TW201203108A - Microprocessors and operating methods thereof and encryption/decryption methods - Google Patents

Abstract

A microprocessor with a fetch unit that (a) fetches a block of instruction data from an instruction cache of the microprocessor; (b) performs an XOR on the block with a data entity to generate plain text instruction data; and (c) provides the plain text instruction data to an instruction decode unit. In a first instance the block comprises encrypted instruction data and the data entity is a decryption key. In a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes. The time required to perform (a), (b), and (c) is the same in the first and second instances regardless of whether the block is encrypted or unencrypted.

Description

201203108 VI. Description of the Invention: [Technical Field] The present invention relates to the field of microprocessors, and in particular to increasing the security of programs executed by microprocessors. [Prior Art]

Many software programs are often vulnerable to attacks that compromise the security of computer systems. For example, a hacker can embed an inappropriate code by attacking a buffer overflow vulnerability of a running program and transfer the mastership to the inappropriate code. As a result, the embedded code will dominate the attacked program. One scheme for preventing software programs from being attacked is instruction set randomization. The instruction set randomization technique first encrypts the program into some form. After the processor extracts the program from the memory, the program is decrypted in the processor. As a result, the hacker is less likely to embed malicious instructions because the embedded instructions must be properly encrypted (for example, using the same encryption key or algorithm as the attacked program) to be executed correctly. For example, see the file "Counter Code-Injection Attacks with Instruction-Set Randomization, by Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis, CCS Ό3, October 27-30, 2003, Washington, DC, USA, ACM 1- 58113-738-9/03/0010, which describes an improved version of the Bochs-x86 Pentium emulator. The disadvantages of the related art have been widely discussed. For example, see the article "erm/ze 柯五77^五价如(10) 邮到of Instruction Set Randomization, by Ana Nora Sovarel, David Evans, and Nathanael Paul, CNTR2449100-TW/0608-A43129-TW/ Final 4 201203108 http: //www.cs.virginia.edu/feeh"[Abstract] One embodiment of the present invention discloses a microprocessor. The microprocessor includes an instruction cache, an instruction decoding unit, and an extraction unit. The extracting unit is configured to: (a) extract instruction data of a block from the instruction cache; (b) perform a Boolean mutual exclusion operation on the block by a data entity to generate plain text instruction data; And (c) providing the above plain text instruction data to the instruction decoding unit. In a first condition, the block includes encrypted data and the data entity is a decrypted secret. In a second condition, the block includes non-encrypted instruction data and the data entity is a binary zero value of a plurality of bits. Regardless of whether the instruction data of the block is encrypted or unencrypted, the time required to implement the above contents (a), (b), and (c) is the same in the first condition and in the second case. Another embodiment of the present invention discloses a method for operating a microprocessor having an instruction cache. The method comprises: (a) extracting instruction data of a block from the instruction cache; (b) performing a mutually exclusive operation on the block by a data entity to generate plain text instruction data; and c) supplying the above plain text instruction data to an instruction decoding unit. In a first condition, the block includes encrypted instruction data and the data entity is to decrypt your key. In a second condition, the block includes non-encrypted instruction data, and the data block is a binary zero value of a plurality of bits. Regardless of whether the command data of the block is encrypted or unencrypted, the day-to-day stipulation required to carry out the above contents (a), (b), and (c) is the same under the first condition and the second condition. One embodiment of the present invention provides a microprocessor. The microprocessor package CNTR2449100-TW/0608-A43129-TW/Final 5 201203108 ^ memory and extraction unit. The extracting unit will extract the digits from 1 = the number of extracted bits from the plurality of blocks in the column. In the extraction of the unit, a number of key values are extracted and the part is extracted as a function, and each block of the decrypted secret address is generated, and the sequence instruction extracted from the Ding Hao is extracted. , ~ = 3: The memory extracts the sequence of the above multiple blocks, and updates the extraction unit (4) the value of the pin wheel. The method of the present invention discloses a method for extracting a program by a plurality of first forces:: package =: a plurality of first unencrypted instructions. The method further includes replacing the money with the second decryption key, and returning to wait for the first non-two-second-old order change instruction. The method further includes extracting a plurality of second encryption instructions of the program from the instruction cache and decrypting the second decryption key into a plurality of second non-encrypted instructions. Another embodiment of the present invention discloses a method L for an operation-microprocessor. The method includes self-instruction cache memory-sequence multiple extraction address extraction-encryption program-encryption instructions for sequence multiple blocks. The method further comprises: when extracting each block of the sequence, generating a decryption secret record by using a plurality of key values and a part of the extracted address of the extracted (four) block as a function. The method further includes, for each block in the sequence, causing (4) the above-mentioned decryption key to be encrypted. The financial method further includes executing a key switching instruction when extracting the plurality of blocks of the sequence. Executing the above-mentioned key CNTR2449100-TW/0608-A43129-TW/ Final ^ 201203108 key switching instructions includes updating the key values used to generate the above-described decryption key. One embodiment of the present invention discloses a microprocessor. The microprocessor includes an extraction unit that extracts and decrypts a branch and switch key command using the first decryption key data. The microprocessor further includes microcode. The above-mentioned microcode causes the extracting unit to extract and decrypt the splicing command after the branch and the switching key command using the first decryption key data in a state where the branch and the direction of the switching key command are not used. The microcode further causes the extracting unit to extract and decrypt the branch and switch key command by using the second decryption key data different from the first decryption key data in a situation where the branch and the switch key instruction are adopted. A target instruction. Another embodiment of the present invention discloses a method of processing an encryption program with a microprocessor. The method includes extracting and decrypting a branch and switch key instruction using the first decryption key data. The method further includes extracting and decrypting the splicing instruction after the branch and the switching key instruction with the first decryption key data in a state where the branch and the direction of the switching key instruction are not taken. The method further includes extracting and decrypting one of the branch and switch key instructions with the second decryption key data different from the first decryption key data in a condition that the branch and the direction of the switch key instruction are taken Target instruction. Another embodiment of the present invention also discloses a method for encrypting a program for execution by a microprocessor for decrypting and executing the encryption program. The method includes receiving a destination file of a non-encrypted program, including a legacy branch instruction, the indicated target address being determinable before the microprocessor executes the program. The method further includes analyzing the program to obtain block information. CNTR2449100-TW/0608-A43129-TW/ Final 7 201203108 The block information divides the program into a sequence of multiple blocks. Each block includes a sequence of multiple instructions. The above block information further includes the encryption key data of each block. The encryption key data corresponding to each block is different. The method further includes replacing each of the above-mentioned conventional branch instructions with a target address and a different branch by itself with a branch and switch key instruction. The method further includes encrypting the program based on the block information described above. Another embodiment of the present invention also discloses a method for encrypting a program for later execution by a microprocessor for decrypting and executing the encryption program. The method includes receiving a destination file of an unencrypted program, including a legacy branch instruction, the indicated target address being determined only when the microprocessor executes the program. The method further includes analyzing the program to obtain block information. The above block information divides the program into a sequence of multiple blocks. Each block includes a sequence of multiple instructions. The above block information further includes the encryption key data of each block. The encryption key data corresponding to each block is different. The method further includes replacing each of the above-described conventional branch instructions with a branch and a switch key instruction. The method further includes encrypting the program based on the block information. One embodiment of the present invention discloses a microprocessor. The microprocessor includes an architectural register that includes a bit. The microprocessor is responsible for setting the bit. The microprocessor further includes an extraction unit. The extracting unit extracts the encrypted instruction from an instruction cache and decrypts the encrypted instruction before executing the encryption instruction to respond to the operation of setting the bit by the microprocessor. If an interrupt is received, the microprocessor stores the value of the bit to a stacked memory and then clears the bit. After the microprocessor clears the bit, the fetch instruction extracts the non-encrypted instruction from the instruction cache memory, and does not decrypt the non-encrypted instruction, ie CNTR2449100-TW/0608-A43129-TW/ Final 8 201203108 OK. The microprocessor is also used to repair the operation of the previously stored values of the structure register. If the bit is determined; the number of repairs::: earth interrupt command returns the unit to re-extract and decrypt the encrypted command. ‘, ', sigh state, the extraction of the present invention is another type of + instructional cache memory and method for operating the method including setting the architecture temporarily = the microprocessor. The cache memory is extracted by the encryption finger;, ::::; _ and then the encrypted instruction is decrypted from the finger. In the second cryptographic instruction pre-existing the structure temporary storage _ bit i is broken, the financial method further includes the clearing of the bit, and then clearing the bit. The encryption instruction is executed without decryption: 夬: Memory extraction does not include repairing the shelf 2 with the previously stored value: the method should return the operation from the interrupt instruction. If judged: set the state, the method further includes the value of the tongue and soul. l include & take and ride the secret and perform encryption M = embodiment of the disclosure - microprocessor. The micro-processing includes a seven-seven register and an extracting unit, and the architectural register includes a bit. The microprocessor stores the value of the bit in response to a request to interrupt execution of the program. This bit indicates that the program being executed is encrypted or non-encrypted. The processor repairs the bit with the previously saved value and re-fetches the interrupted program as an executing program in response to the operation returned from the interrupt instruction. If the repaired value of the bit is the set state, the microprocessor first repairs the decryption key value before re-fetching the interrupted program to decrypt the extracted instruction using the repaired decryption key value. If the bit is CNTR2449100-TW/0608-A43129-TW/ Final Λ 201203108 The repaired value is cleared, the microprocessor does not fix the decryption key value, and does not decrypt the extracted instruction. Another embodiment of the present invention discloses a method for operating a microprocessor. The method includes storing a value of a bit of the microprocessor in response to a request to interrupt the executing program. This bit indicates that the program being executed is encrypted or unencrypted. In response to the operation returned by the interrupt instruction, the method further includes repairing the bit with the previously stored value and re-extracting the interrupted program as an executing program. If the value of the bit repaired is set, the method further includes repairing the decryption key value and retrieving the extracted instruction with the repaired decryption key value before re-fetching the interrupt program. If the value after the bit is repaired is cleared, the method does not perform the decryption key repair operation and does not decrypt the extracted instruction. One embodiment of the present invention discloses a microprocessor. The microprocessor includes a storage component having decryption key data for storing an encryption program in a plurality of locations. The microprocessor further includes a control register that indicates, in a field, the associated one of the plurality of locations of the storage element and the encryption process in execution. In response to the operation returned by the interrupt instruction, the microprocessor self-remembering uses the previously stored value of the block to repair the control register. The microprocessor further includes an extracting unit for extracting the encrypted instruction of the encrypted program in execution and decrypting the decrypted key data stored at the location indicated by the storage element with the value of the field repaired by the field. Another embodiment of the present invention discloses a method for operating a microprocessor having a control register and a storage element, each of which stores a decryption key data of an encryption program. The method includes using the value of the previously stored field from the memory to repair a field in the CNTR2449100-TW/0608-A43129-TW/ Final 10 201203108 control register in response to the operation returned from the interrupt instruction. The value of the field indicates that the storage element is related to the executing encryption program in the plurality of locations. The method further includes extracting the encrypted instruction of the encryption method in execution. The method further includes decrypting the extracted encrypted instruction with the decrypted key data stored at the location indicated by the storage element with the value of the field repaired. One embodiment of the present invention discloses a microprocessor. The microprocessor includes a branch target address cache memory (BTAC) to record historical information of previously executed branches and switch cryptographic instructions. The above historical information includes the recorded branch and the target address of the switch key instruction and the identifier. The above identifier identifies the plurality of key values associated with the branch and switch key instructions to which it belongs. The microprocessor further includes an extracting unit coupled to the branch target address cache memory. When the extracting unit extracts the previously executed branch and switch key instruction, it receives the prediction made by the branch target address cache and receives the extracted branch and switch from the branch target address cache. The above target address of the key instruction and the identifier. The extracting unit further extracts the encrypted instruction data based on the received target address, and decrypts the extracted encrypted instruction data based on the plurality of key values indicated by the received identifier in response to the received prediction. Another embodiment of the present invention discloses a method for operating a microprocessor. The method includes recording, by a branch of the target address cache memory (BTAC), historical information of previously executed branches and switch key commands. The above historical information includes the recorded branch and the target address of the switch key instruction and the identifier. The above identifier identifies the plurality of key values associated with the associated branch and switch key command. The method receives the prediction made by the branch target address cache memory when the branch and switch key instructions previously executed CNTR2449100-TW/0608-A43129-TW/ Final 11 201203108 are extracted, and from the branch target bit The address cache receives the above target address and identifier for the extracted branch and switch key instructions. The method further extracts the encrypted instruction data based on the received target address and decrypts the extracted encrypted instruction data based on the plurality of key values indicated by the received identifier in response to the received prediction. [Embodiment] Referring to Figure 1 is a block diagram illustrating a microprocessor 100 implemented in accordance with the teachings of the present invention. The microprocessor 100 includes a pipeline including an instruction cache 108, a fetch unit 104, a decoding unit 108, and an execution unit. L12, and a retire unit l 14 . The microprocessor 100 further includes a microcode unit 132 for providing microcode instructions to the execution unit 112. The microprocessor 100 further includes a general purpose registers 118 and an EFLAGS register 128 to provide instruction operands to the execution unit 112. Moreover, the instruction execution result is updated by the lead-out unit 114 to the general-purpose register U8 and the flag register 128. In one embodiment, the flag register 128 is implemented by a conventional x86 flag register modification, and the detailed implementation will be described later. The extracting unit 104 extracts instruction data 106 from the instruction cache 102. The extracting unit 104 operates in two modes: one is a decryption mode and the other is a plain text mode (plain text CNTR2449100-TW/0608-A43129-TW/ Final 12 201203108 mode). The E bit (Ebit) 148 of a control register (144) in the extracting unit 104 determines whether the extracting unit 1〇4 operates in a decryption mode (set E bit) or operates in plain text. Mode (clear E bit). In the text-only mode, the extracting unit 1〇4 regards the data 106 obtained from the instruction cache 1〇2 as unencrypted or plain text command data, and therefore, the data 106 is not decrypted. . However, in the decryption mode, the extracting unit 1〇4 regards the command data ι〇6 extracted from the instruction cache 102 as the encrypted command data, and therefore, a master key of the extracting unit 1〇4 is used. The decryption keys stored in the master key register 142 are decrypted into plain text command data. The detailed technical content will be discussed with reference to FIG. 2 and FIG. The extracting unit 104 φ includes an extract instruction generator (fetch § 611 PIN & 〇 164 for generating an extracted address (& 11 & 1 to 5) 134 to cache from the instruction The memory 102 extracts the command data 1〇6. The extracted address 134 is further supplied to a key expander 152 of the extracting unit 104. The key expander 152 selects two sets of keys 172 from the autonomous key temporary storage 142. 'And operate on it to generate a decryption secret 174 as the first input to the multiplexer 154. The second input of the multiplexer 154 is a multi-bit binary zero value (binary 2^〇5) 176 The £bit 148 controls the multiplexer 154. If the E bit 148 is set, the multiplexer 154 selects to output the encryption key Π 4. If the E bit 148 is cleared, the multiplexer 154 selects the output of the multiple bits 兀The carry zero value 176. The output 178 of the multiplexer 154 is supplied to the mutex logic 156 as its first input. The mutex logic 156 is responsible for performing the Boolean mutual exclusion operation on the extracted kernel data 106 and the multi-product output 178. (Boolean exclus We-OR, XOR) to generate plain text command data CNTR2449100-TW/0608-A43129-T W/ Final π 201203 108 162. The encrypted instruction data 106 is pre-encrypted with its original plain text instruction data in an encrypted secret record, wherein the encryption key has the same value as the decryption key record 4. The extraction unit ι〇4 The detailed embodiment will be described later in conjunction with the contents of Fig. 2 and Fig. 3. The plain text command data 162 is supplied to the decoding unit 1 to 8. The decoding unit 108 is responsible for decoding the stream of the plain text command data 162 and Dividing into a plurality of X86 instructions is performed by execution unit 112. In one embodiment, decoding unit 包括08 includes buffers or queues to 'buffer stored plain text instructions before or during decoding. The stream of data 162. In one implementation, the 'decoding unit 1' 8 includes an instruction translator for translating the X86 instructions into microinstructions or micro-ops for execution by the execution unit 112. When the decoding unit 108 outputs an instruction, a bit value is outputted for each instruction, and the bit value is accompanied by the instruction along the pipeline structure to refer to Whether the instruction is an encrypted instruction. The bit value controls the execution unit 112 and the extraction unit 114 to make an decision based on the instruction when the instruction is retrieved from the memory 102 and is an encrypted instruction or a plain text instruction. And taking an action. In one embodiment, the plain text instruction is not allowed to perform a particular operation specifically for the instruction decryption mode design. In one embodiment, the microprocessor 1 is an 86 architecture processor, however, the microprocessor 1 can also be implemented by other architecture processors. If the processor can correctly execute most of the applications designed to be executed by the χ86 processor, then it can be judged that the processor (4) of the χ86 architecture can obtain the expected result. In particular, the microprocessor 100 is an instruction to execute the χ86 instruction set and has a 8686 CNTR2449100-TW/0608-A43129-TW/Final 14 201203108 user-visible register set. In one embodiment, the 'microprocessor 1 is designed to supply a complex security architecture called a secure execution mode (SEM) for executing the program therein. According to one embodiment, execution of the SEM program can be initiated by several processor events and is not blocked by normal (non-SEM) operations. The following examples illustrate the power cycle b' implemented by programs executed under SEM, including critical security tasks (CritiCalSeCUritytaskS) such as: credential check and data encryption, system software activity monitoring, system software integrity verification, resource usage tracking, new software Installation control...etc. For the implementation of the SEM, please refer to the U.S. Patent Application No. 12/263,131 filed by the Company on the date of the PCT application, No. 12/263,131, (U.S. Patent Publication No. 2009-0292893, on November 20, 2009) The disclosure of the case is based on the US patent provisional application filed May 24, 2008 (Case No. 61/055,980); the relevant technical part of this application can refer to the above case content. In one embodiment, the SEM data is stored as a secure non-volatile memory (not shown), such as a flash mem〇ry, which can be used to store the escaping, cryptography, and The isolated serial bus is coupled to the microprocessor 1 and all of the data is aES-encrypted and signed_vehified. In one embodiment, the microprocessor 100 includes a small number of non-volatile write-once memories (not shown) for storing the solution, the key, wherein An embodiment of the present invention can be applied to a fuse-type non-volatile memory disclosed in U.S. Patent No. 7,663,957; One of the advantages of the instruction decryption feature CNTR2449100-TW/0608-A43129-T W/ Final ι< 201203108 disclosed in this case is that the extended security execution mode (SEM) application range enables the secure program to be stored. The memory outside the microprocessor 100 need not be completely stored inside the microprocessor 10A. Therefore, the security program takes advantage of the full space and functionality provided by the memory hierarchy. In one embodiment, some or all of the structural exceptions/interrupts (eg, page faults, debug breakpoints, etc.) are disabled in SEM mode. In one embodiment, some or all of the structural anomalies/interruptions are disabled in the decryption mode (i.e., E bit 148 is set). The sub-processor 1 further includes a key register file 124. The key register file 124 includes a plurality of registers, wherein the stored snoops can be loaded into the master key register 142 of the extracting unit 104 by a switch key instruction (discussed later). The extracted encrypted instruction data 1 〇 6 is decrypted. The microprocessor 1 further includes a secure memory area (abbreviated as SMA) 122 for storing a decryption key to be subjected to a key load instruction (load) as shown in FIG. The key instrUCticm) 500 is in turn loaded into the key register file 124. In one embodiment, secure storage area 122 is defined for access by an SEM program. That is, the secure storage area 122 is not accessible by programs executed in the normal execution mode (non-SEM). In addition, secure storage area 122 is not accessible by the processor bus and is not part of the cache memory hierarchy of microprocessor 100. Therefore, for example, the cache flush operation does not cause the contents of the secure memory area 122 to be written to the memory. Regarding the secure storage area 122, CNTR2449100.TW/0608-A43129.TW/Final]6 201203108 Read and write 'The microprocessor 100 instruction set architecture is designed with specific instructions. One embodiment is to design an isolated random access memory (private RAM) in the secure storage area 122. For a related art, reference is made to U.S. Patent Application Serial No. 12/34,503, filed on Feb. 20, 2008. The case was published on October 16, 2008, and the publication number is 2008/0256336); the case can be applied to the invention according to the above case. Initially, the initialization of the operating system or other privileged pr〇gram download key is set in the secure storage area 122, the key register file 124, and the master key register 142. The microprocessor 1 will first use the initial setting of the secret record to decrypt-encrypt. In addition, the encryption program itself can continue to write a new private security deposit (IV) 122, and from the storage area 222, key load, key temporary The buffer 124 is loaded into the main pin register 142 (by the wire switching command) from the key register slot m. The advantage of the operation is that The disclosed secret record switching instruction causes the encryption (4) to record the on-the-fly switching, which will be described in detail below. The new secret-wheel-programmable instruction itself is an instant data level. In the embodiment, the - field of the file header will indicate whether the material instruction is an encrypted version. The technique described in Figure 1 has several advantages. First, the plain text instruction decrypted from the traitor data 106 The data cannot be obtained externally by the micro-^ 100. Second, the time required for the extraction unit 104 to extract the encrypted instruction data is the same as the time required to extract the plain text instruction data. This feature relates to the second or not. Otherwise, if there is a time difference Exist, hackers can use this to crack the third encryption technology. Compared with the traditional design, the instruction decryption technology disclosed in this case

