Processor

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

 

The invention relates to the field of computer technology, as well as to the protection of information in computer systems and can be used to protect programs and data from unauthorized (“pirate”) copy and use, and to protect computer systems from computer viruses (KB) and software bookmarks (PZ), the result of unwanted effects which is the violation of integrity of the distortion or destruction of information.

Known means of protecting software and data from unauthorized copying (NSC), which use different techniques, complicating the installation and execution copies of software in electronic computing machines (computers). (ALEXANDER Spesivtsev, Wegner, VA, Krotkov A. and other information Protection in personal computers. - M.: Radio and communication, 1992).

However, they are all simply “hacked” by analyzing the program and embedded system security using the software debuggers during program execution, as well as by analysis of the program text and embedded system security resulting from the disassembly code. Successful “hacking” the system of protection due to the fact that the known information about the system native commands (the formats and codes of the commands)available for the analysis of the program text, obtained by disassembly, POS is but step-by-step program execution, and analysis of the results after each step.

Known means of protecting computers from KB and PZ (N. N. Bezrukov. Computer Virology. - Kiev: keiga, 1990), which by testing the program code to enable the detection of the known KB and PZ and their destruction.

However, so far not found a method that provides a full guarantee to protect the computer from KB and PZ. In addition, the possibility of creating a new KB and PZ is based on openness and availability of machine instructions for use.

Known cryptographic methods and means of information protection, the use of which can provide the required level of protection in transit and storage. (An introduction to cryptography. Ed. Veh. - SPb.: Peter, 2001).

However, at the stage of information processing in the processor the application of cryptographic techniques hinders the openness of the system of machine instructions. Thereby violated the well-known condition reliable operation of the protection system is the requirement of continuity of protection.

There are devices that use cryptography methods at the stage of program execution, which are special schemes, such as

cryptometrics (US patent No. 4465901, IPC G 06 K 5/00, H 04 L 9/00, 1984; US patent No. 5666411, IPC H 04 L 9/00, 1997);

decoder (US patent No. 4246638, IPC G 06 F 013/00, N 04 To 001/00, 1981, US patent No. 4433207, H 04 L 009/00, 1984);

coprocessor (US patent No. 4903296, H 04 L 009/00, 1990).

These circuits is connected to the standard equipment from the outside and provide decryption of the encrypted program or parts of it before running or in the process of its implementation.

The main disadvantages of the known devices:

- saving mode execution and unencrypted programs leads to the violation of the requirements of continuity of protection;

- the need for external connections specific for each computer scheme to the standard computer leads to the complication of its use and prevents mass application.

Also known digital computer (US patent No. 4306289, G 06 F 005/00, 1981), using the methods of cryptography at the stage of execution of the program that contains the schema for the decryption of the encrypted code of the program. This scheme is located in the processor between the instruction register and decoder commands, thereby altering the standard processor architecture. The processor operates in two modes:

1) a mode of execution unencrypted programs;

2) the mode of execution of the encrypted program.

Switching from one mode to another is done on special teams placed at the beginning and at the end of the encrypted section of the program. As a result, the execution of the encrypted program (pirate copies) on another computer becomes impossible.

The drawbacks:

to use a mode of execution of public programs does not meet the requirement of continuity of protection;

software switching regenerate processor on a particular command, you can easily detect the encrypted portions of the program and by their analysis to “crack” the encryption key, because its length is small - only 8 bits.

- to encrypt various programs actually used one key. However, modern computers are used licensed software from different manufacturers, so the use of one key does not protect other programs from decryption open in another program key.

Due to these shortcomings cryptographic tools in modern mass-produced processors are not applied.

The closest in technical essence and the achieved result of the claimed device is a Pentium Pro company Intel Pentiun Pro Family Developer's Manual. Intel Corporation, 1996), including

the device bus interface (Bus Interface Unit), allows the processor to communicate with the system bus (System Bus) and the cache memory L2 Cache);

the device fetch/decode commands (Fetch/Decode Unit), which provides sample commands from the memory in order (in order);

the device dispatch/execution (Despatch/Execute Unit), providing execution of commands in a mess (out of order) and write the results into memory in order.

The CPU has two operating modes: real mode addressing (Real Address Mode and protected mode virtual addressing (Protected Virtual Address Mode). On the basis of the second mode are different software protection system, which is included in operating systems, both the providing protection to information against unauthorized use and tampering.

The disadvantage of the prototype is to use runtime mode open, i.e. unencrypted programs that do not meet the requirement of continuity of the protection process, so security is built on the basis of the protected mode of the processor Pentium Pro, do not guarantee protection from the NSC, and the computer from the harmful effects of KB and PZ.

The task is to develop a processor with a closed system commands (PSSC), which will be achieved to be able to execute only encrypted programs, each of which is encrypted private secret key, and the decryption process is carried out inside the processor and the decrypted code fragment program is not available for a person.

