Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. WO2012054609 - PROCÉDÉ ET APPAREIL DOTÉS D'UNE ARCHITECTURE ASSURANT LA PROTECTION DE CODES ET DONNÉES SENSIBLES

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

CLAIMS

What is claimed is:

1. A method for providing a secure execution environment for program code or data, comprising:

offloading code or data from a host processor to a secure asset management unit (SAMU) in an encrypted format for authenticating and for maintaining confidentiality of the code or data.

2. The method of claim 1, wherein the offloading includes creating an encrypted binary boot image with a random key generated in a signing tool used by the SAMU.

3. The method of claim 2, wherein the encrypted binary boot image is encrypted for the SAMU and provided as a secure kernel and as a secure application for the SAMU.

4. The method of claim 3, wherein a user installs the encrypted binary boot image and presents the encrypted binary boot image to the SAMU on demand.

5. The method of claim 4, further comprising:

validating the encrypted binary boot image for integrity before configuring a decryption key for use with the SAMU using a boot read only memory (ROM).

6. The method of claim 5, further comprising:

generating a decryption key by the boot ROM for use with the SAMU; and

passing control to the encrypted binary boot image in response to a positive validation.

7. The method of claim 5, wherein no SAMU service is exposed if there is a negative validation, and the application reverts to a software based protection scheme.

8. A system for providing a secure execution environment for program code or data, comprising:

a computer configured to execute at least one application including code or data on a host processor;

a secure asset management unit (SAMU) configured to execute program code, wherein the SAMU is connected to the computer and is configured to offload code or data from the host processor in an encrypted format to authenticate and to maintain confidentiality of the code or data.

9. The system of claim 8, wherein the SAMU is further configured to provide an encrypted binary boot image with a random key generated in a signing tool used by the SAMU as part of the offloading.

10. The system of claim 9, wherein the encrypted binary boot image is encrypted for the SAMU and provided as a secure kernel and as a secure application for SAMU.

11. The system of claim 10, wherein a user installs the encrypted binary boot image on the system and presents the encrypted binary boot image to the SAMU on demand.

12. The system of claim 11, wherein the SAMU is further configured to validate the encrypted binary boot image for integrity before configuring a decryption key for use with the SAMU using a boot read only memory (ROM).

13. The system of claim 12, wherein the boot ROM is further configured to generate a decryption key for use with the SAMU and to pass control to the encrypted binary boot image in response to a positive validation.

14. The system of claim 12, wherein no SAMU service is exposed if there is a negative validation, and the application reverts to a software based protection scheme for authentication.

15. A computer-readable storage medium storing a set of instructions for execution by one or more processors to facilitate manufacture of a secure asset management unit (SAMU), the SAMU configured to:

execute program code; and

offload sensitive program code or data from a processor in an encrypted format to authenticate and to maintain confidentiality of the program code or data.

16. The computer-readable storage medium of claim 15, wherein the instructions are hardware description language (HDL) instructions used for the manufacture of a device.