CNTR2449100-TW/0608-A43129-TW/ Final 17 J 201203108 does not additionally increase the number of clocks consumed by the extraction unit 104. As discussed below, the key expander 152 increases the effective length of the decryption key, which is used to decrypt an encryption program, and this does not require the extraction of the encrypted program data longer than necessary to extract the plain text program data. time. In particular, since the operation of the key expander 152 is limited to completion by the fetch address 134 to read the instruction cache 102 to obtain the instruction data 106, the key expander 152 does not increase the time of the general fetch program. . In addition, since the multiplexer 154 and the key expander 152 are not limited to the completion of the instruction memory 106 to obtain the instruction data 106 by extracting the address 134, the general extraction procedure time is not increased. The exclusive logic 156 is the only logical operation added to the general extraction path. Fortunately, the propagation delay of the exclusive operation 156 is relatively small and does not increase the duty cycle. Therefore, the instruction decryption technique disclosed in the present case does not increase the clock load of the extracting unit 104. Moreover, in contrast to the complex decryption mechanisms used by the general techniques to decrypt instruction data 106, such as S-boxes, the general technique increases the duty cycle and/or consumption required to extract and decode the instruction data 106. Number of clocks. Next, referring to Fig. 2, a block diagram illustrates the extraction unit 104 of Fig. 1 in detail. In particular, the key expander 152 of Fig. 1 is also shown in detail. The advantages of using the mutually exclusive logic to decrypt the encrypted instruction data 106 have been discussed previously. However, fast and small mutual exclusion logic has its drawbacks: if the encryption/decryption key is reused, the mutual exclusion logic belongs to a weak encryption method. However, if the effective length of the cipher is equal to the length of the program to be encrypted/decrypted, mutual exclusion logic encryption is an extremely powerful encryption technique. The microprocessor 100 is characterized by a CNTR2449100-TW/0608-A43129-TW/Final 18 201203108 effective length that can be used to increase the decryption key, with the team & 142: low fee key reuse requirements. First, the value (file) stored in the master key temporary storage is medium to large size: in one embodiment, the size of the command data 106 extracted from the instruction cache 102 is equivalent to the extraction of the instruction data 106. — In, or block size, is 128 bits (16 bytes). The cipher expander 152 is used to increase the effective length of the decryption key, for example, to a detailed description. The MM byte of k s' L a will be changed in the subsequent space operation by the secret switching instruction (or its variant). The value of Wenwang in the key register 142, which will be detailed later.

In the 142 embodiment, 'the five main secret register registers are used ^(4). However, in other embodiments, the number of the key register 142 may be increased or the number of the key register 142 may be increased. The method uses 12 primary secret register registers 14 f (5) including - the first multiplexer a 212 and - the second; the wide charge B two key temporary storage 11142. Extract the address 134. In the case where the P-knife is used to control the multiplexer's mitigation, the multiplexer B214 is not a four-turn multiplexer. The table "Gu-^ &, and the multiplexer A212 selects the input key to select the main secret # depending on the individual.) Table 2 shows the bit π 〇 胼 胼 二 选择 选择 选择 选择 选择3 from * 乂汉丞 to k take the .8] of the main secret transfer register 142 combination. The multiplexer B select signal selected master key register number CNTR2449100-TW/0608-A43129- T W/ Final multiplexer A selection signal selected master key register number 201203108 00 0 00 1 01 1 01 2 10 2 10 3 11 4 Table 1 extracting the bit of the address [10:8] Selection of the combiner B-multiplexer A The selection signal of the multiplexer B is selected from the signal of the multiplexer A. 000 0-1 00 00 001 0-2 00 01 010 0-3 00 10 011 0-4 00 11 100 1-2 01 01 101 1-3 01 10 110 1-4 01 11 111 2-3 10 10 Table 2 The output 236 of the multiplexer B 214 is supplied to the adder/subtractor 218. CNTR2449100-TW/0608-A43129- TW/ Final 20 201203108 Output 234 of multiplexer A 2]2 The rotator 216 receives the extracted address i34, the condenser (she (four) 2 ί6. The output 234, determines the rotated bit ^, according to the rotation multiplex extraction Address 134 Bit [7:4] in the supply ^ 种 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施 实施Displayed. The bit of the rotator plus wheel take-out address 134 "71 Λ adder / subtractor 218 receives 218 and rotator 216 _H[7] is emptied 'addition / subtractor minus. If the bit [7] is: set ^ J Ma sigh, adder / subtractor 218 adds the output 238 of the rotator 216 to the output of the multiplexer B214. Addition / subtractor Chuan # output β 卩 the first picture shown in Figure 1 The key m will be supplied to the multiplex cry 154. The related art will be described in detail in the flowchart of Fig. 3. Next, 'see Fig. 3' - the flowchart is based on the technical diagram of the present invention. The operation of 4. The process begins at block 3〇2. At block 302', the unit 丨〇4 is extracted to extract the address 134 to read the instruction cache δ mn 〇1 〇 2 to start extracting a block of 16 octets. Instruction data 106. The command data 106 can be in an encrypted state or in a plain text state, depending on whether the command data 106 is part of an encryption program or a plain text program. 148 Ε indicated by bit. Flow then proceeds to block 304. Referring to block 304, multiplexer A 212 and multiplexer β 214 select a first key from the key 172 supplied by the autonomous key register 142, respectively, based on the higher number of bits of the extracted address 134. 234 and a second key 236. In one embodiment, the bits supplied by the extraction address 134 are applied to the multiplexer 212/214 to produce a particular key pair (234/236 key pair) combination. In the embodiment shown in Fig. 2, the supplied main pinch CNTR2449100-TW/0608-A43129-TW/ Final 201203108 sets the number of registers 142 to 5, so there is a possible set of secret pairs for the group. In order to simplify the hardware slash, only 8 of them are used; this design will supply a valid key for the 2〇48-bit group, which will be discussed in detail in the subsequent paragraphs. However, other implementations may also use other numbers of lining registers 142. Taking the implementation of the 12 master key registers 142 as an example, there are 66 possible combinations of the primary secret register 142. If 64 of them are used, the generated active secret will be 16384 bytes. In general, assuming that the total number of the plurality of key values is K (for example, 5, and all combinations are used), the decryption key and the plurality of the plurality of key values are each a W-bit group (for example: 16) The byte generated by 'bytes' will be the W2 * (κ!/(2*(κ_2)丨)) byte. Flow then proceeds to block 306. At block 306, based on the bits [7:4] of the extracted address 134, the rotator 216 rotates the first key 234 by a corresponding number of bytes. For example, if the bit [7:4] of the extracted address 134 is a value of 9, the rotator 216 rotates the first key 234 to the right by 9 bytes. The flow then proceeds to block 3〇8. The rotated first key 2% is added/subtracted from the second key 236' at block 308' adder/subtractor 218 to produce the decryption key Π4 of the ith map. In an embodiment, if the bit [7] of the extracted address 134 is 丨, the adder/subtractor 218 adds the rotated first key 234 to the second key 236; if the address 134 is extracted The bit [7] is 〇, and the adder/subtractor 218 subtracts the rotated first-key 234 from the second secret 236. Next, the flow proceeds to block 312. At decision block 312, the multiplexer 154 determines, based on its control signal, the command to extract the block. (4) 1G6 is from the encryption program or a plain text program. The control signal is derived from the bit slot supplied by the control register 144. CNTR2449100-TW/0608-A43129-T W/ Final 22 201203108 148 If the command data 106 is in an encrypted state, the flow proceeds to block 316. 4 Enter block 314, and in block 314, multiplexer 154 selects the round-off resolving logic 156 to cause the encrypted command data 1〇6 to be at the key 174' and the mutually exclusive operation to generate the first! C174 of the figure proceeds to block 314. Wenzi ‘order data! 62. Flowing at block 316, multiplexer 154 selects the round, zero value 176, and mutual exclusion logic 156 causes the instruction number to be a carry-forward group of the carry-in binary bit value of the 16-bit group - "6" (for plain text) And the plain text instruction data 162. The process stops ^^ mutual exclusion operation 'to generate the same reference as shown in Figure 2 and Figure 3. (4) The block instruction data to be extracted should be given 1 〇 6 密密录 m is the selected primary key pair 234 into the second Mutually exclusive operation, and the decommissioning ^ 4/236 and extracting the address 134 two: phase: secret program - the decryption secret is the function of the previous key value - which continuously corrects the secret correction supply to the new sub-working interval Use—The decryption techniques disclosed in this case are completely different. There are at least the following two advantages in the manner in which the master key pair 234/236 and the extracted address 134 are functions to obtain the decrypted secret record μ. As described above, the encryption instruction data and the plain text instruction data are just as time-consuming to extract, and do not increase the jade clock required by the microprocessor 100. The second 'experienced branch instruction' in the program does not increase the time required to extract the instruction data i %. In the embodiment, the '-branch predictor___▲) receives the extracted address 134, and predicts whether the instruction data 106 of the block indicated by the extracted address 134 exists - a branch instruction, and predicts its direction and target Address. Taking the implementation shown in FIG. 2 as an example, the generated decryption secret record CNTR2449100-TW/0608-A43129-TW/ Final 201203108 174 is a function of the master key pair 234/236 and the extracted address 134, which will be The block instruction data 106 referred to by the target address is sent to the appropriate decryption key 174 of the target address of the mutually exclusive predicted output at the same time of the mutually exclusive logic 156. Compared with the multiple "rewind" steps necessary for the conventional decryption key operation method to calculate the decryption key for the target address, the technique disclosed in the present invention does not generate additional delay in processing the encrypted instruction data. Further, as shown in Figs. 2 and 3, the joint design of the multiplexer 152 and the adder/subtracter 218 allows the decryption key length to be effectively expanded beyond the length of the master key. For example, the master key contributes a total of 32 bytes (2*16 bytes); moreover, the rotator 216 and the adder/subtractor 218 are effective in terms of the hacker's attempt to determine why the decrypted secret 174 is arbitrarily The master key of the 32-bit tuple located in the master key register 142 is expanded to a key sequence of 256 bytes. More specifically, the byte η of the effectively expanded secret sequence is: \ is the byte η of the first primary secret record 234, and the moxibustion is the n + χ byte η of the second primary secret record. Hey. As described above, the first eight sets of 16-byte decryption_174 generated by the key expander 152 are generated by subtraction, and the last eight sets are generated by addition. Specifically, the selected station is provided with a bit set group content provided for generating a decryption key 174 byte for each byte of the instruction data of 16 consecutive 16-bit block blocks. For details, see Table 3. . For example, the symbol in the first column of Table 3, 15·, indicates that CNTR2449100-TW/0608-A43129-TW/ Final 24 201203108 The contents of byte 0 of the two master key 236 are subjected to 8-bit arithmetic. An eight-bit arithmetic operation is subtracted from the byte 15 of the first master key 234 to obtain a one-tuple valid decryption key 174 for command data with a 16-bit block block. The byte 15 in 106 performs a mutually exclusive operation. 15-00 14-15 13-14 12-13 11-12 10-11 09-10 08-09 07-08 06-07 05-06 04-05 03-04 02-03 01-02 00-01 15- 01 14-00 13-15 12-14 11-13 10-12 09-11 08-10 07-09 06-08 05-07 04-06 03-05 02-04 01-03 00-02 15-02 14 -01 13-00 12-15 11-14 10-13 09-12 08-Π 07-10 06-09 05-08 04-07 03-06 02-05 01-04 00-03 15-03 14-02 13-01 12-00 11-15 10-14 09-13 08-12 07-11 06-10 05-09 04-08 03-07 02-06 01-05 00-04 15-04 14-03 13- 02 12-01 11-00 10-15 09-14 08-13 07-12 06-11 05-10 04-09 03-08 02-07 01-06 00-05 15-05 14-04 13-03 12 -02 11-01 10-00 09-15 08-14 07-13 06-12 05-11 04-10 03-09 02-08 01-07 00-06 15-06 14-05 13-04 12-03 11-02 10-01 09-00 08-15 07-14 06-13 05-12 04-11 03-10 02-09 01-08 00-07 15-07 14-06 13-05 12-04 11- 03 10-02 09-01 08-00 07-15 06-14 05-13 04-12 03-11 02-10 01-09 00-08 15+08 14+07 13+06 12+05 11+04 10 +03 09+02 08+01 07+00 06+15 05+14 04+13 03+12 02+11 01+10 00+09 15+09 14+08 13+07 12+06 11+05 10+04 09+03 08+02 07+01 06+00 05+15 04+14 03+13 02+12 01+] 1 00+10 15+10 14+09 13+08 12+07 11+06 10+05 09 + 04 08+03 07+02 06+01 05+00 04+15 03+14 02+13 01+12 00+11 15+Π 14+10 13+09 12+08 11+07 10+06 09+05 08 +04 07+03 06+02 05+01 04+00 03+15 02+14 0丨+13 00+12 15+12 14+11 13+10 12+09 11+08 10+07 09+06 08+ 05 07+04 06+03 05+02 04+01 03+00 02+15 01+14 00+13 15+13 14+12 13+Π 12+10 11+09 10+08 09+07 08+06 07 +05 06+04 05+03 04+02 03+01 02+00 01+15 00+14 15+14 14+13 13+12 12+11 11+10 10+09 09+08 08+07 07+06 06+05 05+04 04+03 03+02 02+01 01+00 00+15 15+15 14+14 13+13 12+12 11+1] 10+10 09+09 08+08 07+07 06 +06 05+05 04+04 03+03 02+02 01+01 00+00 Table 3 Given the appropriate master key value, the extended key statistics generated by the key expander 152 can effectively prevent each other. Common attacks that refute encryption include shifting the encrypted block of the file by the key length and performing a mutually exclusive operation on the encrypted block, as discussed in more detail below. The effect of the key expander 152 on the selected master key pair 234/236 is: in the embodiment, the program 25 is CNTR2449100-TW/0608-A43129-TW/ Final 201203108 encrypted with the exact same key The span of the instruction data 1 〇 6 bytes can be as high as 256 bytes. In other embodiments having different block sizes of instruction data 106 and different main line lengths, the maximum span of two instruction data 106 bytes encrypted with the same secret record may be of different amounts. The primary cipher register 142 for selecting the primary cipher pair 234/236 and the multiplexer 212/214 within the key extension a 152 will also determine the extent of the effective key length extension. The illustrated embodiment is provided with five master key registers 142, the contents of which the master key register 142 supplies can thus be combined, and the multiplexer 212/214 is used for one possible combination from the above. Choose eight roles in the way. After the 256-bit effective key length corresponding to each key pair 234/236 shown in Table 3 is combined with the eight master key pairs 234/236, the effective secret recording length is 2〇48 bytes. That is to say, the span of two instruction data 106 bytes encrypted with the exact same key in the program can be as high as 2048 bytes. To further illustrate the advantages of the key extender 152, the following is a brief description of the attacks common to mutually exclusive encryption programs. If the length of the key used in the mutex encryption operation is shorter than the length of the program data of the encrypted/decrypted program, many of the bytes in the key must be reused, and the number of bytes that are reused depends on the length of the program. And set. This weakness allows the mutex command encryption program to be cracked. First, the hacker attempts to determine the length of the duplicate key. The instructions (1) through (3) shown below are n+1. Second, the hacker assumes that each key-length block in the command data is encrypted with the same secret record. The following is a list of data of a ciphertext length block obtained by encrypting according to a conventional mutex encryption operation: CNTR2449100-TW/0608-A43129-TW/ Final 26 201203108 (1) A h b'/\kn aL· U0 1 aL· 八k '0, where '6' is the byte n of the data of the first key length block, which will be robbed, and the byte n of the data of the second block length block will be encrypted; The heart is the byte η of the key. Third, the hacker performs a mutually exclusive operation on the two blocks, so that the key components are sold to each other, leaving the following contents: (3) ~λ,,...,, eight △, 厶八办ϋ 1 ^ ι \ υ〇υι Finally, since the calculated byte is a function of two pure text bytes, the hacker can statistically analyze the frequency of occurrence of the plain text content in an attempt to obtain the value of the plain text byte. However, the pattern of the encrypted instruction data 106 bytes calculated according to the manner disclosed in Figs. 2 and 3 is as shown in the following descriptions (4) and (5):