The problem is solved due to the fact that the processor containing the device bus interface, the device fetch/decode commands, the device dispatch/execution, according to the invention, the adjustment device decryption-line program, selected from memory and loaded into the cache commands of the first level, while the first and second I/o device bus interface are inputs/outputs PSSC, the first of which is connected to the system bus, and the second cache memory of the second level, the third input/output connected to the input/output device dispatch/execution the Oia, and the output is connected to the first input of the decryption of the line, a second input connected to the first output of the fetch/decode commands and the output with the first input of the fetch/decode the second output of which is connected to the input device bus interface, and a third output from the input device dispatching and execution, the output of which is connected with the second input of the fetch/decode commands, and the device decryption-line program contains a set of N input elements XOR - exclusive or memory keys, storing different N-bit decryption keys, all the first inputs of the XOR elements connected to the first input of the decryption-line program, and the outputs of the XOR elements connected to the output of the decryption of the line, and the second inputs of the XOR elements connected to the output of the memory key, the input of which is connected with the second input of the decryption-line program.

Conducted by the applicant search on scientific, technical and patent information and the selected prototype revealed in the claimed technical solution distinctive signs, therefore, the claimed device meets the criteria of the invention “novelty”.

Conducted by the applicant additional search of the known technical re the response to detect in them the signs, similar to the distinctive features of the claimed technical solution, showed that the claimed solution manifest properties that do not match the properties shown above-mentioned features in the known technical solutions, therefore, the claimed technical solution meets the criteria of the invention “inventive step”.

The invention is illustrated by drawings, where figure 1 presents the block diagram of the processor (PSSC), and figure 2 presents a diagram of the device decryption-line program.

The processor contains a device bus interface 1, the device decryption of the line 2, the device fetch/decode commands 3, the device dispatch/execution 4. The device bus interface 1 has three input/output, the first input/output connected to the system bus, the second with a cache memory of the second level and the third is connected to the input/output device dispatch/execution and is used to read data from the memory and to write the results into memory. The output of the device bus interface 1 is connected to the first input of the decryption of the line 2, a second input connected to the first output of the fetch/decode 3, and the output device decryption of the line 2 is connected to the first input of the sample/decoded is I 3, the second output of which is connected to the input device bus interface 1, and the third output to the input of the device dispatch/execution 4, the output of which is connected with the second input of the fetch/decode 3.

The device decryption of the line 2 contains a set of N input elements XOR (exclusive or) 2.11,...,2.1Nmemory keys 2.2 decryption-line program, all first inputs of the XOR elements connected with the first input device bus interface 1, and outputs the XOR of all elements connected to the output of the decryption of the line 2, and the second inputs of the XOR elements connected to the output memory keys 2.2 decryption-line program, the address input of which is connected with the second input of the decryption of the line 2.

Memory keys 2.2 storing N-bit decryption keys, made by the scheme EPROM type EEPROM with serial input interface, which is used to record individual CPU key. After recording the key inputs of the interface are destroyed by their burnout. This method allows you to record keys memory keys 2.2 after manufacturing LSI PSSC.

The processor works with a closed system commands (PSSC) as follows. In the computer's memory (RAM or hard disks) all programs are stored in the ENC is bathing individual keys. Pre-encryption of each program is the N-bit key, one set of keys stored in the memory keys 2.2. PSSC. The length N of the encryption key matches the bit width data bus device bus interface 1 (Pentium Pro N=64), through which the sample of the line and write it to the cache commands first level button in the device fetch/decode 3. In the encryption process, the program is divided into N-bit strings. The encrypted string is carried out by adding modulo two with the encryption key, the number of which becomes an attribute of the program.

Decrypting each N-bit strings program in the decryption device 2 is fetch from memory and before writing to the cache commands of the first device level fetch/decode 3. Decryption is the key retrieved from memory keys 2.2 the number that corresponds to the executing program and served on its address input from the device fetch/decode 3. The number of the decryption key is set in the attributes field of a descriptor register code segment selector is loaded into a segment register CS. The number of the decryption key is loaded therein simultaneously with the transfer of the control program, i.e. immediately after downloading the new selector in the registration of the CS descriptor register loaded handle and the key number as an attribute of the program.

Decrypted string program will be entered into the instruction cache of the first device level fetch/decode 3, where it is then extracted and used in the traditional way.

Thus, the string program in the decrypted form is only inside the CPU and is therefore unavailable for analysis. Attempted execution of the program encrypted by the other key or not encrypted at all, leads to incorrect operation of the processor, which provides protection from KB and PZ. In addition, the use of different keys to encrypt different programs virtually eliminates disclosure and the NSC.

The massive use of the claimed device will allow to achieve the following technical and economic advantages:

- to promote the use of cryptographic techniques on the stage of information processing, which in this case is carried out by execution of the encrypted unique secret key programs that will make the continuous process of protecting information in a computer;

- to exclude the possibility of execution unencrypted programs that will provide protection from the NSC, and computer systems from the harmful effects of KB and PZ;

- cryptographic protection provided by a large bit width N of the encryption key (in modern processors it is in the range from 64 to 256), different dline the commands in CISC processors therefore, at a constant length N of the line, the same meaning teams have different fields encrypted encryption key, which is actually equivalent to the various encryption keys.

