Microprocessor device with encoding

FIELD: microprocessors.

SUBSTANCE: device has central processing devices, including first cryptographic block, at least one peripheral block, including second cryptographic block, device also has data bus, random numbers generator, conductor for supplying clock signal, conductor for providing random numbers signal, set of logical communication elements, while each cryptographic block has register of displacement with check connection.

EFFECT: higher level of unsanctioned access protection.

7 cl, 1 dwg

 

The invention relates to a microprocessor-based device with a microprocessor and a peripheral unit, which are interconnected by a data bus. At the ends of the bus provided by the cryptographic blocks.

Microprocessor-based device, in which case the data stream transmitted on the data bus, cryptographically encrypted, are used in applications that are critical from the point of view of security. Such microprocessor serve as control circuits for mobile maps data carriers, the so-called smart cards. In the data memory of the microprocessor are stored personalized data, the value of money or granting of access rights that are read by the reading device, which then provides free access to the functional unit, protected from unauthorized access.

As in the process of exchanging data in a microprocessor-based device uses confidential information in respect of which should be provided to prevent unauthorized access, require appropriate measures of protection. Unauthorized reading of data memory devices, or interception of internal device data exchange could be done by using a sensing, in which a thin probes are installed in soo the relevant parts of the circuits and conductors to create thereby an offshoot of the processed signal flow in the operating mode. Tires requires, due to the relatively high stray capacitance, high current circuits. Access to the bus from outside observed by typical current profile. From this we can draw conclusions about the internal working stages of the scheme; in certain circumstances it would be even possible to determine the cryptographic key block.

Protective measures against unauthorized read the contents of the data memory in the microcontroller for smart cards is described in DE 19642560 A1. In memory encrypted data stored fundamentally important to protect the data. In the data bus between the memory and the Central processor unit (CDC) enabled device interpretation, so that CDC can be processed and interpreted data source. When recording data again in the memory data is again encrypted. In a possible embodiment, the encryption and decoding are implemented a two-stage manner. In accordance with this one device encryption and decoding are included on the side of the memory and the respective peripheral blocks, as well as on the side of the CDC.

There is the problem of ensuring that the data exchange bus (depends on implementation, was either completely, or h is ichno encrypted. By sensing could be information exchange, which is by bus, to intercept relatively simple means. Would require additional, for example, mechanical measures to ensure effective protection from unauthorized access.

The present invention is to create a microprocessor device, the protection of which against unauthorized listening encrypted processes would be raised.

In accordance with the invention this task is solved by a microprocessor device, which contains the Central processing unit and at least one peripheral unit, which are interconnected by a data bus; a first cryptographic unit, which is located in said peripheral unit connected to the data bus; the second cryptographic unit, which is referred to the Central processing unit and connected to the data bus, and the random signal to generate a sequence of data values that is associated with the first and second cryptographic unit to feed them mentioned data values, and cryptographic mode of the first and second cryptographic units can be controlled depending on the data values generated by a random signal.

According the invention, the flow of information issued to the functional unit of a microprocessor device in the bus data is encrypted and at the input of the receiving unit is again detectable. The encryption mode and the interpretation is driven by a random signal, so that any operating condition in the encryption/decoding is impossible to predict in a deterministic manner. This increases the security of information exchange, through the data bus. Consequently, there is no need to use mechanical safeguards to protect system data from unauthorized access using probes. By control of the random process of encryption/decoding generates the corresponding random profile current, making listening to the exchange of information in the data bus becomes impossible.

In principle, the invention can be used in any microprocessor system in which a Central processing unit (Central processing unit) is exchanged over the bus data and an address of the peripheral blocks, including the block of memory. The device may be implemented as discrete elements and monolithic integrated technologies on a single semiconductor chip, in the form of a so-called microcontroller and ADI high the roller.

The preferred way random numbers to control the encryption and the decryption are served with a clock synchronized to the corresponding blocks. For this purpose the conductor clock signal, connecting all the blocks of the encryption/decoding. In addition, these blocks are interconnected by a conduit through which a random number is transmitted further. To increase the reliability of protection it is advisable both Explorer to protect by mechanical shielding against eavesdropping using probes. However, it is not necessary relevant to the protection of many other conductors of the data bus.

It is also possible random values for the key to pass to the cryptographic blocks by bus and guide management. A separate conductor 5 in this case is not needed. Thus, not only can data bus, and control signals, the so-called state of the bus, to transmit encrypted.