(4) bn 0 (5), the byte η' of the instruction data of the 16th byte block not encrypted by the center mark, and the instruction data indicating the encrypted second 16-bit block block CNTR2449100-TW/0608-A43129-TW/ Final 201203108 The byte η, & indicates the byte η of the primary cipher, and & indicates the byte η of the primary dense X γ key y. As mentioned above, the master keys X and y are different keys. Assume that one embodiment provides eight master key pairs 234/236 combinations in five master key registers 142, each of which is a combination of two independent master key bytes in a 2048 byte sequence Perform a mutually exclusive operation. Therefore, when the encrypted data is shifted in any way in the 256-bit block and mutually exclusive, the obtained byte has a complex component of the two master keys, and therefore, it is not explained ( 3) The content of the calculations obtained here is not simply a plain text byte. For example, suppose the hacker chooses to align 16-bit tuple blocks in the same 256-bit tuple block and mutually exclusive operations so that the same key zeros are used in each segment, the byte is The result of the operation is as shown in the description (6). The obtained byte has a complex combination of two master keys: (6) b Ό0

Where η is not 1. Furthermore, if the hacker is replaced by aligning 16-bit tuple blocks selected from different 256-bit tuple blocks and mutually exclusive operations, the byte 0 of the operation result is as shown in the description (7): f \ kr, ±kk〇±k\ ly CNTR2449100-TW/0608-A43129-TW/ Final 28 201203108 . wherein at least one of the master key reads v is different from the primary secret x and y. The mutual exclusion operation of the effective key byte generated by the simulation of the random master key value, 'can find the operation result L + moxibustion' on the mouth 4 ^ ^ \ V soil free ~ J king is now a fairly smooth distribution. Of course, if the hacker chooses to align the 16-bit tuple blocks in different 2048-byte length blocks and mutually exclusive operations, the hacker may obtain similar results as the description (3). However, please refer to the following. First, some programs, such as security-related programs, may be shorter than 2〇48 bytes. Second, the statistical correlation of the instruction bits of the 2048-bit tuple is likely to be very small, making it difficult to crack. Second, as described above, the implementation of the technology can implement the master key register 142 in a larger number, so that the effective length of the decryption key is extended; for example, 16384 bits are supplied by the 12 main buffer registers 142. The decryption key of the tuple length, and even other longer decryption keys. Fourth, the key download instruction 500 and the key switch instruction 6 discussed below enable the programmer to load new values into the master key register 142 to effectively extend the key length by more than 2048 bits. Group, or, if necessary, extend the key length to the full length of the program. Referring now to Figure 4, a block diagram illustrates the flag register 128 of Figure 1 in accordance with the teachings of the present invention. According to the embodiment shown in FIG. 4, the flag register 128 includes a plurality of bits 4〇8 of the standard χ86 register; however, for the new function described herein, the embodiment shown in FIG. 4 will use χ86. The wood structure is generally a one-bit reserved (RESERVED). Specifically, the ticket register 128 includes an E bit block 402. The E-bit field 402 uses CNTR2449100-TW/0608-A43129-TW/ Final 29 201203108 in the E-bit 148 of the repair control temporary storage 144 for switching between encryption and plain text subprograms and/or different encryption. Switch between programs, which will be discussed in detail below. The E bit block 4〇2 indicates whether the currently executed program is encrypted. If the currently executed program is encrypted, E bit clamp 402 is set, otherwise it is cleared. When an interrupt event occurs, control is transferred to another program (for example, interrupt imerrupt, exception exception such as page fault, page fault, or task switch), storing the temporary benefit 128. Conversely, if the control returns to the previous interrupt due to the interrupt event, the flag register 128 is repaired. The design of the microprocessor 1 will update the value of the E bit 148 of the control register 144 with the E bit 4 〇 2 of the flag register 128 when the flag register 128 is repaired, as discussed in more detail below. It. Therefore, if an encryption program is being executed when the interruption event occurs (ie, the extraction unit 104 is in the decryption mode), when the control is returned to the encryption program, the repaired E-bit block 402 bit 148 is set to the state to be repaired. The extraction unit 104 is in a decryption mode. In one embodiment, the E bit 148 and the E bit block 402 are the same specific hardware bit. Therefore, the value in the E bit field 4〇2 of the storage flag register 128 is the storage E bit. 148, and the value of the E-bit field 4〇2 of the repair flag register 128 is the repair E-bit 148. Referring to Figure 5, a block diagram illustrates the format of a key download instruction 500 implemented in accordance with the teachings of the present invention. The key download command 5 includes an opcode 502 block, specifically designated as a key download command 500 in the microprocessor ι〇〇 instruction set. In one embodiment, the value of the opcode field 502 is 〇FA6/4 (x86 field). The key download command 5 includes two transport elements, a male, a key register file target address 504, and a secure storage CNTR2449100-TW/0608-A43129-TW/ Final 30 201203108 Ϊ=,: 506. The secure storage area source address 506 is a secure storage address indicating the key temporary storage|^幸H address. Secret gun register key. In the embodiment, if the 3 8 * effect is obvious! ! If you order the money to load the command _, it will be regarded as no effective security; ^ In addition, the right * full storage area source address is outside the value of 'is regarded as a general protection exception. In the -, the right program tries to be in the micro-processing 1 1〇〇 is not the highest right, X86if0#p, /x86 ring 7 50 2' is regarded as an invalid instruction exception. In some cases, the composition of the μ byte master key may be included in the (four) data field of the encrypted instruction. The real-time data can be moved by the block-block to the secure storage ship 122, which constitutes the secret of the (6) entity. Referring now to Fig. 6 - a block diagram illustrates the format of the EM-instruction _ implemented in accordance with the teachings of the present invention. The cipher command _ includes an opcode 602, specifically a key switch instruction 600 in the microprocessor 1 〇〇 instruction set. The key switch instruction 600 further includes a key register file index block 604 indicating the start of the key register file 124 in a sequence register to load the key into the master key register. 142. In one embodiment, if a program attempts to execute a key switch instruction 600 when the microprocessor 1 is not in the safe mode of operation, it is considered invalid. In one implementation, if a program intends to execute a cipher switch instruction 600 when the microprocessor 1 is not at the highest privilege level (e.g., x86 ring privilege), then it is considered an invalid instruction exception. In one embodiment, CNTR2449100-TW/0608-A43129-TW/ Final 31 201203108 key switching instruction 600 is an atomic operation type (at〇mic), that is, non-interruptible; here, for carrying a person key to the master (10) The other instructions of the register 142 are also the same - for example, the branch and switch key instructions discussed below. Referring now to Figure 7, a flowchart illustrates the operation of the microprocessor 1 of Figure 1, wherein the password switching instruction 600 introduced in Figure 6 is performed in accordance with the teachings of the present invention. The process begins at block 7〇2. At block 702, decoding unit 1 删 8 deletes a key switch instruction and decodes the result into a microcode program of the switch instruction 600. The flow then proceeds to block 7〇4. At block 704' the microcode will download the contents of the primary secret register (4) from the secret register file 124 based on the key register slot index 604. In a preferred embodiment, the microcode starts with the secret register indicated by the index column of the temporary storage, and downloads the consecutive n register contents from the (10) register file 124 as n The key is stored in the master key register 142' where n is the total number of master key registers 142. In an embodiment, the value η may be indicated in an additional space of the key switching instruction 6〇〇, which is set to be less than the total number of the primary secret register M2. The flow then goes to block 706. At block 706' the microcode causes the microprocessor 1 to branch to the subsequent χ86 instruction (i.e., the instruction following the key switch instruction 600), which will result in all new χ86 instructions in the microprocessor 100 that are more recent than the key switch instruction 600. It is emptied, causing all micro-operations in the microprocessor 100 to be switched to the micro-operation of the χ86 command to be emptied. The above emptied instructions include all of the instruction octets 1 〇 6 that are extracted from the instruction cache 102, buffered in the fetch unit 1 〇 4, and decoded in the decoding unit 108 for decryption and decoding. Flow proceeds to block 708. CNTR2449100-TW/0608-A43129-TW/ Final 32 201203108. The operation of the knife-to-sequence command, the new 102 extracted into the master key register 142, and the decrypted instruction data are at block 708. Based on block 706, the unit 104 begins to use the block 7〇4 set of key values to self-command. Take the memory 106. The process ends at block 7-8. As shown in Fig. 7, the key switching instruction (4) causes the encryption program being executed to be changed from the instruction cache 1G2 and is changed to be stored in the master key temporary storage H 142 for decryption of the encryption program. Content. The master key temporary storage technology enables the effective secret recording length of the encrypted program to exceed the length of the innate support of the extracting unit 1G4 (for example, the hierarchical group provided by the embodiment of FIG. 2); The program shown in the figure, if it is operated by the microprocessor 1 in Figure 1, the hacker will be more difficult to break the security protection of the computer system. Referring now to FIG. 8, a block diagram illustrates a memory usage (mem〇ry fo〇tprint) 800 of an encryption program that is implemented in accordance with the teachings of the present invention, wherein the key switching instruction 6 shown in FIG. 6 is employed. Hey. The encryption program memory shown in Fig. 8 includes a continuous number of "block chunk" instruction data bytes by 4 8 (9). The content of each "block" is a sequence of multiple data bytes (which are pre-encrypted data), and the command data bits belonging to the same "block" are grouped by the same set of master keys. The register 142 is numerically decrypted. Therefore, the boundaries of the two different "blocks" are defined by the key switch instruction 600. That is to say, the upper and lower bounds of each "block" are distinguished by the location of the secret switching instruction 600 (or, for example, the first "block" of a program whose upper bound is the beginning of the edge program; Take the last "block" of the program as an example, the lower bound is the end of the program). Therefore, the number of "block" instructions CNTR2449100-TW/0608-A43129-TW/ Final,, 201203108 is determined by the extraction unit 1〇4 based on the different sets of master key registers l42, meaning "each" The decryption of the block "instruction data byte" is based on the value of the master key register 142 loaded by a key switch instruction 600 supplied by the previous "block". The post-processor of the encryption program knows the memory address of each key switching instruction 600, and uses the resource §fl—that is, extracts the relevant address bit of the address—to cooperate with the key switching instruction. The 6〇〇 key value generates an encryption key byte to encrypt the program. Some object file formats (object file f0rmat) allow the programmer to indicate where the program is loaded into the memory, or at least specify a specific size alignment (eg, page boundary) to provide sufficient address information to encrypt the program. . In addition, some of the operating system defaults are to load the program onto the page boundaries. The key switch instruction 600 can be placed anywhere in the program. However, if the key switch instruction 600 loads a particular value into the master key register 142 for use by the next "block" instruction data byte decryption, and the key switch instruction 6 (or even the key load instruction) The position of 500) causes the length of each "block" to be shorter than, or equal to the effective key length that the extraction unit 1〇4 can handle (for example, the 2048-bit group disclosed in Figure 2) It can be encrypted with a key of effective length equal to the length of the overall program, which is a fairly robust encryption method. Moreover, even if the use of the key switch instruction 6〇〇 is such that the effective key length is still shorter than the length of the encryption program (i.e., the same set of master key register 142 values are used to encrypt multiple "blocks" of a program. ), changing the "block" size (for example, not limited to all 2G48 bytes) can increase the difficulty of the hacker cracking system, because the hacker must first judge the value of the same set of master key register 142. Where the block is located, and the size of the "blocks" of different lengths must be determined. CNTR2449100-TW/0608-A43 丨 29-T W/ Final 34 201203108 It is worth noting that the key switching instruction _ switches a considerable amount of clocks, the main θ, the current dynamic key is empty. Furthermore, in one embodiment, = because the pipeline must be implemented with a micro-dealer, usually at = change command _ is mainly slow. Therefore, the code develops two commands, the speed of execution and the security of the specific application. Seeking a balance between the present and now, referring to Figure 9, a block diagram illustrates the format of a branch and switch key instruction 900 that is rooted. The technique of the present invention is a necessity for switching the key command 900. . ". First, the branch is described. According to the above disclosure, (10) the extracted instruction fetch unit of each 16-bit block is added.