The processor that contains the device bus interface, the device fetch/decode commands, the device dispatch/execution, characterized in that it introduced the device decryption-line program, selected from memory and loaded into the cache commands of the first level, while the first and second I/o device bus interface input/output processor, the first of which is connected to the system bus, and the second cache memory of the second level, the third input/output connected to the input/output device dispatching and execution, and the output connected to the first input of the decryption string program, a second input connected to the first output of the fetch/decode commands and the output with the first input of the fetch/decode the second output of which is connected to the input device bus interface, and a third output from the input device dispatching and execution, the output of which is connected with the second input of the fetch/decode commands, and the device decryption-line program contains a set of N Duhlata the s elements "exclusive or", memory keys, storing different N-bit decryption keys, when this all first inputs of two-input elements "exclusive or" is connected with the first input of the decryption-line program, and the outputs of the two elements of the "exclusive or" is connected to the output of the decryption of the line, and the second inputs of two-input elements "exclusive or" is connected to the output of the memory key, the input of which is connected with the second input of the decryption-line program.



 

Same patents:

FIELD: computers.

SUBSTANCE: device has pulse generator and OR element. First input of OR element is connected to input of pulse generator and is meant for receiving signal, being sign of data transfer in local network. Output of generator is connected to second input of OR element. Output of the latter is meant for output of signal, matching condition of data bus of a network.

EFFECT: higher speed of data transfer, higher reliability of operation of Ethernet network.

3 dwg, 2 tbl

FIELD: electric engineering.

SUBSTANCE: method includes estimation of quality coefficients of electric energy in electric energy system, determining degree of matching of these coefficients to normal values, forming of control signal for correcting devices and predicting electric energy characteristics expected after effect of these devices. On basis of analysis of predicted characteristics quality coefficients are newly estimated and if necessary control signals for correction devices are formed. Estimation of not only voltage and frequency is provided, but also current. Whole cycle is repeated for each node of electric energy system.

EFFECT: higher efficiency.

1 dwg

FIELD: computers.

SUBSTANCE: processor has a pseudo-associative device, consisting of two memory blocks, interconnected through transposing circuit.

EFFECT: higher productiveness, higher efficiency.

2 dwg, 2 tbl

FIELD: computers.

SUBSTANCE: system has memory for programs, including browser, display block, database for storing documents, addressing control block, while each document of base has at least one link with indicator of its unique number and indicator with address of program for control stored in addressing control block, system contains also, connected by data buses and control of other blocks of system, memory for links of couples of unique numbers of links and forming means for lists of unique numbers of documents links, which are interconnected.

EFFECT: higher efficiency.

2 cl, 1 dwg

FIELD: communications.

SUBSTANCE: method includes inputting data from individual subscriber into memory of subscriber device, then data are sent through subscriber device to data server, where it is clarified, whether subscriber provides certain information or consumes certain information with query for certain data, data from data provider are kept in information server database in form of individual provider record, and for data consumer data search is performed, appropriate to query, in database, in case if data answering the query is found on server, it is sent to data consumer. Method includes prior forming of classification, allowing forming identifiers of objects of possible interest of subscribers, before inputting data from individual subscriber or in process of this input at least partial conversion of these data to appropriate formed identifier of said classification, used for recognizing information in database, is performed, said information being appropriate for subscriber request. Portion of data not used in identifier is used dependent on category of subscriber.

EFFECT: broader functional capabilities.

2 cl, 2 dwg

The invention relates to computer science and computer engineering

The invention relates to communication systems using an extended Protocol message network management and routing of messages in a communication network control elevators, with many nodes

The invention relates to data processing systems
The invention relates to a method for assigning addresses running in system mode computers

The invention relates to computing
The invention relates to computing, and in particular to information and computer systems and networks, and can be used in the network integrity monitoring for protection of information resources in workstations, informational, and functional servers, etc

The invention relates to computer technology and may find application in the organization of authorized access to resources of the computing system

The invention relates to the field of information security with cryptographic transformation of data

The invention relates to the field of authentication objects

The invention relates to methods of protecting computer memory from unauthorized access through an arbitrary communication channels and to the structure of the devices for implementing such methods

The invention relates to the field of computing, and in particular to means of information protection from unauthorized access to electronic computing systems (machines), local area networks (LAN) - based personal computers (PC)

The invention relates to a device for data exchange with setting permissions on data exchange

The invention relates to a method of monitoring the performance of computer programs in accordance with their intended purpose

The invention relates to the field of optical recording and reproducing video and/or audio data, in particular to the recording medium for storing identification information of the manufacturer of the recording device, changing the contents of the recording media

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

Up!