Block encryption/decoding contains the preferred way the shift register with feedback, which is controlled by a common clock signal and sequentially supplied random number. Issued from the output of the shift register word data logically associated with issued on the bus or from bus word data, for example through the use of logical the second circuit “exclusive OR”. Feedback is used in the shift register is preferably linear.

Below the invention is described by example with reference to the drawing, which shows a schematic representation of the Central processing unit (Central processing unit - CDC), of the memory block and the additional peripheral unit, which is a monolithic integrated circuit is a microcontroller.

Shown in the drawing, the microcontroller includes a Central processing unit or CDC 1, the memory unit 2 and the peripheral block 3. Peripheral unit 3 may represent, for example, block input/output. All components of the microcontroller is executed in a single silicon integrated circuit. CDC 1 has the functions of data management and computing, the memory unit 2 contains the data stored in the volatile memory and non-volatile memory and a peripheral unit 3 is used to perform the prescribed functions. In the General case, the microcontroller contains other functional blocks. Communication between these blocks is performed through the bus 4 data. The data bus includes a set of conductors on which data is transmitted in parallel. In addition, the bus contains the appropriate conductors management, designed to control the data transfer. Recourse to the data bus input and vynodelov 1, 2, 3 connected to the appropriate cryptographic unit 11, 21, 31. Transmitted on the conductors of the data bus data stream entered in the appropriate block or, respectively, or the output from this block is decrypted or encrypted by using the appropriate cryptographic block.

For example, CDC is requesting a data word from the memory unit 2. The word data is read from the corresponding memory cell of the memory unit 2 and stored intermediate image in register 211. Using the internal circuits of the cryptographic unit 21, the word data is encrypted and outputted to the bus 4. The cryptographic unit 11 BSC 1 takes the word data to decode it and save the intermediate image in the register 111. During the transmission of speech data bus 4 from the memory unit 2 to the CDC 1 this word data exists only in encrypted form. Encryption and decryption of blocks 21 or 11 is performed depending on a random number, which is provided from the generator 6 random numbers, the output of which through conductor 5 is connected to the blocks 21, 11. Enter random numbers in both block 21, 11 is synchronized manner with the clock signal CLK, the input on conductor 7 in both devices 21, 11. The generator 6 random numbers generates (pseudo)random sequence of bits, Kotor is synchronous, using the clock signal CLK is applied to the cryptographic blocks 21, 11.

Due to the control using a random number encryption and decryption of data more efficient protection transmitted via the bus 4 data values. Synchronous control ensures that the encryption and decoding at the transmitter and correspondingly the receiving units in the same time interval are complementary processes. Due to the random nature of the encryption, despite repeated eventually transferred data bus are formed of distinct bit combinations. The profile of the current in the integrated circuit, which, due to the relatively high rechargeable capacitive loading of the bus, it is relatively easy could be measured from the outside, appears to be uncorrelated in time and random. Therefore, the current profile when trying to read may not be used to identify any characteristic States of the switches microcontroller.

To further increase the effectiveness of protection, it is sufficient to protect against attempts sensing or use probes to branch only current conductors 5 and 7, designed to supply random numbers and the clock signal encryption/decoding. This can be used about cnie known measures. For example, the conductors may be covered with an additional layer, the removal of which the conductors are destroyed and become unsuitable for use.

All three are shown on the drawing block encryption/decoding of 11, 21, 31 is constructed in the same way. So for example below in more detail, the block 11. On the side CDC 1 register 111 is used for intermediate storage of the data word received from the CDC or issued to him. On the side connected to the data bus for each of the conductors of the data bus is used by the logic circuitry. This example uses logic exclusive OR 112, 113, 114, 115. Each of the logic exclusive-OR one of its input and its output is included in one of the conductors of the data bus and the other input is connected to the corresponding output register 116 of the shift, which is made, for example, with linear feedback. The register 116 of the shift from inputs connected to the conductor 7 of the clock signal and with the conductor 5 to supply random numbers. A random number generated by the generator 6 random number is sent sequentially through the conductor 5 to the register 116 of the shift with feedback, and the clock control is performed by the clock signal CLK. Feedback register 116 shift provides on its output pins in the AC the house time quantum has a different data word, which by logic exclusive OR 112,..., 115 logically associated with the word output data on the bus 4 or taken from the bus 4. When you run the shift registers are initialized to the same value. As other cryptographic units completed and connected in a similar manner, the data words transmitted over the bus 4 data encrypted in the transmission and decrypted at the receiving location in a mutually supportive manner. Encryption and decryption are symmetric with respect to each other. In principle it is enough to register 116 shift had no feedback. However, the use of feedback increases the effectiveness of protection. To implement feedback is sufficient to use a linear feedback based on the primitive polynomial. In accordance with the parallelism, is encrypted corresponding to the number of bits of the shift register. On the side of the transmission and reception of simultaneous encryption and accordingly the interpretation using the same random numbers. Due to the symmetry encryption transmission, plays no role.