, Mutual exclusion technique) The encrypted secret record used for encryption is used to decrypt (mutually exclusive) the extracted blocks of the UM 16-bit tuple decryption keys 174. The byte values of each of the parameters are obtained by the extracting unit just based on the decrypted secret m: the instruction of the 16-byte block extracted by the main seed rounding calculation stored in the main secret register 142 Data and partial bits (exemplified by the embodiment disclosed in FIG. 2, the bit-r 4 is thus encrypted, and the program is executed by the microprocessor 100. It will be known that it will be stored in the main secret (four) memory 142. The main secret ☆ - post-processor and one address (or more limited to the number of related addresses of the address: Yuan 2: the address indicates that the silk will be carried in the memory, and micro) '" address here - Extract a number of blocks of the encryption program in series; means: 2 will be from the above-mentioned Gongxun's post-processor to generate a solution 1 base CNTR2449100-TW/0608-A43129-TW/Final 35 on /兮Value, 201203108 Each of the 6-bits used to encrypt the program is discussed above, when a branch refers to the data of the person or ghost. The extraction unit 104 predicts and/or is executed by the branch '^. Never changed (via secret control. That is, mention: single two arithmetic decryption surface 174, secret two = ^ ^ instruction number 1〇6, and the instruction in the instruction data 106 is decrypted by the branch. However, the program switching instruction 6GG) the ability of the master key to temporarily store the value of 11142 is not limited to a set of master keys. The value 撼"m/, money 174 of the memory 142 decrypts the "block instruction data 襄" of the branch instruction and estimates the value of the different privileged register 142 with different sets of keys (4) cipher m decrypts the branch instruction The instruction in the data block 106 of the block indicated by the target address. One way to solve this problem is to limit the branch target address to the same block - "block". Another solution is to use the 9th figure. The disclosed branch and switch key instruction_. Referring again to Figure 9, a block diagram illustrates the format of the branch and switch secret command 9(9) implemented in accordance with the teachings of the present invention. Branch and switch secret entry 7 900 includes opcode 9 〇 2 ,, which indicates that it is the 7 支 branch and the switch 8 input finger in the microprocessor 1 〇〇 々 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 分支 。 分支 分支 分支 分支 分支 分支 分支 分支 分支 904 904 904 904 904 , marked in the secret register slot 124 - serial register At the beginning, the secret record is loaded into the main secret register 142. The branch and switch key instruction 9GG further includes a branch information field 9G6, which records a typical f signal of the branch instruction - for example, the calculation target CNTR2449100-TW/ 0608-A43129-TW/ Final 201203108 Information on the address and branch conditions. In one embodiment, if a program attempts to execute a branch and switch key instruction 900 when the microprocessor 100 is not in the secure execution mode, then Treated as an invalid instruction exception. In one embodiment, if a program attempts to perform a branch and switch key command when the microprocessor 100 is not at the highest privilege level (eg, 'x86 〇 〇 〇 ) )) It is treated as an invalid instruction exception. In one embodiment, the branch and switch key instruction 900 is atomic. Referring to Figure 10, a flowchart illustrates the operation of the microprocessor of Figure 1. The branch and switch key instructions 900 disclosed in Figure 9 are performed in accordance with the teachings of the present invention. The process begins at block 1〇〇2. At block 1002, the decode early element 108 decodes a branch and switch cipher command 900 and substitutes it into the microcode unit 132 to implement the microcode program of the branch and switch key instruction 900. The flow then proceeds to block 1〇〇6. At block 1006, the microcode resolves the branch direction (with or without) and the target address. It is worth noting that for unconditional branch instructions, the direction of the household is used. The flow then proceeds to decision block 1008. At decision block 1008, the direction in which the microcode decision block 1006 is resolved is taken. If the process is used, block 1014 is entered. Otherwise, the flow proceeds to block 1012. At block 1012' the microcode does not switch the secret record, or jumps to the target address because the branch operation is not taken. Flow ends at block 1012. At block 1014', the microcode loads the secret iron self-secret register broadcast 124 into the master key temporary cry 142 based on the key register file index slot 904'. In a preferred embodiment, the microcode starts with the location indicated by the key register file index block CNTR2449100-TW/0608-A43129-TW/ Final 37 201203108 904, and the key register is stored in the file 124. The n cryptographically described n cryptographically loaded primary cipher registers 142, where n is the total number of primary key registers 142. In one embodiment, the value of η may be recorded in an extra space of the branch and switch cryptographic instructions 9〇〇, set to a value less than the total number of master key registers 142. Flow then proceeds to block 1016. At block 1016, the microcode causes the microprocessor 1 to jump to the target address solved by block 1〇〇6, which will result in all new χ86 instructions in the microprocessor 1 较 branch and switch key instruction 900 new. It is emptied, causing all micro-ops in the micro-operation of the microprocessor 1 to branch to the target address to be emptied. The above emptied instructions include all instruction octets 1 〇 6 that are extracted from the instruction cache 1 〇 2, buffered in the extraction unit 104, and decoded in the decoding unit 〇 8 for decryption and decoding. The flow then proceeds to block 1-8. At block 1018, as block 1 〇 16 branches to the target address, extraction unit 104 begins with block 1 〇 14 loading a new set of key values for master key register 142 from the instruction cache. 1〇2 extracts and decrypts the instruction data 106. The flow ends at block 1 〇 18. - Now, referring to the 11th ffi' - flowchart illustrates the operation of a post processor implemented in accordance with the teachings of the present invention. A software tool that can be used to post-process a program and encrypt it for execution by the first Figure processor. The process begins at block 1102. At block 1102, the post processor receives a destination file of a program. According to one embodiment The target address of the branch instruction in the destination file can be determined before the execution of the program; for example, a branch instruction pointing to a fixed target address. There is another form of branch instruction in the spear-type operation to determine the target address. , for example CNTR2449100-TW/0608-A43129-TW/ Final 38 201203108 such as 'relative branch instruction, which records an offset, used to add the memory address of the branch instruction, In order to obtain the branch destination address, on the contrary, the branch instruction that the target address does not determine before the execution of the program, an example of which is based on the memory of the register or the memory is different from the target address. 'Therefore, its value may change during program execution. The flow then proceeds to block 11〇4. At block 1104, the post-processor replaces the inter_chunk branch instruction with the branch and switch key instruction 9〇〇 The instruction 900 stores an appropriate value in the key register file index space 〇4, which is based on the setting of the target address of the branch instruction. As disclosed in Fig. 8, a "block" It is composed of multiple data blocks: It consists of data bytes and will be decrypted by the same set of master key register values. Therefore, the "block" in which the target address of the cross-block branch instruction is located is different from the "block" of the branch instruction itself. It is worth noting that the intra-block branch—that is, the branch address with the same target address as the “block”—does not need to be replaced. It is worth noting that the original slot (like fUe) is generated to produce the destination slot and the program explicitly includes branching and switching commands to reduce the burden of post-processor replacement operations. Flow proceeds to block 1106. $ At block 1106, the post processor encrypts the program. The post processor knows the memory location of each - "block" and the value of the master key register 142 and uses it to add the program. The process ends at block 1 1 . Now, the reference to the fourth embodiment of the present invention is implemented in another embodiment of the present invention. The branch and switch key instructions shown in the format 12 are applied to the target CNTR2449 丨00-TW. /0608-A43129-TW/Final 39 ^ 201203108 The program is an unknown branch operation before execution, which is discussed in more detail below. The branch and switch cryptographic instructions 1200 include an opcode 1202 field to indicate that it is a branch and switch key instruction 12 within the instruction set of the microprocessor 100. The branch and switch key instruction 12A also includes a branch information field 906, which is similar to the field of Figure 9 and the switch key command 9〇〇. In one embodiment, if a program attempts to execute a branch and switch key instruction 12 when the microprocessor 100 is not in the secure execution mode, it is considered an invalid instruction exception. In one embodiment, a program that attempts to execute a branch and switch key instruction 1200' when the microprocessor 1〇0 is not at the highest privilege level (e.g., χ86 〇 〇 〇) is considered an invalid instruction exception. In one embodiment, the branch and switch key instructions 12 are atomic. Referring now to Figure 13, a block diagram illustrates a "block" address range table 13〇〇 implemented in accordance with the teachings of the present invention. Table 13〇〇 includes multiple units. Each = unit is associated with a "block" of the encryption program. Each unit includes a location range field 1302 and a key register slot index shelf 13〇4. The address of the address block 13G2 indicates the memory address range of the corresponding "block". The key register file is located in the register 1304, which indicates the register of the password register 12, which is branched and switched. The key instruction 12 暂 stores the silk value stored in the index and stores the temporary record of the master record ^ 14 : decrypts the "block" for use. Refer to Figure 18 below for the discussion of =: need to access the table · the branch of the content and switch the secret (four) / 1200 before loading the microprocessor ι〇〇. Referring now to Figure 14, a flow chart diagram of a microprocessor is used to perform the 12th branch and the key command 12〇〇 in accordance with the teachings of the present invention. The process begins at block 14〇2. < CNTR 2449100-TW/0608-A43129-TW/ Final 40 201203108 At block 1402, decoding unit ι 8 decodes a branch and switch key instruction 1200 and substitutes it into microcode unit 132 to implement branch and switch pinch instructions 1200 Microcode program. Flow then proceeds to block 1406. At block 1406, the microcode resolves the branch direction (with or without) and finds the target address. The flow then proceeds to decision block 14〇8. At decision block 1408, the branch direction resolved by the microcode decision block 14〇6 is taken. If so, the flow proceeds to block 1414. Otherwise, the flow proceeds to block 1412. At block 1412, the microcode does not switch the key, or jumps to the target address because the §Hai branch is not taken. Flow ends at block 1412. At block 1414', the microcode queries the table shown in FIG. 13 based on the target address solved by the block 14〇6, and obtains the key register file index field corresponding to the “block” in which the target address is located. 13〇4 content. The microcode then loads the secret value into the primary pinch 142 from the key register file 124 based on the index' recorded in the key register file index block 13〇4. In a preferred embodiment, the microcode is stored according to the index stored in the cipher register: the index 1304, and the n key values stored in the adjacent temporary storage 载The master master key register: 总数 'where ' η is the total number of secret secret temporary _ 142. In the formula, the value η can be recorded in the branch and switch key instruction 12(9): in the donor block, set to be less than the total number of master key registers '142, and the entry block 1416. Qian Xiangjin at block 1416, the micro-generation causes the target address of the microprocessor 1G0 branch 1406 to be solved, which will cause all the χ86# commands in the microprocessor 1 (10) to switch the key command 1200 to be cleared: CNTR2449100-TW/0608-A43129-TW/Final 'Processing 201203108 All micro-operations in the micro-operation within the device 100, which are branched to the target address are/monthly. The above cleared instructions include all instruction byte groups 106 extracted from the instruction cache 102, buffered in the extraction unit 104, and decoded in the decoding unit 1-8 for decryption and decoding. Flow then proceeds to block 1418. At block 1418, as block 1416 branches to the target address, extraction unit 104 loads a new set of street records for primary cc register 142 using block 1414, and begins extracting from instruction cache 1 〇 2 And the instruction data 106 is decrypted. The process ends at block 418. Referring now to Figure 15, a block diagram illustrates the format of a branch and switch key command 15A implemented in accordance with another embodiment of the present technology. The branch and switch key command 15 shown in Fig. 15 and its operation are similar to the branch and switch key command 12 shown in Fig. 12. However, instead of loading the key from the key register file 124 to the master key register 142, the branch and switch key instruction 1500 loads the key from the secure storage area 122 to the master key register 142. Discussed below. Referring now to Figure 16, a block diagram illustrates a "block" address range table 1600 implemented in accordance with the teachings of the present invention. The table 16 shown in Fig. 16 is similar to the table 1300 shown in Fig. 13. However, instead of including a pin buffer register index field 1304, table 1600 includes a secure memory address block 1604. The secure memory area address field 1604 records an address within the secure memory area 122, and the key value stored by the address must be loaded into the master key register 142 by the branch and switch key instruction 1500 for the extraction. Unit 1〇46 is used when decrypting the "Block". The following discussion refers to the contents of Figure 18, which is loaded into the microprocessor 1 before the branch that needs to query the table 16 and the switch key instruction 1500 are executed. In one embodiment, the CNTR2449100-TW/0608-A43129-TW/ Final 42 201203108. The more healthy bits of the (4) 122 (4) are stored in the secure memory area address field 1604, especially because it is stored in the secure storage area 122. - New: The total number of locations of the keys is quite large (for example, 16 bits ^ 5), and the secrets can be aligned along a set size. The operation of the microprocessor of Fig. i is now illustrated by reference to Fig. 17 which illustrates the branching and switching of the secret instructions 1500 of Fig. 15 in accordance with the teachings of the present invention. The process begins at block 17〇2. Many of the blocks of the flowchart of Fig. 17 are similar to the many blocks of Fig. 14, and therefore the same numbers are used. However, block 1414 is replaced by block 1714, and the microcode is based on the table 16 of Figure 16 of the target address obtained by block 14^ to obtain the secure block address of the "block" in which the target address is located. Field 16〇4 value. The microcode then loads the key value from the secure storage area 122 into the primary secret register 142 based on the secure storage area address field 16〇4 value. In a preferred embodiment, the microcode is loaded into the master key from the secure storage area 122 by n values of the n adjacent 16-bit tuple spatial locations from the secure storage area 122 by the value of the secure storage area address field 16〇4. 142, where n is the total number of master key registers 142. In an embodiment, the value η can be recorded in an additional block in the branch and switch key instruction 1500, set to be less than the total number of master key registers. °° Referring now to Figure 18, a flow diagram illustrates the operation of a post processor implemented in accordance with another embodiment of the present invention. The post processor can be used to post-process a program and encrypt it for execution by the microprocessor ι of Figure i. The flow begins at block 1802. At block 1802, the post processor receives the destination file of a program. According to an embodiment, the branch instruction in the destination file may be determined before the execution of the target address in the program, and the target address may not be determined before the execution of the program. The flow then proceeds to block 1803. At block 1803', the processor creates a "block" address range table 1300 or 1600' of Figure 13 or Figure 16 for inclusion in the target slot. In one embodiment, the operating system loads the table 1300/1600 into the microprocessor 100 prior to loading and executing an encryption program to enable branch and switch key commands 1200/1500 to be accessed. In one embodiment, the post processor inserts an instruction' in the program to load the table 13/16 to the microprocessor 100 before any branch and switch pinch instructions 1200/1500 are executed. Flow then proceeds to block 1804. At block 1804 'similar to the operation discussed above with respect to block 1104 of the second figure', the processor will determine the cross-block branch instruction determinable for each pre-execution target address with the branch and switch key instruction 900 of FIG. Instead, instruction 900 records the appropriate key register file index field 904 value based on the "block" in which the branch instruction target address is located. Flow then proceeds to block 1805. At block 1805, the post processor limits each branch instruction that determines the target address during execution to the branch and switch key shown in FIG. 12 or FIG. 15 according to the table type (1300/1600) generated by block 1803. The key instruction 1200 or 1500 is replaced. Flow then proceeds to block 1806. At block 1806, the post processor encrypts the program. The post processor knows the memory location of each "block" and the value of the master key register 142, which will be used to encrypt the program. Flow ends at block 1806. Referring now to Figure 19, a flow chart illustrates the operation of microprocessor 100 of Figure 1, wherein the task switching between the encryption program and the plain text program is handled in accordance with the teachings of the present invention. The process begins at block 1902. CNTR2449100-TW/0608-A43129-TW/ Final 44 201203108 4

