for controlling access to and interconnection of computer system resources
US5559883A (en) * 1993-08-19 1996-09-24 Chipcom Corporation Method and apparatus for secure data packet bus communication

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2311360A1 (en) 1975-05-13 1976-12-10 Innovation Ste Int SYSTEM FOR STORING DATA CONFIDENTIALLY BY MEANS OF PORTABLE ELECTRONIC OBJECTS INCLUDING A CONFIDENTIAL CODE ERROR MEMORIZATION CIRCUIT
FR2392447A1 (en) 1977-05-26 1978-12-22 Cii Honeywell Bull INFORMATION PROCESSING SYSTEM PROTECTING THE SECRET OF CONFIDENTIAL INFORMATION
US4310720A (en) 1978-03-31 1982-01-12 Pitney Bowes Inc. Computer accessing system
FR2469760A1 (en) 1979-11-09 1981-05-22 Cii Honeywell Bull METHOD AND SYSTEM FOR IDENTIFYING PEOPLE REQUESTING ACCESS TO CERTAIN MEDIA
FR2477344B1 (en) 1980-03-03 1986-09-19 Bull Sa METHOD AND SYSTEM FOR TRANSMITTING CONFIDENTIAL INFORMATION
FR2480539B1 (en) 1980-04-09 1985-09-13 Cii Honeywell Bull METHOD AND SYSTEM FOR TRANSMITTING SIGNED MESSAGES
FR2514593B1 (en) 1981-10-09 1986-12-26 Bull Sa METHOD AND DEVICE FOR AUTHENTICATING THE SIGNATURE OF A SIGNED MESSAGE
FR2526977B1 (en) 1982-05-14 1988-06-10 Cii Honeywell Bull METHOD AND DEVICE FOR AUTHENTICATING OR CERTIFYING AT LEAST INFORMATION CONTAINED IN A MEMORY OF AN ELECTRONIC MEDIUM IN PARTICULAR REMOVABLE AND PORTABLE SUCH AS A CARD
FR2530053B1 (en) 1982-07-08 1986-04-25 Bull Sa METHOD FOR CERTIFYING THE SOURCE OF AT LEAST ONE INFORMATION RECORDED IN A MEMORY OF A FIRST ELECTRONIC DEVICE AND TRANSMITTED TO A SECOND ELECTRONIC DEVICE, AND SYSTEM FOR IMPLEMENTING SUCH A METHOD
FR2539897B1 (en) 1983-01-20 1988-12-30 Cii Honeywell Bull METHOD AND DEVICE FOR ENABLING THE HOLDER OF A PORTABLE OBJECT SUCH AS A CARD, TO BE ACCESSED BY THIS CARD TO AT LEAST ONE SERVICE PROVIDED BY AT LEAST ONE AUTHORIZING ORGANIZATION
FR2601535B1 (en) 1986-07-11 1988-10-21 Bull Cp8 METHOD FOR CERTIFYING THE AUTHENTICITY OF DATA EXCHANGED BETWEEN TWO DEVICES CONNECTED LOCALLY OR REMOTELY THROUGH A TRANSMISSION LINE
FR2601476B1 (en) 1986-07-11 1988-10-21 Bull Cp8 METHOD FOR AUTHENTICATING EXTERNAL AUTHORIZATION DATA BY A PORTABLE OBJECT SUCH AS A MEMORY CARD
DE3631797A1 (en) * 1986-09-18 1988-03-31 Siemens Ag Method and device for coding useful data
FR2618002B1 (en) 1987-07-10 1991-07-05 Schlumberger Ind Sa METHOD AND SYSTEM FOR AUTHENTICATING ELECTRONIC MEMORY CARDS
FR2651347A1 (en) 1989-08-22 1991-03-01 Trt Telecom Radio Electr SINGLE NUMBER GENERATION METHOD FOR MICROCIRCUIT BOARD AND APPLICATION TO COOPERATION OF THE BOARD WITH A HOST SYSTEM.
DE4125812C2 (en) * 1991-08-01 1999-05-20 Siemens Ag Process for secure data transmission
DE4215955C1 (en) * 1992-05-14 1993-12-09 Siemens Ag Two part information transmission system - has data sent to portable data carrying apparatus from read write unit divided into two differently transmitted parts
US5596718A (en) * 1992-07-10 1997-01-21 Secure Computing Corporation Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor
US5805706A (en) 1996-04-17 1998-09-08 Intel Corporation Apparatus and method for re-encrypting data without unsecured exposure of its non-encrypted format
US5473692A (en) 1994-09-07 1995-12-05 Intel Corporation Roving software license for a hardware agent
US5539828A (en) 1994-05-31 1996-07-23 Intel Corporation Apparatus and method for providing secured communications
US5530753A (en) * 1994-08-15 1996-06-25 International Business Machines Corporation Methods and apparatus for secure hardware configuration
US5615263A (en) * 1995-01-06 1997-03-25 Vlsi Technology, Inc. Dual purpose security architecture with protected internal operating system
US5828753A (en) * 1996-10-25 1998-10-27 Intel Corporation Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5396609A (en) * 1989-01-19 1995-03-07 Gesellschaft Fur Strahlen- Und Umweltforschung Mbh (Gsf) Method of protecting programs and data in a computer against unauthorized access and modification by monitoring address regions
US5428685A (en) * 1992-01-22 1995-06-27 Fujitsu Limited IC memory card and method of protecting data therein
US5559883A (en) * 1993-08-19 1996-09-24 Chipcom Corporation Method and apparatus for secure data packet bus communication
US5377264A (en) * 1993-12-09 1994-12-27 Pitney Bowes Inc. Memory access protection circuit with encryption key
US5483596A (en) * 1994-01-24 1996-01-09 Paralon Technologies, Inc. Apparatus and method for controlling access to and interconnection of computer system resources