Circuit costs of generating random numbers and the clock signal, and circuit costs shift register with linear feedback register I/o and logic “isklyuchyenii are justified. At the same time, protection against unauthorized listening transmitted on the data bus and unauthorized profile measuring current, taking into account the additional cost is significantly increased.

1. The microprocessor device with protection against unauthorized access, containing a Central processing device (1)comprising a first cryptographic unit (11), at least one peripheral unit (2, 3), which includes the second cryptographic unit (21, 31), the Central processing unit (1) and said at least one peripheral unit (2, 3) are interconnected by a bus (4) data, and the corresponding cryptographic units (11, 21, 31) is connected to the inverted bus (4) data input-output Central unit (1) processing and peripheral units (2, 3) so that the transmitted along the data bus, the data stream is entered into the appropriate cryptographic unit (11, 21, 31), or, respectively, the output of the above-mentioned cryptographic unit (11, 21, 31), which is located in the peripheral block (2, 3), detectable or is encrypted using the appropriate cryptographic unit (11, 21, 31), the random number generator (6)associated with said cryptographic unit 11, 21, 31) and designed to generate and enter a sequence case who's numbers in cryptographic blocks (11, 21, 31), an output to supply a clock signal (CLK)intended for use in synchronization, whereby the first and second cryptographic blocks (21, 31, 11) are controlled by a synchronous manner when implementing encryption and decoding of data flow in the above-mentioned cryptographic blocks depending on the sequence of random numbers generated by the random number generator, each of the cryptographic units (21, 31, 11) contains a register (116) shift with feedback from the inputs connected to a conduit (7) for supplying the clock signal and with the guide (5) for the signal of the random numbers generated by the random number generator (6), and a collection of logical elements of communication(112, 113, 114, 115), each one of its input and its output is included in the corresponding one of the signal conductors of the data bus, and its other input is connected to the corresponding output register (116) shift with feedback.

2. The microprocessor device according to claim 1, characterized in that the first and second cryptographic blocks (21, 31, 11) in the process form a pair consisting of a device encryption and a corresponding decoding device.

3. The microprocessor device according to claim 1, characterized in that the casing (116) shift performed with linear feedback.

4. Microprocessor is a device according to claim 1, characterized in that each logical element of the said aggregate logical elements represents a logic “exclusive OR”.

5. The microprocessor device according to claim 1, characterized in that the Central unit (1) and the peripheral block (2, 3) made in the form of monolithic integrated circuits.

6. The microprocessor device according to claim 1, characterized in that the peripheral unit (2) includes a field memory cells.

7. The microprocessor device according to any one of claims 1 to 6, characterized in that it is intended for use in a mobile data carrier.



 

Same patents:

FIELD: computers.

SUBSTANCE: device has a group of buffer blocks from first to eighth, direction correction block, direction selection block, first registers group, output register, first decoder, multiplexer, first counter, group of switchboards from first to eighth, launch trigger, first and second univibrators, OR elements from first to third, first and second AND elements, clock pulses generator. Also inserted are buffer block, second and third registers group, second decoder, a group of demultiplexers from first to eighth, second counter, third univibrator, first and second groups of OR elements and fourth and fifth elements.

EFFECT: higher efficiency.

10 dwg, 1 tbl

FIELD: computers.

SUBSTANCE: device has three blocks for forming messages lines, block for analysis of messages line, multiplexer, decoder, broadcast control block, buffer register, launch trigger, synchronization block, AND elements block, denying element, blocks for organizing messages lines, direction selection block, OR element, AND elements.

EFFECT: higher efficiency.

3 cl, 12 dwg, 2 tbl

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

FIELD: computers.

SUBSTANCE: device has pulse generator and OR element. First input of OR element is connected to input of pulse generator and is meant for receiving signal, being sign of data transfer in local network. Output of generator is connected to second input of OR element. Output of the latter is meant for output of signal, matching condition of data bus of a network.