• The _ at block 1902 ’ flag, the E bit E of the E bit field 402 of the scratchpad 128, and the E bit 148 of the first picture control register 144 are cleared by the reset operation of the microprocessor (10). Flow proceeds to block 1904. At block 1904, the microprocessor 1 is performing its reset microcode execution, and begins to extract and execute the user program instructions (eg, the system is a plain text subroutine instruction. In particular, due to the E bit For example, as described in the second and second months, the extracting unit 1〇4 regards the extracted command data 1〇6 as a plain text command. The flow then proceeds to block 19〇6. • At block 1906, the system firmware (eg, the operating system) , firmware, basic input/output system BIOS, etc.) receive a request (reqUest) to execute an encryption program. In one embodiment, the above requirements for executing an encryption program are accompanied by, or by, a switching operation indication, Switching to a secure execution mode of the microprocessor 100 is as discussed above. In one embodiment, the microprocessor 100 is allowed to operate in a decryption mode only when in the secure execution mode (ie, 'E bit 148 is set State). In one embodiment, the microprocessor 100 is only allowed to operate in a decryption mode in a system management mode, such as the SSM common in the x86 architecture. The process then proceeds to block 1908. At block 1908, the system software loads its initial value 'in the master key register 142' with the first "block" to be executed in the program. In one embodiment, the system software executes A key switch instruction 600 downloads the secret record to the master key register 142. Before loading the key to the master key register M2, the contents of the register register 124 can be made up of one or more keys. The load instruction 500 is loaded. In one embodiment, the secure storage area 122 can be CNTR2449100-TW/0608-A43129-TW/ before being loaded into the primary secret register 142 and the key register file 124. Final 45 201203108 is written to the secret value, where the writer encrypts the channel via common secure channel technologies such as 'AES or RSA to prevent hackers from snooping their values. As discussed above, the above key values can be stored. In a secure non-volatile memory (such as flash memory) via a separate serial bus (10) she _ (four) face the microprocessor, or, in the presence of a micro-control (10), a non-issued single write Memory. As discussed above, the program can be packaged In a single block, that is, the program may not include the secret switch instruction _, and the entire program may be decrypted by the single-set master key register 142. The flow then proceeds to block 1916. The transfer to the encryption program, the microprocessor 100. The E bit block 4〇2 of the scratchpad 128 indicates that the currently executed program is the encrypted type 'and the E bit Γ48' of the control register 144 is set. The extracting unit 104 is in the decryption mode. The microprocessor 1 causes the instructions in the pipeline to be refreshed, the action of which is similar to the refresh operation performed by the block 7-6 of FIG. Flow then proceeds to block 1918. At block 1918, the extraction unit 106 extracts the instructions 106 within the encryption program and decomposes and executes it in a decryption mode with reference to the techniques disclosed in Figures 1 through 3. Flow then proceeds to block 1922. At block 1922, when the microprocessor @1〇〇 extracts and executes the encryption program, 'microprocessing|§ 100 receives an interrupt event. By way of example, the interrupt event can be an interrupt intemipt, an exclusive f exeeptiQn (such as a page fault page fault), or a task switch task switch. When an interrupt event occurs, all pending instructions of the microprocessor 100 pipeline are cleared. So, if there are any previously extracted encryption instructions in the pipeline, clear them. In addition, all the instruction bits extracted from the instruction cache 102 and possibly buffered and stored in the extraction list CNTR2449100-TW/0608-A43129-TW/ Final 201203108 • 70 104 and the decoding unit 108 are waiting to be decrypted and decoded. The group will be cleared. In one embodiment, the microcode is evoked to respond to an interrupt event. Flow then proceeds to block 1924. At block 1924, the microprocessor 1 stores the flag register 128 (and other structural states of the microprocessor 100, including the date of the interrupted encryption program), to a bunch of abundance Memory (stack mem〇ry). Storing the E-bit block 402 value of the encryption program will cause it to be repaired in subsequent operations (at block 1934). Flow then proceeds to block 1926. At block 1926, when control transfers to a new program (eg, interrupt handler interrupt handler, exception handler exceptioni〇nhandler, or new task), microprocessor 100 clears E-bit field 402 of flag register 128. And control the E bit 148 of the register 144 to cope with the new program of plain text. That is, the embodiment shown in Fig. 19 assumes that the microprocessor 100 is allowed to operate only one encryption program at a time, and that an encryption program is already executing (but is interrupted). Figures 22 through 26 additionally disclose other embodiments. Flow then proceeds to block 1928. At block 1928, the extracting unit 104 extracts the instructions 1〇6 of the new program in plain text mode with reference to the contents of the maps to the third figure. In particular, controlling the clear state of the E bit 148 in the scratchpad 144 causes the multiplexer 154 to mutually exclusive operation of the instruction data 106 with the binary zero value 176 of the multi-bit such that the instruction data 106 is not decrypted. Flow then proceeds to block 1932. At block 1932, the new program executes a return operation from an interrupt instruction (e.g., x86 IRET) or the like, such that control returns to the encryption process. In one implementation, the operation returned from the interrupt instruction is implemented by microcode. Flow then proceeds to block 1934. CNTR2449100-TW/0608-A43129-TW/ Final 47 201203108 In block 1934 'Respond to the operation returned by the aforementioned self-interrupt instruction, since the control is transferred back to the encryption program, the microprocessor (10) repairs the flag register 128, so that the flag is temporarily The E bit of 11 128 is moved back to the set state stored in the previous block 1924. The flow then proceeds to block 1938. At block 1938, the control is transferred back to the encryption program, and the microprocessor updates the control register bit 148 with the value of the E-bit field 402 of the flag, register 128, so that the extraction unit (10) extracts j and decrypts the addition. Ride the ride data 1G6. - Sweaters. At block 1942, the microcode causes the microprocessor to branch to the previous block = 24 to store the command indicator values stored in the stacked dragon towel, such that all X86 commands in the microprocessor 100 are cleared and the microprocessor is enabled. All the micro-operations in the 〇. The β-empty content includes all the instruction bits extracted from the instruction cache 1〇2, the buffer temporary extraction list mx, and the decoding unit (10) waiting to be decrypted and decoded, and 1G6. Hybrid entry block 1944. At block 1944 'S take a single illusion 4 f new start to extract the certificate 106 ' in the encryption program and refer to the techniques disclosed in Figures! through 3 to decrypt and decrypt in the decryption mode. The flow surface is bundled into block 1944. Referring now to Figure 20, a flow chart illustrates the operation of the system software implemented in accordance with the teachings of the present invention, and (iv) the microprocessor (9) of the figure is executed. The figure content is executed. The process begins at block 2002. At block 2002, the system software receives a request to execute a new encryption program. The flow then proceeds to decision block 2004. At decision block 2004, the system software determines this - plus Whether the program is a program that the system is already executing. In the embodiment, the system software is marked with the - flag, whether it is the program that has been executed in the secret CNTR2449100-TW/0608-A43129-T W / Final 48 201203108 The process enters 1. If the encryption program is the program __ box 2006 of the system already executing, otherwise, the flow proceeds to block 2〇〇8. In block 2006, the system is waiting for the encryption program to execute. And then one of the programs in the system execution. The flow then proceeds to block 2〇〇8 and not in block 2008, the microprocessor 100 allows the new encryption program to start. The flow ends at block 2008. Now, refer to Figure 21. According to another embodiment of the present technology, a block diagram of the flag register 128 of FIG. 1 is illustrated. The flag register 128 of the 21st is similar to the embodiment shown in FIG. 4, and the comparison chart includes an index column. Index bits 2104. According to one embodiment, the scoring index 2104 is similar to the E-bit 402. The index field 2104 is used to handle the switching of multiple encryption programs, as discussed in detail below. More The embodiment is that the 'key switching instruction 6' and the eight-to-switch and secret-recording instructions 900 Π 200 update the index field 21 〇 4 of the flag register 128 with its own cryptographic register index shelf 604/904/1304. Now, referring to Fig. 22, a flowchart illustrates the operation of the microprocessor of Fig. i, wherein the technique according to the present invention adopts the standard, the temporary storage, and the plurality of post-programs shown in Fig. 21. The task is switched. The process proceeds to block 2202. At block 2202, a request is sent to the system software to execute a new encryption program. Flow then proceeds to decision block 2204. At decision block 2204, the system software determines if there is room in the key register file for a new encryption program. In an implementation, the requirement generated by block 2202 will indicate how much space is needed in the key register file 124. If the cipher register file 124 has space = new CNTR2449100-TW/0608-A43129-TW/ Final 49 ^ 201203108 encryption program, the flow proceeds to block 2208, otherwise, the flow proceeds to block 2206. At block 2206, the system software waits for one or more encryption programs to complete, causing the key register file 124 to make room for the new encryption program. Flow then proceeds to block 2208. At block 2208' the system software configures the space in the key register file 124 to the new encryption program, and then fills in the index field 2104 in the flag register 128 to indicate the key register file 124. Newly configured space. Flow then proceeds to block 2212. The key value for the new program is loaded at block 2212' where the system software loads the key register file 124 at block 22〇8. As discussed above, the loaded key value can be retrieved from the secure storage area 122 by a key download command 5 or, if necessary, securely taken from the external location of the processor 100. The process then proceeds to feed 2214. Λ At block 2214, the system software loads the secret file from the key register slot 124 to the fourth register 142 based on the secret register file 604/904. In one embodiment, the 'system software execution-key: change instruction 6GG manned key master key 142. The flow then proceeds to block 2216. At block 2216, the microprocessor 100 sets the location of the scratchpad 128 to indicate that the currently executing program is in the encrypted version and sets the control register 144 as the control is transferred to the encryption program. Bit Μ 8 sets the extraction list it 1 () 4 as the decryption mode. The process ends at block 2216. Referring now to Figure 23, a flow chart illustrates the operation of the second embodiment of the microprocessor CNTR2449100-TW/0608-A43129-TW/ Final 50 201203108, wherein the flag shown in Figure 21 is employed in accordance with the teachings of the present invention. The buffer 128 handles task switching between multiple encryption programs. The rogue begins at block 2302. At block 2302, the currently executing program performs a return operation, returning from the interrupt instruction, causing a task to switch to the new program; the new program was first executed but was skipped, and its structural state (eg, flag) The scratchpad 128, the instruction indicator register, and the general purpose register have been stored in the stacked memory. As previously mentioned, in one embodiment, the operation returned from the interrupt instruction is implemented by microcode. The currently executing program and the new program can be either an encryption program or a plain text program. Flow proceeds to block 2304. At block 2304, the microprocessor ι repairs the index, scratchpad 128 based on the stacked memory to cope with the program that continues to return. That is, the microprocessor 100 reloads the value of the flag register 128 stored in the stacked memory when the continuation program (i.e., the program currently being swapped back) is previously swapped out to the flag register 128. The flow then proceeds to decision block 23〇6. At decision block 2306, the microprocessor ι determines whether the E bit 402 of the repaired flag register 128 is in the set state. If so, the flow proceeds to block 2308; otherwise, the flow proceeds to block 2312. At block 2308, the microprocessor 1 loads the key into the key register file 124 according to the EFLAGS register 128 index clamp 2104 value as fixed at block 2304. Flow then proceeds to block 2312. At block 2312, the microprocessor 1 updates the contents of the E bit 148 of the control register 144 to the value of the E bit field 402 of the flag register 128 repaired by block 2304. Therefore, if the subsequent program is an encryption mode, the extraction unit 104 is set to the decryption mode. Otherwise, it is set to CNTR2449100-TW/0608-A43129-TW/ Final 51 201203108 plain text J mode. Flow then proceeds to block 23M. The complex commander 1〇 is trimmed with the contents of the stacked memory, and the action material is divided by the micro; the 4 points/qing to the instruction index refers to the bits except the micro-operation of the microprocessor: The buffer is temporarily stored in the extracting unit just after; = dense 'decoded all instruction byte 1 〇 6. In the second step, the extracting unit 104 extracts the instruction 106 from the continuation program with reference to FIG. 1 to FIG. 3, and operates on the value of the 148 bits of the control register 144 obtained by the block 2312 to decrypt: word mode operation. Flow ends at block 2316. Another block diagram of a single register of the key register file 124 of FIG. 1 is illustrated in accordance with the present invention. According to the embodiment shown in Fig. 24, each key register file U4 further includes a bit element - a kill bit (hereinafter referred to as a κ bit). The bit 2402 is used to cope with the multitasking operation of the microprocessor 100 for a plurality of encryption programs, the total of which requires a key storage space larger than the space size of the key register file 124, It will be detailed. Referring now to Figure 25, a flow chart illustrates the operation of microprocessor 1 of Figure 1 wherein the flag register 128 of Figure 21 and the key register file 124 of Figure 24 are in accordance with the teachings of the present invention. Another implementation that implements task switching between multiple encryption programs. The process shown in Figure 25 is similar to the process shown in Figure 22. The difference is that the decision block 2204 determines that the key is temporarily stored CNTR2449100-TW/0608-A43129-TW/ Final 52 201203108 When there is not enough free space in the file 124, the process of Figure 25 will enter block 2506 instead of not present in Figure 25. Block 2204. Alternatively, if decision block 2204 determines that there is sufficient free space in the key register file 124, then the flow of Fig. 25 also proceeds to block 2208 through block 2216 of Fig. 22. At block 2506, the system software sets the space in the key register file 124 that has been used by other encryption programs (i.e., has been configured) (i.e., the scratchpad is set, and sets the κ bit of the configured scratchpad 24〇) 2 is the set state, and the index field 2104 of the temporary register 128 is marked to indicate the position of the new configuration space in the key register file 124. The setting state of the κ bit 〇2 is The key value indicating the other encryption program in the register will be overwritten by the operation of block 2212 as the key value of the new encryption program. However, as described in Figure 26 below, the key values of other encryption programs will be In its return procedure, it is reloaded by block 2609. The flow of Fig. 25 proceeds to block 2506, which in turn leads to block 2212 shown in Fig. 22, ending at block 2216. 'Now' see Fig. 26, a flowchart illustration The operation of the microprocessor (9), wherein the task register between the plurality of encryption programs is implemented by the flag register 128 of FIG. 21 and the key register file 124 of FIG. 24 in accordance with the teachings of the present invention. Embodiment. Figure 26 The flow is similar to the flow shown in Figure 23. The difference is that if decision block 23〇6 determines that E-bit 402 of flag register 128 is set, then process 26 enters decision block 2607 instead of block 2308. At block 2607, the microprocessor 1 determines, in the key register file 124, the K bit of any register indicated by the flag, the temporary state 128 index block 21〇4 (fixed in block 2304). Whether the element 2402 is a set CNTR2449100-TW/0608-A43129-TW/ Final q 201203108 state. If yes, the flow proceeds to block 2609; if not, the flow proceeds to block 2308. At block 2609, the microprocessor 1 generates a An exception alert (excepti〇n) The parent is handled by an exception handler. In one embodiment, the exception handler is designed in the system software. In one embodiment, the exception handler is provided by the secure execution mode framework. The flag register 128 fixed by 〇4 indexes the value of the block 2104, and the exception handler reloads the key of the currently repaired 2 crypto program (that is, the cipher program that is now returned) into the key register. Case 24. The exception handler can be actuated similar to block 1908 mentioned in the previous section 19^, loading the key of the repaired encryption program into the read register file #124, or, if necessary, from the microprocessor. = The external key is carried in the secure storage area 122. Similarly, if the reloaded register in the secret register slot 124 is used by other encryption programs, the system software will cause its temporary storage. The κ bit is set as the detachment. The flow then proceeds from the block to enter 2_, and the block is recommended to 23 to refer to Figure 23. As taught in Figures 24 to 26, the embodiment 3 described herein: the microprocessor 100 is capable of performing multi-tasking operations of a plurality of encryption programs, so that the encryption program requires a combination of dense riding space and more than dense 124 space. size.讦 Given now, reference is made to Figure 27, which is a modified embodiment of the invention modified from the ^(10). Similar to the figure i, the same number is used; for example, 'instruction cache memory 1〇2, mentioning 1〇4 and key register file 124. However, the extraction unit here has been modified to include more than the immortal logic 2712, which is introduced by the younger map.

CNTR2449100-TW/0608-A43129-TW/ Final cA 201203108 Master Keypad File 42 and Keypad File 124. The U processor 1 of Fig. 27 further includes a branch target address cache (BTAC) 2702. The BTAC 2702 receives the extracted address 134 as disclosed in FIG. 1 and is parallel to the access of the instruction cache 1 〇 2, based on the extracted address 134. According to the extracted address 134, the BTAC 2702 supplies the branch target address 2706 to the extracted address generator 164 disclosed in FIG. 1 to supply a adoption/non-use index (T/NT indicat〇r) 27〇8 and a type index. (type indiCator) 2714 gives key switching logic 2712 and supplies a DT register (krj7) index 2716 to key register file 124. Referring now to Figure 28, a block diagram is more detailed in accordance with the teachings of the present invention.

