Processing

Please wait...

Settings

Settings

Goto Application

1. WO2015127772 - KEY PROTECTING METHOD AND APPARATUS

Publication Number WO/2015/127772
Publication Date 03.09.2015
International Application No. PCT/CN2014/085236
International Filing Date 27.08.2014
IPC
H04L 9/32 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system
CPC
G06F 12/0806
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
02Addressing or allocation; Relocation
08in hierarchically structured memory systems, e.g. virtual memory systems
0802Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
0806Multiuser, multiprocessor or multiprocessing cache systems
G06F 2212/1052
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2212Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
10Providing a specific technical effect
1052Security improvement
G06F 2212/402
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2212Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
40Specific encoding of data in memory or cache
402Encrypted data
G06F 2212/60
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2212Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
60Details of cache memory
G06F 2212/621
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2212Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
62Details of cache specific to multiprocessor cache arrangements
621Coherency control relating to peripheral accessing, e.g. from DMA or I/O device
G06F 9/467
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
9Arrangements for program control, e.g. control units
06using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
46Multiprogramming arrangements
466Transaction processing
467Transactional memory
Applicants
  • 中国科学院数据与通信保护研究教育中心 DATA ASSURANCE AND COMMUNICATION SECURITY RESEARCH CENTER, CHINESE ACADEMY OF SCIENCES [CN]/[CN]
Inventors
  • 林璟锵 LIN, Jingqiang
  • 管乐 GUAN, Le
  • 王琼霄 WANG, Qiongxiao
  • 汪婧 WANG, Jing
  • 荆继武 JING, Jiwu
Agents
  • 北京德琦知识产权代理有限公司 DEQI INTELLECTUAL PROPERTY LAW CORPORATION
Priority Data
201410068010.927.02.2014CN
Publication Language Chinese (zh)
Filing Language Chinese (ZH)
Designated States
Title
(EN) KEY PROTECTING METHOD AND APPARATUS
(FR) PROCÉDÉ ET APPAREIL DE PROTECTION DE CLÉ
(ZH) 密钥保护方法和装置
Abstract
(EN) The present invention provides a key protecting method. The plain text of a private key in an asymmetric algorithm is dynamically decrypted by setting a symmetric master key for each core of a multi-core processor, and by using TSX (Transactional Synchronization Extensions) extended instructions of Intel, it is ensured at a hardware level that the private key and intermediate variables used in the computing process only exist in a cache memory occupied by the core, so that it is prevented that an attacker steals private key information directly from the physical memory, and therefore the security of the public key cipher algorithm implemented in a computer system environment is ensured; moreover, even if the operation system is breached and the attacker can directly read the key memory space, since the TSX mechanism of Intel ensures the atomicity of memory operations, the attacker can not obtain the plain text of the private key. In such solution, other cores of the multi-core processor can also perform cipher computing while resisting physical attacks and system attacks, and the computing efficiency is improved.
(FR) La présente invention concerne un procédé de protection de données. Le texte en clair d'une clé privée dans un algorithme asymétrique est déchiffré de manière dynamique par la contexture d'une clé maîtresse symétrique pour chaque coeur d'un processeur multi-coeur, et à l'aide d'instructions étendues TSX (Extensions de Synchronisation Transactionnelle) d'Intel, il est garanti à un niveau matériel que la clé privée et des variables intermédiaires utilisées dans le processus de calcul existent uniquement dans une mémoire cache occupée par le coeur, de façon à empêcher qu'un agresseur détourne des informations de clé privée directement depuis la mémoire physique et, par conséquent, la sécurité de l'algorithme de chiffrement de clé publique mis en oeuvre dans un environnement de système informatique est garantie; en outre, même si le système d'exploitation est violé et que l'agresseur peut lire directement l'espace mémoire de la clé, étant donné que le mécanisme TSX d'Intel assure l'atomicité d'opérations de mémoire, l'agresseur ne peut pas obtenir le texte en clair de la clé privée. Selon cette solution, d'autres coeurs du processeur multi-coeur peuvent également effectuer un calcul de chiffrement tout en résistant à des attaques physiques et des attaques système, ce qui améliore l'efficacité de calcul.
(ZH) 本发明提供了一种密钥保护方法,通过设置多核处理器的每个核一个对称主密钥,动态地解密出非对称算法的私钥明文,并通过Intel的TSX(Transactional Synchronization Extensions)扩展指令,从硬件层面上保证私钥以及计算过程中使用的中间变量只存在于该核占用的高速缓冲存储器中,可以防止攻击者直接从物理内存中窃取私钥信息,从而保障公钥密码算法在计算机系统环境下实现的安全性;并且,即使操作系统被攻破,攻击者可以直接读取密钥的内存空间,由于Intel的TSX机制保证了内存操作的原子性,攻击者不能获取明文私钥;在这种解决方案中,在抵抗物理攻击和系统攻击的同时,多核处理器的其他核也可以同时进行密码运算,提高了运算效率。
Related patent documents
Latest bibliographic data on file with the International Bureau