EFFECT: higher speed of data transfer, higher reliability of operation of Ethernet network.

3 dwg, 2 tbl

FIELD: electric engineering.

SUBSTANCE: method includes estimation of quality coefficients of electric energy in electric energy system, determining degree of matching of these coefficients to normal values, forming of control signal for correcting devices and predicting electric energy characteristics expected after effect of these devices. On basis of analysis of predicted characteristics quality coefficients are newly estimated and if necessary control signals for correction devices are formed. Estimation of not only voltage and frequency is provided, but also current. Whole cycle is repeated for each node of electric energy system.

EFFECT: higher efficiency.

1 dwg

FIELD: computers.

SUBSTANCE: processor has a pseudo-associative device, consisting of two memory blocks, interconnected through transposing circuit.

EFFECT: higher productiveness, higher efficiency.

2 dwg, 2 tbl

FIELD: computers.

SUBSTANCE: system has memory for programs, including browser, display block, database for storing documents, addressing control block, while each document of base has at least one link with indicator of its unique number and indicator with address of program for control stored in addressing control block, system contains also, connected by data buses and control of other blocks of system, memory for links of couples of unique numbers of links and forming means for lists of unique numbers of documents links, which are interconnected.

EFFECT: higher efficiency.

2 cl, 1 dwg

FIELD: communications.

SUBSTANCE: method includes inputting data from individual subscriber into memory of subscriber device, then data are sent through subscriber device to data server, where it is clarified, whether subscriber provides certain information or consumes certain information with query for certain data, data from data provider are kept in information server database in form of individual provider record, and for data consumer data search is performed, appropriate to query, in database, in case if data answering the query is found on server, it is sent to data consumer. Method includes prior forming of classification, allowing forming identifiers of objects of possible interest of subscribers, before inputting data from individual subscriber or in process of this input at least partial conversion of these data to appropriate formed identifier of said classification, used for recognizing information in database, is performed, said information being appropriate for subscriber request. Portion of data not used in identifier is used dependent on category of subscriber.

EFFECT: broader functional capabilities.

2 cl, 2 dwg

The invention relates to computer science and computer engineering

The invention relates to communication systems using an extended Protocol message network management and routing of messages in a communication network control elevators, with many nodes

FIELD: electronics.

SUBSTANCE: device has signaling bus, loaded with clock signal, at least one couple of buses serving for encoding one bit, detector circuit, multiplexer. According to method in case of first value of signal of signal bus two buses of one couple detect same level of signal, and in case of second value of signal of signal bus two buses of one couple detect different signal levels, detect forbidden states during operation of board, change process of system functioning, to generate alarm in that way.

EFFECT: higher reliability of protection.

2 cl, 7 dwg

FIELD: copy protection.

SUBSTANCE: system has content distribution block, multiple recording and playback devices for digital data, calculations processing block, meant to perform communications with recording and playback devices and performing calculations processing for transferring license payments.

EFFECT: higher reliability of copy protection.

5 cl, 55 dwg

FIELD: computers.

SUBSTANCE: method includes, on basis of contents of central processor registers, received after processor performs some sort of command, by means of mathematical logical operation, forming certain finite control sum and storing it in memory, and on basis of contents of registers, received before start of execution by said processor of directly next command, certain starting checksum is formed, while if starting checksum mismatches finite checksum, error message is generated, which can be followed by halting of processor operation or blocking of chip board with its removal from circulation.

EFFECT: higher reliability.

2 cl, 2 dwg

FIELD: technologies for authentication of information.

SUBSTANCE: method includes performing absolute identification for confirming legality of data carrier according to first rule in preset time. Authentication information is recorded on this data carrier in previously set position. Process of arbitrary authentication is performed for confirming legality of said data carrier in accordance to second rule in arbitrary time. First rule includes announcing confirmation of standard match, if information for authentication is detected as registered in selected preset position. Second rule in given arbitrary authentication process includes announcing standard match, if information for authentication is detected as not registered in arbitrary positions, different from given preset position.

EFFECT: higher reliability.

6 cl, 12 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

The invention relates to computing
The invention relates to computing, and in particular to information and computer systems and networks, and can be used in the network integrity monitoring for protection of information resources in workstations, informational, and functional servers, etc

The invention relates to computer technology and may find application in the organization of authorized access to resources of the computing system

The invention relates to the field of information security with cryptographic transformation of data

The invention relates to the field of authentication objects

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

Up!