The BTAC 2702 of Figure 27 is illustrated. The BTAC 2702 includes a BTAC matrix 2802' having a plurality of BTAC units 2808 therein, and FIG. 29 illustrates the contents of the BTAC unit 2808. The information stored by the BTAC 2802 includes historical information of previously executed branch instructions to predict the direction of the branch instruction to be executed and the destination address. In particular, BTAC 2802 will use the stored history information to predict the subsequent occurrence of the subsequent execution of the branch instruction based on the extracted address 134. For branch target address cache operations, refer to the common branch prediction techniques. However, the BTAC 2802 disclosed in the present invention is more modified to record historical information of previously executed branch and handover key commands 9 〇〇 / 12 , for related prediction operations. In particular, the stored history record enables the BTAC 2802 to predict during the extraction time that the extracted branch and switch key instructions 900/1200 will be loaded into the set of values of the master key register 142. This operation enables the key switch logic 2712 to load the key value before the branch and switch secret record instructions 900/1200 are actually executed, avoiding being limited by the need CNTR2449100-TW/0608-A43129-TW/ Final 55 201203108 Execution of the post-switching instruction 900/1200 clears the in-line valley of the microprocessor 1 ,, which will be discussed in detail below. Moreover, according to one embodiment, BTAC 2802 is further modified to store historical information including previously executed key switching instructions 600 to achieve the same effect. Referring now to Figure 29, a block diagram illustrates the contents of BTAC unit 2808 of Figure 28 in more detail in accordance with the teachings of the present invention. Each unit 2808 includes a valid bit 2902 indicating whether the belonging unit 2808 is active. Each unit 2808 further includes a flag field 29〇4 for comparison with the portion of the extracted address 134. If the selected portion 2808 of the index portion of the extracted address 134 is such that the marked portion of the extracted address 134 matches the valid flag 2904', the address 134 is extracted from the BTAC 2802. Each array unit 2808 further includes a target address block 2906 for storing a previously executed branch instruction, a target address including a branch and switch key instruction 900/1200. Each array unit 2808 further includes a use/non-use of a block 29〇8 for storing a branch instruction that has been executed first, including a branch (and/or adopt) direction of branching and switching the secret instruction 900/1200. Each array unit 28〇8 further includes a key register index field 2912 for storing previously executed branch and switch key instructions 900/1200 key register file index 904/1304 records, Will be discussed in detail. According to one embodiment, the BTAC 2802 stores the key register file index 6〇4 record of the previously executed key switch instruction 600 in its key register file index field 2912. Each array unit 2808 further includes a type of stop 2914 indicating the type of command being recorded. For example, the type block 2914 may indicate that the recorded history command is a call, a return, a conditional jump, an unconditial jump, and a branch CNTR2449100-TW/0608-A43129- TW/ Final 56 201203108 and the key exchange command 900/1200 or the key switch instruction 600. Referring now to Figure 30, a flowchart illustrates the operation of microprocessor 100 of Figure 27, wherein microprocessor 1 includes BTAC 2802 disclosed in Figure 28 in accordance with the teachings of the present invention. The process begins at block 3002. At block 3002, the microprocessor 1 executes a branch and switch key instruction 900/1200, which will be detailed below in FIG. Flow then proceeds to block 3004. At block 3004 'The microprocessor 1 配置 configures an array unit 2808 in the BTAC 2802 for the executed branch and handover key commands 900/1200, the direction and target of the branch and handover key command 900/1200. The address, the key register file index 904/1304, and the instruction pattern are respectively recorded in the configured array unit 2808 with/without the intercept 2908, the target address block 2906, and the key register file index. Field 2912' and type field 2914' are used as historical information for the branch and switch key command 9〇0/12〇〇. Flow ends at block 3004. Referring now to Figure 31, a flow chart illustrates the operation of the microprocessor 1 of Figure 27, wherein the microprocessor 1 includes the BTAC 2802 disclosed in Figure 28 in accordance with the teachings of the present invention. The process begins at block 3102. At block 3102, the fetch address 134 is supplied to the instruction cache 1 〇 2 and the BTCA 2802. The flow then proceeds to block 31〇4. At block 3104, the BTAC 2802 is extracted from the address 134, and the BTAC 2802 blocks the target address 29〇6, the adoption/non-use 2908, the key register file index 2912, and the type 2914 of the corresponding array unit 28〇8. The contents are outputted with the target address 27〇6, the adoption/non-use index 27〇8, the key register file index 2712, and the type index 2714, respectively. CNTR2449100-TW/0608-A43129-TW/ Final c7 201203108 is not a type field 2914 for indicating that the stored instruction is a branch and switch key command 900/1200. Flow then proceeds to decision block 3106. At decision block 3106, the key switch logic 2712 determines that the branch and switch key commands 900/1200 are predicted to be employed by the BTAC 2802 by verifying the take/take output 2708. If the use/not output 2708 is displayed, the branch and switch key command 900/1200 is predicted to be employed, and the flow proceeds to block 3112; otherwise, the flow proceeds to block 31〇8. At block 3108, the microprocessor 1 displays, along with the branch and switch key command 900/1200, an indication that the BTAC 2802 is predicting that it is not being used. (In addition, if the branch/switch key instruction is predicted to be employed with/without output 2708, the microprocessor will continue to transmit an indication along with the branch and switch key command 900/1200 at block 3112. Show BTAC 2802 predicts that it will be adopted). Flow ends at 3108. At block 3112, the extracted address generator 164 updates the extracted address 134 with the target address 2706 predicted by the BTAC 2802 at block 3104. Flow then proceeds to block 3114. At block 3114 'based on the key register file index 2712 predicted by BTAC 2802 at block 31 〇 4, the key switch logic 2712 updates the primary secret temporary storage at the location indicated by the record temporary store 124. The key value in the 142. In one embodiment, the secret recording switching logic 2712 will delay the extraction unit 1 〇 4 to extract the blocks within the instruction data 1 〇 6 until necessary, until the primary snippet register 142 is updated. Flow then proceeds to block 3116. At block 3116, the extraction unit 104 continues to extract and decrypt the instruction data ι6 using the new master key register 142 content loaded by block 3114. Flow ends at block 3116. CNTR2449100-TW/0608-A43129-TW/ Final 58 201203108 Referring now to Figure 32, a flowchart illustrates the operation of microprocessor 100 of Figure 27, wherein a branch and switch key instruction 900 is executed in accordance with the techniques of the present invention. /1200. The flowchart of Fig. 32 is similar in some respects to the first scheme flow' and similar blocks are given the same reference numerals. Although the discussion of Fig. 32 is based on the contents of Fig. 10, its application may more consider the branch and switch key instruction 1200 operations described in Fig. 14. The process of Figure 32 begins at block 1〇〇2. At block 1002, decoding unit 〇8 decodes a branch and switch pinch instruction 900/1200' and substitutes it into microcode unit 132 to implement the microcode program for branching and switching key instructions 900/1200. The flow then proceeds to block i〇〇6. At block 1006, the microcode resolves the branch direction (i.e., with/without) and the target address. Flow then proceeds to block 3208. At block 3208, the microcode determines whether the BTAC 2802 provides a prediction for the branch and handover key command 900/1200. If provided, the flow then proceeds to decision block 3214; if not provided, the flow then proceeds to block 1008 of the first diagram. . At decision block 3214, the microcode determines whether the predictions made by BTAC 2802 are correct by using the direction/defects of the BTAC 2802 with/without indicator 2708 and the target address 2706 and the block 1006. If the prediction of BTAC 2802 is correct, then the process ends; otherwise, the flow proceeds to decision block 3216. At decision block 3216, the microcode determines if the uncorrupted BTAC 2802 prediction has been taken. If so, the flow proceeds to block 3222; if not, the flow proceeds to block 1014 of FIG. At block 3222, the microcode repairs the contents of the primary secret register 142 because the BTAC 2802 mistypes the branch and switch cryptographic instructions 900/1200. CNTR2449100-TW/0608-A43129-TW/ Final 59 201203108 Adoption causes block 31 of Figure 31 to load the wrong key value. In one embodiment, the secret record switching logic 2712 includes the storage elements and logic required to repair the master key register 142. In one embodiment, the microcode generates an exception alert to the exception key processor 142 for repairing the master key register 142. In addition, the microcode causes the microprocessor 100 to branch to jump to the x86 instruction following the branch and switch key instruction 900/1200', making the microprocessor 1 new to the branch and switch key instructions 900/1200 The x86 instruction clears 'and clears all microcode in the microprocessor 10 that is new to the microcode of the directory address. The contents that are emptied include all of the instruction byte groups 106 that are read from the instruction cache 1 〇 2 and buffered in the extraction unit 104 and the decoding unit 108 waiting to be decoded. With the branch-to-continuous instruction, the fetch unit 1-4 begins fetching and decrypting the instruction data 106 from the instruction cache 102 using the set of repaired key values in the main key register 142. Flow ends at block 3222. In addition to the security advantages brought by the above-mentioned instruction decryption method implemented by the microprocessor 100, the inventor has developed a suggestion coding guide whose use can be matched with the above embodiment of the method of cutting (four) by the analysis of the instructional actual use amount A hacking attack that develops statistical techniques for encrypting x86 code. First, since the hacker usually assumes that the extracted 16-byte instruction is based on H)6, the full number is X86. Therefore, compared with the program execution flow, the weight should be added between the blocks. fine)". It is also said that its encoding should jump some instruction bits with multiple instructions _ 纟, dense bytes to generate multiple "holes" which can be filled;; appropriate: value = plus pure text bit group entropy value (entropy ). In addition, the entropy value of the text byte can be encoded as much as possible. This is more k liters, 1 J should be "this knows the use of real-time devaluation. CNTR2449100-TW/0608-A43129-TW/ Final 6〇 201203108 In addition, the real-time data value can be used as a false clue to point to the wrong instruction opcode address. The second 'the encoding may include a special nop instruction, including, ignore the "field", filled with appropriate values to increase the above entropy value. For example, the x86 instruction 0x0F0D05xxxxxxxx belongs to the 7-bit N〇p, where the last The four bytes can be any value. In addition, the N[〇p instruction's opcode pattern and its number of "don't care" bytes can be changed. Third, many x86 instructions have the same basic functionality as the other χ86 instructions. The instruction for the equivalent function's code can discard the same instruction repeatedly, use multiple patterns and/or adopt a pattern that enhances the pure text entropy value. For example, 'command 0xC10107 and the command 〇xC1〇〇25 do the same thing. Even some equivalent instructions are presented in versions of different lengths, such as OxEB22 and 0XE90022; therefore, multiple lengths of the same effect can be used for encoding. Fourth, the architecture allows the use of redundant and meaningless opcode prefixes (〇PC〇deprediX), so the encoding can be applied with care to increase the entropy value described above. For example, the deduction order 0x40 and the 〇x2627646567F2F34 的70 are all the same thing. Because there are only 8 secure x86 prefixes, they need to be carefully placed in the code to avoid excessive frequency. Although various embodiments have been described to perform _ and add/subtract operations on the -log value in the value of the main cipher register in the snippet expander, other embodiments may be considered, wherein the snippet expander may be more The operations are performed on the two master key register values, and in addition, the operations performed may be different from the rotation and addition/subtraction operations. In addition, the confidential recording switching instruction (4) disclosed in FIG. 6 and the branching and switching secret recording instruction disclosed in FIG. 9 may have other real CNTR2449100-TW/0608-A43129-T W/ Final '201203108 implementation manner 'for example' The new secret value is loaded into the primary secret register 142 by the secure storage area 122 instead of being loaded by the secret register slot 124, and the branch and switch secret instructions 15 described in FIG. Other implementations store the address of secure storage area 122 with index block 2104. In addition, although various embodiments have been described to adjust the BTAC 2 storage krf index mate branch and switch key command just/丨, there are other implementations for adjusting the BTAC 2702 storage secure storage address to match the branch and switch key command 1500. use. The above-described embodiments of the present invention are intended to be illustrative only and are not intended to limit the scope of the invention. Many variations in form and detail may be made by those skilled in the art of the related art without departing from the scope of the invention. For example, the means, such as the functions, fabrication, modularization, simulation, description, and/or discussion of the devices and methods discussed in this section, can be implemented in a software. Implementations include general-purpose programming languages (for example, C, C++), hardware description languages including Vediog HDL, VHDL, etc., or other available programming tools. The software can be carried on any known computer readable medium, such as a magnetic tape, a semiconductor, a magnetic disk, or a compact disk (eg, Cd_r〇m, dvd_r〇m, etc.), a network, a wired transmission, a wireless or other communication medium. . Embodiments of the apparatus and method may be embodied in a semiconductor knowledge wire (4), such as a microprocessor core (e.g., implemented in muscle)' and may be converted into a hardware implemented in an integrated circuit. Further, the apparatus and method described can be achieved by combining soft and hard materials. Therefore, the scope of the invention should not be limited to any of the embodiments described, which are defined by the following mt claims and their equivalents. The system of the present invention can be implemented by a microprocessor employed in a general purpose computer. It is noted that those skilled in the art may deviate from the CNTR2449100-TW/0608-A43129-TW/ Final 62 and 201203108 scopes defined in the claims, based on the disclosed concepts and specific embodiments, and are designed to modify other architectures. The same effects as the present invention are produced. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram 'illustrating a microprocessor implemented in accordance with the teachings of the present invention; FIG. 2 is a block diagram 'for explaining the extraction unit of FIG. 1 in detail; FIG. 3 is a diagram A flowchart "Operation of the extraction unit of FIG. 2 according to the technology of the present invention; FIG. 4 is a block diagram illustrating the clamping of the first icon buffers according to the technique of the present invention; FIG. 5 is a block diagram A format of a key load instruction is illustrated in accordance with the teachings of the present invention; FIG. 6 is a block diagram illustrating the format of a key switch instruction in accordance with the teachings of the present invention; and FIG. 7 is a flow chart of the present invention. The operation of the microprocessor of FIG. 1 is illustrated, wherein the secret recording switching instruction of FIG. 6 is executed; and FIG. 8 is a block diagram. According to the technology of the present invention, an encrypted cryptic spoon is used for the hidden body 1: The encryption program includes a plurality of 6th picture key switching instructions; the pastoral day] is a block diagram in FIG. 9, and according to the technology of the present invention, a format of the switching performance instruction is illustrated; ', and FIG. 10 is a flowchart. Graphic processor according to the present invention As a flowchart in which the execution of FIG. 9 and the switching key finger = CNTR 2449, 〇〇.TW/〇6〇8.A43129.TW/Final illusion, 201203108, FIG. 11 is a flowchart according to the present invention, The operation of the post-processor is implemented by a software tool, which can be used for post-processing a program and encrypted for execution by the microprocessor of FIG. 1; FIG. 12 is a block diagram illustrating the branching of another embodiment of the present invention. The format of the switching key instruction; FIG. 13 is a block diagram illustrating a block address range table according to the present technology; FIG. 14 is a flowchart illustrating the operation of the microprocessor of FIG. 1 according to the present technology, Wherein the branch and switch key instruction of FIG. 12 is performed; FIG. 15 is a block diagram illustrating the format of the branch and switch key command of another embodiment of the present invention; FIG. 16 is a block diagram of a block diagram according to the present invention Figure 17 is a flow chart illustrating the operation of the microprocessor of Figure 1 in which the branch and switch key instructions of Figure 15 are performed in accordance with the teachings of the present invention; Figure 18 is a flow diagram Figure, diagram Another embodiment of the present invention, wherein the operation of a post-processor is described for the post-processing of a program, and is encrypted by the microprocessor of FIG. 1; FIG. 19 is a flowchart, according to the technique of the present invention, The operation of the microprocessor of Figure 1 is used to cope with a task switching, switching between an encryption program and a plain text program; Figure 20 illustrates a flow chart illustrating the microprocessor of Figure 1 in accordance with the teachings of the present invention. The operation of the executed system software; FIG. 21 illustrates a block diagram illustrating the field of the flag register of FIG. 1 according to another embodiment of the present invention; CNTR2449100-TW/0608-A43129-TW/ Final 64 201203108 Figure 22 is a flow chart illustrating the operation of the microprocessor of Figure 1 using the flag register of Figure 21' for handling a task switch and switching between multiple encryption programs in accordance with the teachings of the present invention; 23 is a flow chart illustrating the operation of the microprocessor of FIG. 1 using the flag register of FIG. 21 for coping with a task switching, switching between multiple encryption programs, in accordance with the teachings of the present invention. Figure 24 is a block diagram showing a single register in the key register file of Figure 1 according to another embodiment of the present invention; Figure 25 is a flowchart, according to another embodiment of the present invention, The operation of the microprocessor of Fig. 1 using the flag register of Fig. 21 and the file of the key register file of Fig. 24 is used to cope with a task switching and switching between multiple encryption programs; Fig. 26 is a flow According to another embodiment of the present invention, the operation of the microprocessor of FIG. 1 using the flag register of FIG. 21 and the key register file of FIG. 24 is illustrated to cope with a task switching and switching to multiple encryptions. Between the programs; Fig. 27 is a block diagram showing other embodiments of the contents of the microprocessor 100 of Fig. 1; Fig. 28 is a block diagram showing the branch target address of Fig. 27 in detail according to the technique of the present invention Cache memory (BTAC); Fig. 29' is a block diagram illustrating the contents of the BTAC units in Fig. 28 in detail according to the technology of the present invention; Fig. 30 is a flowchart showing the 27th according to the technique of the present invention. Graph microprocessor The operation of the BTAC is illustrated in Figure 28; Figure 31 is a flow chart illustrating the operation of the BTAC of Figure 28 in accordance with the technique of the present invention, CNTR2449100-TW/0608-A43129-TW/ Final 65 201203108; Micro-production flow chart 'According to the technology of the present invention, the operation of the 27th micro-processing benefit-branch and switching secret recording instructions; and [main component symbol description] 100~microprocessor; 104~ extraction unit; 108~ decoding unit; 114~Exporting unit; 122~secure storage area; 128~flag register; 134~ extracting address; 144~ control register; 102~ instruction cache; 106~ private data (can be encrypted); 112~execution unit; 118~general register; 124~key register file; 132~microcode unit; 142~main secret register; 148~E bit; 152~key expander; ~ multiplexer; 156 ~ mutual exclusion logic; 164 ~ extraction instruction generator 162 ~ plain text instruction data; ; 172 ~ two sets of keys; Π 4 ~ decryption key; 176 ~ multi-bit binary zero value 178 ~ Output of multiplexer 154; 212~ multiplexer a 214~ multiplexer B; 216~ rotator; 218~addition/subtractor; 234~first key; 236~second key; 23 8~ rotator output; 402~E bit blocker; 302-316~step block; 408~standard x86 mark of multiple bits; 5 00~ secret record load instruction; 5 02~ operation code; CNTR2449100-T W/0608-Α43129-TW/ Final 66 201203108 504- Key register file target address; 506~ secure memory source address; 600~ secret record switching instruction; 602~Operation code; 604~key register file index; 702-708~block step; 800~ Memory usage; 900~ branch and switch key command; 902~ opcode; 906~ branch information; 1102-1106~step block; 1202~ opcode; 13 02~ address range; 1402-1418~ step block; 02~Operation code; 1604~secured memory area address 1714~step block; 904~key register file index; 1002-1018~step block; 1200~ branch and switch key instruction 1300~block address range table: 1304 ~ Key register file index 1500 ~ branch and switch key command 1600 ~ block address range table: 1802-1806 ~ step block; 1902-1944 ~ step block; 2002-2008 ~ step block; 2104 ~ index; 2202-2216 ~ step block; 2302-2316 ~ step block; 2402 ~ eliminated Bit; 2506~step block; 2607, 2609~step block; 2702~ branch target address cache memory (BTAC); 2706~ target address; 2708~ adopt/not use indicator; 2712~key switching logic; 2714~type index; 2716~key register file index; 2802~BTAC array; 2808~BTAC unit; 2902~effective bit; 2904~marker block; CNTR2449100-TW/0608-A43129-TW/ Final 67 201203108 2906~target address; 2908~ adopt/do not use field 2912~key register file index; 2914~type field; 3002-3004~step block; and 3102-3116~step block; 3208-3222~step Square; ZEROS ~ multi-bit binary zero value. CNTR2449100-TW/0608-A43129-TW/ Final 68

Claims (1)