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000001110A1 (en) * 1998-06-30 2000-01-06 Chantilley Corporation Limited Encryption and decryption key arrangements
KR100420555B1 (en) * 2002-04-19 2004-03-02 한국전자통신연구원 Block encrypting device for fast session switching and method of operating the same
US9270445B2 (en) 2008-05-28 2016-02-23 Samsung Electronics Co., Ltd. Solid state disk and input/output method
US8997209B2 (en) 2012-06-13 2015-03-31 Samsung Electronics Co., Ltd. Memory device comprising a plurality of memory chips, authentication system and authentication method thereof
CN110365480A (en) * 2019-07-19 2019-10-22 中安云科科技发展(山东)有限公司 A kind of multi-chip cipher key synchronization method, system and encryption device

Also Published As

Publication number Publication date
US5828753A (en) 1998-10-27
GB2334416A (en) 1999-08-18
MY114467A (en) 2002-10-31
AU4231397A (en) 1998-05-22
TW367569B (en) 1999-08-21
US6209098B1 (en) 2001-03-27
CN1242120A (en) 2000-01-19
CN1118982C (en) 2003-08-20
KR20000052797A (en) 2000-08-25
DE19782075T1 (en) 1999-09-30
GB9909491D0 (en) 1999-06-23
GB2334416B (en) 2001-04-11
DE19782075C2 (en) 2001-11-08

Similar Documents

Publication Publication Date Title
US5828753A (en) Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package
KR100837270B1 (en) Smart card and data security method thereof
US6345359B1 (en) In-line decryption for protecting embedded software
US8281132B2 (en) Method and apparatus for security over multiple interfaces
RU2251726C2 (en) Microprocessor device with encoding
KR100358596B1 (en) A circuit and method for configuring and registering a cryptographic device
CN101346930B (en) Secure system-on-chip
US8160244B2 (en) Stateless hardware security module
US8363833B1 (en) FPGA configuration bitstream encryption using modified key
US6226382B1 (en) Method for implementing a private-key communication protocol between two processing devices
EP0905942B1 (en) Decrypting device
EP2506174B1 (en) Enabling a software application to be executed on a hardware device
US7165180B1 (en) Monolithic semiconductor device for preventing external access to an encryption key
EP2506176A1 (en) Establishing unique key during chip manufacturing
US20070186117A1 (en) Secure processor-based system and method
JPH10154976A (en) Tamper-free system
US7752407B1 (en) Security RAM block
US20060233360A1 (en) Device and method for transmitting data in an encrypted manner
US20070217608A1 (en) Data scramble/descramble technique for improving data security within semiconductor device
US8249253B2 (en) Semiconductor integrated circuit having encrypter/decrypter function for protecting input/output data transmitted on internal bus
GB2122777A (en) Software protection apparatus and method
US7657034B2 (en) Data encryption in a symmetric multiprocessor electronic apparatus
KR20020071274A (en) Universal Serial Bus(USB) security secondary storage device using Crypto Chip and Flash memory based on PC
US6971020B1 (en) Circuit and method for the securing of a coprocessor dedicated to cryptography
CN115664646B (en) Data backup method and device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 97181008.7

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG UZ VN YU ZW AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 9909491

Country of ref document: GB

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1019997003615

Country of ref document: KR

RET De translation (de og part 6b)

Ref document number: 19782075

Country of ref document: DE

Date of ref document: 19990930

WWE Wipo information: entry into national phase

Ref document number: 19782075

Country of ref document: DE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA

WWP Wipo information: published in national office

Ref document number: 1019997003615

Country of ref document: KR

WWR Wipo information: refused in national office

Ref document number: 1019997003615

Country of ref document: KR