201203108 VII. Patent application scope: 1.  A microprocessor comprising: an instruction cache memory; an instruction decoding unit; and an extraction unit for: (a) extracting instruction data of a block from the instruction cache memory; (b) The data entity performs a Boolean mutual exclusion operation on the block to generate plain text instruction data; and # (c) supplies the plain text instruction data to the instruction decoding unit; in a first state, the block includes encryption Command data, and the data entity is a decryption key; wherein, in a second condition, the block includes non-encrypted instruction data, and the data entity is a binary zero value of a plurality of bits; wherein, the area The instruction data of the block is encrypted or unencrypted, and the time required to execute the above contents (a), (b), and (c) in the first state and the second state is the same. 2. The microprocessor of claim 1, wherein the extracting unit applies an extracting address to the instruction cache memory to extract instruction data of the block from the instruction cache memory. The extracting unit further generates a decryption key by forming a function of the partial content of the extracted address and the plurality of key values during the extraction of the instruction data of the block from the instruction cache. 3. The microprocessor of claim 2, wherein the decryption key is generated in order to use the extracted address and the plurality of key values as functions: the extracting unit is further used for: CNTR2449100-TW /0608-A43129-TW/ Final 69 201203108 based on a first portion of the extracted address, selecting one of the plurality of key values; and rotating the selected pair based on a second portion of the extracted address Recording one of the values; and based on a third portion of the extracted address, adding the rotated key value to the selected another key value, or rotating the key value from the selected another The key value is subtracted to generate the decryption key. 4. The microprocessor of claim 2, wherein, in order to generate the decryption key by using the extracted address and the plurality of key values as a function, the extracting unit is further configured to: according to the extracted address a first part, selecting a first secret value from the plurality of key values; and selecting, according to the first part of the extracted address, a second key value from the plurality of key values; Extracting a second portion of the address, rotating the first key value; and, according to a third portion of the extracted address, selecting to add the rotated first key value to the second key value, or The rotated first key value is subtracted from the second key value to generate the decryption key. 5. The microprocessor of claim 2, wherein the total number of the plurality of key values is K, and the length of each of the decryption key and the plurality of key values is a W byte, and the length is The extracting unit generates a sequence of multiple decryption keys for instruction data of a sequence of a plurality of blocks extracted from the instruction cache memory, wherein the W2* (K) of the plurality of key values of the plurality of key values is generated. !/(2*(K_2)!)) A different combination of decrypted CNTR2449100-TW/0608-A43129-TW/ Final 70 201203108 The sequence of the above multiple blocks. * 6. The microprocessor of claim 1, wherein the extracting unit comprises: a control bit for storing an identifier indicating that the extracting unit is in a decryption mode or a plain text mode; The device includes: an output; a first data input for receiving the decryption key; a second data input for receiving the binary zero value of the plurality of bits; and a selection control input for receiving The value of the control bit, in the first condition, when the value of the control bit corresponds to the decryption mode, the decryption key is used as the output, and in the second condition, the value of the control bit is In the case of the plain text mode, the binary value of the plurality of bits is used as the output; and a mutually exclusive logic includes: a first data input for receiving the output of the multiplexer; Data input for receiving the extracted instruction data of the block; and an output coupled to the instruction decoding unit for supplying the first and second data inputs of the mutual exclusion switch After the exclusive OR operation of the obtained text command data. 7. The microprocessor of claim 6, wherein the first data input of the multiplexer is from: a first multiplexer, according to a first part of an extracted address, CNTR2449100-TW/0608 -A43129-TW/ Final 71 201203108 Select a first key value from the key values; a second multiplexer selects a first number from the plurality of key values according to the first part of the extracted address a second key value; a rotator that rotates the first key value according to a second portion of the extracted address; and an operation unit that selects the rotated portion based on a third portion of the extracted address A key value is added to the second key value, or the rotated first key value is subtracted from the second key value to generate the decryption key. 8.  An operating method for operating a microprocessor having an instruction cache memory, the method comprising: (a) extracting a block of instruction data from the instruction cache; (b) The entity performs a Boolean mutual exclusion operation on the block to generate plain text instruction data; and (c) supplies the plain text instruction data to an instruction decoding unit; wherein, in a first condition, the block includes Encrypting the instruction data, and the data entity is a decryption key; wherein, in a second condition, the block includes non-encrypted instruction data, and the data entity is a binary zero value of a plurality of bits; The command data of the block is encrypted or unencrypted, and the time required to execute the above contents (a), (b), and (c) in the first state and the second state is the same. 9.  The method of claim 8, wherein the step of extracting the block from the instruction cache includes applying an extraction address to the instruction cache, the operation method further comprising: CNTR2449100- TW/0608-A43129-TW/ Final 72 201203108 The decryption key is generated by the function of the part of the extracted address and the plurality of key values; wherein the decryption key is generated from The instruction cache memory is executed during the period in which the instruction data of the block is extracted. 10.  The method of claim 9, wherein the step of generating the decryption key by using the extracted address and the plurality of key values as a function comprises: selecting a first part based on the extracted address One of the plurality of key values; rotating one of the selected pair of key values based on a second portion of the extracted address; based on the third portion of the extracted address, rotated The key value is added to the selected other key value, or the rotated key value is subtracted from the selected other key value to generate the decryption key. 11.  The operation method of claim 9, wherein the step of generating the decryption key by the function formed by the extracted address and the plurality of key values is for instruction data of a plurality of consecutive blocks Generating a valid decryption key length of the W2* (K!/(2*(K-2)!)) byte, wherein the decryption key and the plurality of key values each have a length of W bytes And the total number of the above plurality of key values is Κ. 12 - a microprocessor, comprising: an instruction cache memory; an extraction unit extracting a sequence of multiple blocks in an encryption program from the instruction cache memory according to a sequence of multiple extraction address values The encryption instruction, wherein, when extracting each block of the sequence, the extracting unit further uses CNTR2449100-TW/0608-A43129-TW/ Final 73 201203108 to extract a plurality of key values in the extracting unit and extract the extracted address of the block Part of the value is a function for generating a decryption key to decrypt the encrypted instruction for extracting the block; and a key switching instruction for extracting the plurality of regions of the sequence from the instruction cache memory At the time of the block, the microprocessor is instructed to update the plurality of key values in the extracting unit. 13.  The microprocessor of claim 12, wherein the extracting unit supplies a valid decryption key length for decrypting the encryption program, wherein the effective decryption key length depends on the plurality of key values. a total amount, and a manner in which the extracting unit generates the decryption key, wherein an operation of updating the plurality of key values in the extracting unit with the key switching instruction within the encryption program expands the effective decryption key length To make it beyond the length of the innate supply. 14.  The microprocessor of claim 13, wherein the extended decryption key length is as long as the encryption program. 15.  The microprocessor of claim 12, further comprising: a temporary register file storing a plurality of sets of key values; wherein the secret record switching instruction indicates an index value indicating the above-mentioned register file The position of one of the sets of key values, the microprocessor switches the index value indicated by the key, and the set of key values indicated by the index value is updated in the extracting unit for generating The plurality of key values of the decryption key described above. 16.  The microprocessor of claim 12, wherein the microprocessor comprises a pipeline, the pipeline comprising: an execution unit located behind the extraction unit; CNTR2449100-TW/0608-A43129-TW/ Final 74 201203108 The first and the second non-encrypted fingers and: the middle: the Γ=element extracts and decrypts the -first-one-plus-add command of the encrypted program, and obtains a first command; the secret t L if the recorded switching instruction is executed The first line of decryption is replaced by a second decryption key, and the second decryption key is used to decrypt the second encrypted finger. 17. For example, as described in item 16 of the patent application; «The device is new in the order of the new ribs;; The microprocessor of claim 12, further comprising: microcode for implementing the key switching instruction. [2] The microprocessor described in the 12th patent scope, wherein the processing of the 岐 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Taking the memory-micro-processing benefits, the operation method includes: = causing the cache memory to extract a plurality of bits in a program and using - the first-decryption secret to the complex non-encrypted finger: = a decryption key Substituting a second decryption key, describing the execution of the plurality of first-non-encrypted instructions--the rib-changing instruction; extracting the second and second plurality of the program from the instruction cache memory and using the second The decryption key is decrypted into a plurality of numbers; force 21. For example, the operator CNTR2449100-TW/0608-A43129-TW/Final 75 / , as described in the second paragraph of the patent application scope, wherein, the 201203108 key switching instruction indicates an index value to indicate a temporary a location of the file archive, wherein the step of replacing the first decryption key with the second decryption key comprises loading the second decryption key from a location of the register file indicated by the index value Into the microprocessor one extracts 〇0 — early 兀. twenty two.  The method of operation of claim 20, wherein the step of extracting the second encrypted instructions comprises skipping to an instruction subsequent to the key switching instruction in the program sequence. twenty three.  The operating method of claim 20, wherein the program comprises a first block of consecutive instructions and a second block of consecutive instructions, wherein the first block of consecutive instructions comprises the first Encrypting instructions, and the second block of consecutive instructions includes the second encrypted instructions, wherein the first block of consecutive instructions is encrypted with the first decryption key, and the second block of consecutive instructions is the second decrypted secret Key encryption, wherein the key switching instruction is the last instruction of the first consecutive instruction. twenty four.  An operating method for operating a microprocessor, the method comprising: extracting an encrypted instruction of a sequence of a plurality of blocks in an encryption program from a sequence of multiple extracted addresses of an instruction cache; When extracting each block of the sequence, a plurality of key values and a part of the extracted extracted address of the block are used as a function to generate a decryption secret record, and for each block extracted in the sequence, Decrypting the encrypted instruction therein by the corresponding generated decryption key; and executing a key switching instruction between the blocks in which the sequence is extracted, wherein CNTR2449100-TW/0608-A43129-TW/ Final 76 201203108 The step of switching the instructions includes updating the key values used to generate the decryption key. 25.  The method of operation of claim 24, wherein the key switching instruction is a decrypted instruction obtained by decrypting an encrypted instruction of one of the blocks from which the sequence is extracted. 26.  The method of operation of claim 24, wherein the function formed by the key values and the partial values of the corresponding extracted addresses innately provide a valid decryption key length for decrypting the encryption. a program, wherein the size of the effective decryption key length is dependent on the total amount of the key values and the operation method of generating the decryption key, wherein updating the key value in the key switching instruction will expand the The effective decryption key length exceeds the innate size. 27.  The method of operation of claim 26, wherein the extended effective decryption key length is as long as the encryption program. 28.  The method of operation of claim 24, wherein the key switching instruction indicates that an index value indicates a location in the microprocessor that holds the key values for performing the updating step. 29 - A microprocessor comprising: an extracting unit that extracts and decrypts a branch and switch key instruction using the first decryption key data; and microcode for: not in the direction of the branch and switching key instructions In the case of using, the extracting unit extracts and decrypts the splicing instruction after the branch and the switching key instruction with the first decryption key data; and the condition that is adopted in the direction of the branch and the switching key instruction CNTR2449100-TW /0608-A43129-TW/ Final 77 201203108, the extracting unit causes the extracting unit to extract and decrypt a target instruction of the branch and switching key instruction with the second decryption key data different from the first decryption key data. 30.  The microprocessor of claim 29, wherein if the branch and the direction of the handover key instruction are used, the microcode further causes the extraction unit to decrypt the target instruction with the second decryption key data. Previously, the extraction unit is updated, and the extraction unit uses the second decryption key data described above instead of the first decryption key data. 31.  The microprocessor of claim 29, wherein the branch and switch key instructions indicate the second decryption key data in the microprocessor if the branch and the direction of the switch key command are used. Store the location for loading by the extraction unit. 32.  The microprocessor of claim 29, wherein if the branch and the direction of the handover key command are used, the microcode further determines the second decryption key data based on the memory address of the target instruction. A storage location within the microprocessor for loading by the extraction unit. 33.  The microprocessor of claim 32, wherein the microcode is stored in the memory in order to determine the storage location of the second decryption key data in the microprocessor according to the memory address of the target instruction. The body address queries a table within the microprocessor that records a mapping of the memory address range to the storage location within the microprocessor. 34.  The microprocessor of claim 33, wherein the storage location of the microprocessor is designed in a register of the microprocessor or in a random access memory. 35. The microprocessor of claim 29, wherein the CNTR2449100-TW/0608-A43129-TW/ Final 78 201203108 microprocessor performs the branch and switch key instructions in atomic form. The microprocessor of claim 29, wherein, before decrypting the branch and switching the secret recording command, based on extracting the branch and switching the password command, the extraction port p is in the valley, generating and decrypting The key; the second branch branch and the switch secret record instruction are implemented: Lin: the decryption secret record calculated by the student is 37. The operation method is as follows: the operation method includes: adding, extracting, decrypting, and decrypting a branch and switching the secret branch and switching the secret recording instruction is not adopted, based on The above-mentioned number: r and decrypting the branch and switching the branch of the (four) instruction and switching the secret recording data - and decrypting the operation method of claim 37, wherein the data of the secret data is An extraction unit executes, and the direction of the first untwisting instruction is adopted, and the operation branch is more = branch and switching secret 201203108 ... except for the above-mentioned first application for the transfer of 37 items The operation method, wherein the direction of switching the secret command is performed by cutting: =::: only the 解密 of the second decryption key data in the processor is loaded by the extracting unit. The memory address of the target instruction determines the first-storage location for the extraction unit to load into the upper ϋ, (4) the scope of the patented method described in item 40, in the basin, according to the upper track of the order The position of the body position == The position of the position is based on the above. Having a hidden object address querying a range of address ranges in the microprocessor to a location of the microprocessor's storage location, the recording device is operated as described in claim 41 of the patent scope The storage location is located in the micro, in the random access memory. .  Temporary savings or a 43.  The execution of the operation and branch key instructions as described in claim 37 of the patent application is performed by the microprocessor.  For example, the operation described in claim 37 of the patent scope: the step of decrypting the branch and switching the key instruction, the second part of the data =::= and the part of the content of the edge address for extracting the branch:: Decrypt the password.   CNTR2449100-TW/0608-A43129-TW/ Final 80 201203108 II===:=, the branch and the switch to the age of the implementation of the Bolinian mutual mobilization i Λ 4 read the branch disk: add; method, used for encryption A program for decrypting one or two: Γ microprocessor execution ' 'The encryption method includes: a destination file of the program, the non-encrypted program is cautious: ": the target address of the traditional branch instruction Before the micro-port t» is bound to the program, the program is determined; the block information is obtained to obtain block information, and the block information is divided into a sequence of blocks, wherein each block includes a sequence of multiple instructions. The block information further includes the encryption key data of each block, wherein the encryption key data of each block is not the same; the target address in the traditional branch instruction is not in the same block as itself, and the branch is The switch key instruction is replaced; and the program is encrypted based on the block information described above. The encryption method of claim 45, wherein the branch and switch key instructions each indicate a storage space in the microprocessor to store the block in which the target address of the branch and switch key command is located. Encrypt key data. 47. The encryption method of claim 45, wherein the step of encrypting the program according to the block information comprises: for the instruction data of each block in each block, based on the encrypted key data of the belonging block and the associated block one Part of the memory address generates an encryption key; and the Boolean mutual exclusion CNTR2449100-TW/0608-A43129-TW/ Final 81 201203108 is performed on the corresponding block that is generated by the added secret transmission. 48.  An encryption method for encrypting a program for later execution by a microprocessor for decrypting and executing the encryption program, the encryption method comprising: receiving a destination file of an unencrypted program, the non-encrypted program including a traditional branch instruction, The target address of the above traditional branch instruction can only be determined when the microprocessor executes the program; the program is analyzed to obtain block information, and the block information divides the program into a sequence of multiple blocks, wherein each block includes a sequence a plurality of instructions, wherein the block information further includes encryption key data of each of the foregoing blocks, wherein the encryption key data of each block is not the same; and the traditional branch instructions are each replaced by a branch and a handover key instruction; The program is encrypted based on the above block information. 49.  The encryption method as described in claim 48, further comprising: including the block information in the destination file, to load the microprocessor before the microprocessor executes the program. 50.  The encryption method of claim 49, wherein the block information loaded in the destination file and loaded into the microprocessor before executing the program indicates that each of the blocks is stored in the microprocessor. Space to store the above-described encryption key data for each of the above blocks. 51.  The encryption method according to claim 48, wherein the step of encrypting the program based on the block information comprises: encrypting key data of the belonging block and the belonging block according to the instruction data of each block of each of the blocks Part of the content of a memory address generates an encryption key; and CNTR2449100-TW/0608-A43129-TW/ Final 82 201203108 uses the generated encrypted secret record to perform a mutually exclusive operation on the corresponding block . . 52. A microprocessor, comprising: a temporary register having a bit, wherein the microprocessor is configured to set the bit; and an extracting unit for extracting an encrypted instruction from an instruction cache memory, and Decrypting the encrypted instruction before executing the encryption instruction to return to the operation of setting the bit by the microprocessor; wherein the microprocessor stores the value of the bit to a memory and then clears the bit in response Receiving an interrupt event; wherein, after the microprocessor clears the bit, the extracting unit extracts the non-encrypted instruction from the instruction cache, and executes the non-encrypted instruction without decrypting; wherein the microprocessor The memory stores the previously stored value to repair the bit of the register in response to the operation returned from the interrupt instruction; wherein, if it is determined that the value of the bit restored is the set state, the extracting unit will Start extracting and decrypting the encrypted instructions again. 53.  The microprocessor of claim 52, wherein the bit of the register is a reserved bit of the x86 architecture flag register. 54.  The microprocessor of claim 52, wherein: if the bit is set, in order to decrypt the encrypted instruction, the extracting unit performs a Boolean mutual exclusion operation on the encrypted instruction with a decryption key; and if the bit is The element is cleared, and the extracting unit performs a Boolean mutual exclusion operation on the non-encrypted instruction by using the binary zero value of the multi-bit. 55.  The microprocessor of claim 52, wherein CN D2449100-TW/0608-A43129-TW/Fina丨83 201203108 is used to execute a system software receiving and executing a first instruction with an encryption instruction A request of the program, and in the case where a second program having an encrypted command is being executed by the microprocessor, the first program is executed after the second program is executed. 56.  An operating method for operating a microprocessor having an instruction cache and a register, the method comprising: causing a bit of the register to be set, and then caching memory from the instruction Extracting the encrypted instruction and decrypting the encrypted instruction before executing the encrypted instruction; storing the value of the bit in the architecture register, and then clearing the bit to respond to the received interrupt event; After the bit, the non-encrypted instruction is extracted from the instruction cache, and the non-encrypted instruction is executed without decryption; the bit of the register is repaired with the previously stored value in response to the operation returned from the interrupt instruction; And if it is determined that the value after the repair of the bit is the set state, the above operation of extracting, decrypting, and executing the encryption instruction is resumed. 57.  The method of operation of claim 56, wherein the bit of the architecture register is a reserved bit of the x86 architecture flag register. 58.  The operation method of claim 56, wherein: if the bit is set, the step of decrypting the encrypted instruction comprises performing a Boolean mutual exclusion operation on the encrypted instruction by using a decryption key; and if the bit is Clearing, the above operation of decrypting the non-encrypted instruction includes performing the Boolean mutual exclusion on the non-encrypted instruction by the binary zero value of the multi-bit CNTR2449 丨00-TW/0608-A43129-TW/ Fina丨84 201203108. " 59. The method of operation of claim 56, further comprising: receiving a request for executing a first program having an encrypted instruction; and if the microprocessor is executing a second program having the encrypted instruction, Wait until the second program is executed before executing the first program. 60.  a microprocessor comprising: a register having a bit; and an extracting unit; wherein, upon receiving a request to interrupt the executing program, the microprocessor stores the value of the bit, wherein the bit The meta indicates that the executing program is encrypted or unencrypted; wherein the microprocessor repairs the bit with the previously stored value and re-extracts the interrupted program as an executing program in response to the operation returned from the interrupt instruction; If the value of the bit repaired is the set state, the microprocessor repairs the decryption key value before re-extracting the interrupted program, and decrypts the extracted instruction with the repaired decryption key value; The repaired value of this bit is cleared. The microprocessor does not repair the key value and does not decrypt the extracted instruction. 61.  The microprocessor of claim 60, wherein the bit is a bit of an x86 architecture flag register. 62.  The microprocessor of claim 60, wherein the microprocessor stores the value of the bit in a memory, wherein the microprocessor retrieves previously stored values from the memory Used to repair the CNTR2449100-TW/0608-A43129-TW/ Final 85 201203108 bit. --...-A μ patent range of the 60th item of the financial == secret_value decryption extracted 4, extract the second two microprocessors "multiple W please special ===, in order to repair the decryption key value, the micro The processor from the second, the secret record value manned - temporarily flipped, its towel force 70 cattle will decrypt the decryption key value of each encryption program; the stored complex is to store the decryption secret of the program being executed The value of the piracy case is micro-required. If the storage element does not have enough free space to execute the above new encryption program, the storage device is free to include a paper-based operation method for operating a micro-processing. The operation μ stores the value of the microprocessor-bit in response to a request for interrupting the execution of the program, wherein the program to which the bit is located is encrypted or unencrypted; The operation returned by the interrupt instruction will first: repeat the bit ' and re-extract the interrupted program such as === CNTR2449I0Q-TW/0608-A43129-TW/ Final 86 201203108 If the value after the bit is fixed is the set state, Re-extracting the decrypted shape after the middle=fixed repair 'It is, the decryption 67. The operation of the operator as described in claim 66: the step of storing the value of the bit includes the number of the bit: '2, the second step of repairing the bit with the previously stored value includes the memory of the space The previously stored values are restored to the bit. The steps of the method described in step 2 include self-repairing. The instruction of the decrypted secret is used to make the Mutual exclusion of the extracted instruction. The value is deducted by the value----------------------------------------------------- ^ Yun ^ Included in multiple digits of the second 69.  As described in the scope of the patent application "6: the above step of repairing the decryption key value, wherein the key value is loaded into a temporary file, wherein the storage element decrypts the decryption key value of the secret encryption program, ^ = save 70 pieces of stored encryption = decryption of the encryption program: :: slot is stored 70.  If the value of the patent application scope receives a new method of executing the new encryption program, the method further includes: if the storage element does not have the decryption key value of the free program, wait for the new addition space of the two or two sub-parts. Execute the new encryption process ^70 is sufficient from CNTR2449100-TW/0608-A43129-TW/ Final g? 201203108 71.  a microprocessor comprising: a storage component comprising a plurality of locations for storing decryption key data of an encryption program; a control register comprising a field indicating the plurality of locations of the storage component Corresponding to an encryption program in execution, wherein the microprocessor repairs the previously stored value of the field from the memory to the control register to respond to the operation returned from the interrupt instruction; an extracting unit, extracting execution Encrypting instructions of the encryption program, and decrypting the stored decryption key data at the location indicated by the storage element with the value restored by the field. 72.  The microprocessor of claim 71, wherein the microprocessor further sets the control register to indicate that the microprocessor is configured to perform a new encryption program. The location where the decryption key data is stored for the new encryption program. 73.  The microprocessor of claim 72, wherein the microprocessor further loads the decryption key data of the new encryption program into a corresponding configurator in the locations, and corresponding configurations from the locations Load the extraction unit. 74.  The microprocessor of claim 71, wherein the storage element comprises a temporary file or a memory, wherein the plurality of locations of the storage element each comprise a temporary storage device to store decryption key data. Or a memory location stores decryption key data. 75.  The microprocessor of claim 71, wherein the extracting unit performs the extracted encrypted instruction data with the decrypted key data stored at the position indicated by the storage element with the value of the field repaired. Cloth CNTR2449100-TW/0608-A43129-TW/ Final 88 201203108 Forest mutual exclusion operation to decrypt the extracted encrypted instructions. ' 76. The microprocessor of claim 71, wherein the control register comprises an x86 architecture flag register for repairing the above fields. 77.  The microprocessor of claim 71, wherein, in response to the operation returned by the self-interrupting instruction, if the value of the field repaired in the field is set at a position associated with the location indicated by the storage element, The microprocessor issues an abnormal alert before the extracting unit decrypts the extracted encrypted command. 78.  The microprocessor of claim 77, wherein the error is abnormal, and the microprocessor reloads the decryption key data of the executing encryption program before the extracting unit decrypts the extracted encryption instruction. The value after the repair of the block is at the position indicated by the storage element. 79.  The microprocessor of claim 77, wherein the bit is set to a set state to display an encryption program to be restarted on the storage element before the operation returned by the self-interrupt instruction is executed. The decryption key data stored in the corresponding location has been overwritten. 80.  The microprocessor of claim 79, wherein the location overwrite condition in the storage element occurs when the microprocessor starts executing a new encryption program, but the storage element does not have sufficient free space to store the When the new encryption program decrypts the key data. 81.  The microprocessor of claim 79, wherein the location overwrite condition of the storage component occurs when the microprocessor responds to the abnormality alert, and re-loads the decryption key data corresponding to the executed program into the field. The repaired value is at the position indicated by the storage element. 82.  The microprocessor of claim 71, wherein the CNTR2449100-TW/0608-A43129-TW/ Final 89 201203108 microprocessor further executes the system software to: receive a request to execute a new encryption program; When the free space in the component is insufficient to store the decryption key data of the new encryption program, the new encryption program is executed until the storage element is supplied with sufficient free space. 83.  An operating method for operating a microprocessor having a control register and a storage component, wherein the storage component has a plurality of locations for storing decryption key data of an encryption program, the operation method comprising: A field of the control register is repaired with the value of the field previously stored in the memory in response to the operation returned from the interrupt instruction, wherein the value of the field indicates the encryption program being executed in the storage element a plurality of locations; extracting an encrypted instruction of the executing encryption program; and using the field-repaired value, the stored decryption key data at the location indicated by the storage element decrypts the extracted encrypted instruction. 84.  The operation method as described in claim 83, further comprising: before decrypting the extracted encryption instruction, the value of the field repaired by the field is stored at the location indicated in the storage element, and the stored decryption key data Loading an extracting unit of the microprocessor. 85.  The method of operation of claim 83, further comprising: configuring one of a plurality of locations on the storage element to store decryption key data of a new encryption program required to be executed by the microprocessor; setting the control The value of the field in the register to indicate the location of the configuration step configured in the storage element; Loading the decryption key data of the new encryption program into the above configuration step CNTR2449100-TW/0608-A43129-TW/ Final 90 201203108 The position configured in the storage element. 86.  The method of claim 83, wherein the step of decrypting the extracted encrypted instruction comprises storing the decrypted key data pair at a position indicated by the storage element with the value restored by the field. The extracted encrypted instructions perform a Boolean mutual exclusion operation. 87.  The operation method as described in claim 83, further comprising: responding to the operation returned by the self-interrupting instruction, if the value of the repaired position of the block is set at a position associated with the position indicated by the storage element, An exception alert is issued before decrypting the extracted encrypted command. 88.  For example, the operation method described in claim 87 includes: returning an abnormal warning, re-loading the decryption key data of the executing encryption program into the field after decrypting the extracted encryption instruction. The value is at the location indicated by the storage element. 89.  The operation method as described in claim 87, further comprising: before the execution of the operation returned from the interrupt instruction, overwriting the decryption secret stored in the position corresponding to the encrypted program to be restarted on the storage element Key data; The bit is set to indicate that the overwrite operation occurred. 90.  The method of operation of claim 89, further comprising: determining that the storage element does not have sufficient free space for a new encryption program to be executed by the microprocessor; wherein, in response to the determining, the storage element does not exist A step of free space to overwrite the location within the storage unit to the new encryption program. 91.  For example, the operation method described in claim 89, wherein CNTR2449100-TW/0608-A43129-TW/ Final 91 201203108 often alerts the value of the decryption secret bit corresponding to the executed program in the overwrite mode. Store the location indicated by the component. 92. For example, the operation method described in claim 83 includes: receiving the requirement of executing a new encryption program; and = storing the component does not have enough free space to store the new encryption process and verifying the data until The new encryption method is implemented by the free space in which the dependent component can be judged. 93. A microprocessor comprising: a disk switching target address cache (4) 'recording a previously executed branch', and a historical information of a keying order, wherein the historical information includes a target of the branching and switching key instruction The address and the identifier, the above-mentioned branch of the branch is associated with a plurality of secret memory associated with the switch difficulty command, and an extracting unit coupled to the branch target address cache is used to: ^ extract the previously executed branch and When the key instruction is switched, the branch target address cache is forwarded by the memory, and the target address and the identifier of the extracted branch and switch key instruction are received from the branch target address cache. And 加密 extracting the encrypted instruction data according to the received target address, and the encrypted instruction data taken according to the plurality of secret wheel values indicated by the received identifier, in response to the received prediction. 94. The microprocessor according to claim 93, wherein the extracting unit scrambles the extracted encrypted instruction data and the decryption key 2 CNTR2449100-TW/0608-A43129-TW/ Final 92 201203108 Wherein the decryption key is generated by a function of a key value indicated by the received identifier '. 95.  The microprocessor of claim 93, wherein the identifier comprises an index indicating a location within a register file for storing a key value. 96.  The microprocessor of claim 95, wherein the extracting unit further comprises: a master key register file, storing a plurality of key values required by the extracting unit to decrypt the extracted encrypted command data And a key switching logic coupled to the branch target address cache memory and the master key register file, based on the index received from the branch target address cache memory, the index is in the The plurality of key values stored in the location indicated by the register file are used to update the master key register file. 97.  The microprocessor of claim 96, wherein the microprocessor subsequently repairs the master key if the branch target address cache does not correctly predict the extracted branch and switch key instructions. The value of the scratchpad file is the value before the update. 98.  The microprocessor of claim 93, wherein the branch target address cache further records historical information of previously executed conventional branch instructions, wherein the branch and switch key instructions are. The historical information of the traditional branch instruction includes a type index indicating whether the recorded instruction belongs to a branch and switch key instruction or a traditional branch instruction. 99.  The microprocessor of claim 93, wherein the extracting unit generates an extracting address for extracting an instruction from an instruction cache, wherein the extracted address is further used to access the branch target bit. Address cache CNTR2449100-TW/0608-A43129-TW/ Final 93 201203108 Recall. 100.  The microprocessor of claim 93, wherein the historical information further includes a previously executed branch and switch key instruction adoption/non-use index, if the branch target address cache provides the memory Adopting/not using indicators to predict that the currently extracted branch and switch key instructions will be used, in response to the received prediction, extracting the encrypted instruction data on the received target address with the extraction unit and based on the received identification The multiple key values indicated by the token are decrypted. 101.  The microprocessor of claim 93, wherein the microprocessor, if the microprocessor subsequently determines that the branch target address cache has correctly predicted the extracted branch and switch key instructions, the microprocessor Free of emptying the pipeline itself. 102.  The microprocessor of claim 93, wherein if the microprocessor executes a branch and switch key instruction, and determines that the branch target address cache cannot predict the extract unit to the branch Switching the operation of the key instruction, the microprocessor will: clear the pipeline itself; extract the encrypted instruction data according to a target address indicated by the branch and the handover key instruction; and according to the indication indicated by the branch and the handover key instruction The key value decrypts the extracted encrypted instruction data. 103.  The microprocessor of claim 93, wherein the branch target address cache further stores historical information of a previously executed key switching instruction, wherein the historical information of the key switching instruction includes An identifier that identifies a plurality of secret CNTR2449100-TW/0608-A43129-TW/Fina丨94 201203108 key values associated with the associated key switch instruction, where either the branch and switch key commands or key switch The instructions include type indicators to indicate whether the recorded instruction belongs to a branch and switch key command or a secret record switch command. 104.  An operating method for operating a microprocessor, the operating method comprising: recording historical information of a previously executed branch and switching key instruction in a branch target address cache register, wherein the historical information includes The recorded branch and the target address of the switch key instruction and the identifier, the identifier indicating a plurality of key values associated with the branch and switch key instructions; extracting the previously executed branch and switch key command Receiving, by the branch target address cache, a prediction made by the cache memory, and receiving, from the branch target address cache memory, the target address and the identifier of the extracted branch and switch key instruction; The received target address extracts the encrypted instruction data and decrypts the extracted encrypted instruction data based on the plurality of key values indicated by the received identifier in response to the received prediction. 105.  The operation method of claim 104, wherein the step of decrypting the extracted encrypted instruction data is to perform a mutually exclusive operation of the extracted encrypted instruction data and a decryption key, wherein the decryption key A plurality of key values indicated by the received identifier are generated as a function. 106.  The method of operation of claim 104, wherein the identifier comprises an index indicating a location within a temporary file for storing a key value. CNTR2449100-TW/0608-A43129-TW/ Final 95 201203108, the operator mentioned in the scope of claim 1G6 uses a main wheel register file to store and decrypt multiple key values required to extract more extensive data. And the order number of the branch target address cache memory is pure, and the number is two more ===:= stored in the plurality of cipher predictions. ^The main money temporary storage benefit case' in response to the above-mentioned receipts: · As described in the application method of the m-th patent scope, the prediction of the extracted key instruction by the branch target address cache memory Incorrect, then fix the value of the above primary key to the value before the update. ^After the case of the case, please refer to the operation method described in the patent (4) 1 () 4, including: in the branch target address block, the memory record is recorded in the previous execution: the historical information of the commander 'where' Whether it is the branch and switch secret record or the historical information of the traditional branch instruction, it includes the type index, and the instruction indicating the record belongs to the branch and switch key command or the traditional: the command. 110. For example, in the method of operation described in claim 104, a packet 3 is generated for extracting the memory from an instruction cache and accessing the branch target address cache memory with the extracted address. 111. For example, the operation method described in claim 104, wherein the historical information further includes the previously executed branch and switching key refers to CNTR2449100-TW/0608-A43129-TW/ Final 0ή day 201203108 for the unknown indicator 'if The prediction of the target position received by the branch target address cache is as follows: The operation method includes extracting the identifier of the target = the operation method described in item 1 (4) of the patent scope, and includes.  Correct: := After: Set the branch target address to cache the memory of the processor pipeline. Change the secret command and omit the emptying: 113. For example, the operation method described in the first claim 4 of the patent scope further includes executing a branch and a switch key instruction; the branch target address cache memory cannot predict the operation of the branch and the knife change record command, and then executes : /, clearing the pipeline of the microprocessor; extracting the encrypted instruction data according to the - target address indicated by the branch and the switching secret instruction; and & decrypting the plurality of secret value values indicated by the branch and the switching secret Extracted encrypted instruction data. 114. For example, the operation method described in claim 104 of the patent application includes the historical information of the previously recorded secret knives and instructions of the memory of the aging target address cache. The above historical information of the 'secret switching instruction includes The identifier is used to indicate the multi-key value associated with the associated secret switching instruction, whether it is branching or switching the pure order or the secret recording CNTR2449100-TW/0608-A43129·Τ\ν/ Final 〇7 201203108 The switching instructions all include a type indicator indicating whether the recorded instruction belongs to a branch and switch key instruction or a key switching instruction. CNTR2449100-TW/0608-A43129-TW/ Final 98