UA46064C2 - COMMUNICATION SECURITY CHIP - Google Patents

Abstract

The invention relates to a security chip (SC) which is disconnected from application hardware (AHW) and only connected to the application hardware (AHW) by way of a DMA interface (DS) and a command interface (CBS). The security chip (SO) has its own processor (P) and a plurality (VZ) of independent algorithm modules (AMi) for carrying out symmetric encryption algorithms (SV) and/ or asymmetric encryption algorithms (AV). All components of the security chip (SC) being connected via a bus (IB) inside the chip. The methods for encryption management and for cryptographic user data processing are carried out together on the security chip (SO) and consequently the security features of said chip (SO) are considerably improved in relation to known arrangements.

Description

Description of the invention

To ensure communication security, for example, during data exchange or voice communication, 2 cryptographic algorithms are used to encrypt the communication data directly. Various algorithms are used, for example, to ensure the confidentiality and authenticity of transmitted data or communication partners.

Therefore, there is a need for security chips that perform cryptographic encryption for various IT applications.

There are already application-specific security modules, for example, a security module designed 70 for secure telefax transmission (Siemens, O5M-Rach, secure fax transmission, scope

Siemens - "Security technology") or for encryption of telephone conversations (Siemens, OZM-Moiise-Teierpopipo ip

Sopiidepse, field of activity of Siemens - "Security technology"; I tsiz Surneg, ІС-1 Digital speech encoder for protected against eavesdropping telephone calls).

In addition, there are special chip cards and coprocessors designed for asymmetric crypto-algorithms (15-AKINEII, RgodyKkie/Zuziete, pp. 7 - 17 to 7 - 18, April 1993). 7 - 17 to 7 - 18, April 1993).

There are also other security microcircuits in which either a symmetric crypto-algorithm is implemented - with hardware support, or an asymmetric crypto-algorithm - only with software support, or vice versa (I. Soidrega "A new encryption strategy that uses hardware and software to protect data in public communication networks "connection". EIesigopis Yuevidp, p. 39 - 40, March 1995; 0. Erepgptagai "Two new crypto products of Siemens: a controller for cards with a built-in microcircuit 5IE44C200 and a co-processor

ZI E44SR2, processors for asymmetric algorithms", I5-AkKktsei, p. 7 - 17 - 7 - 18, April 1993).

The disadvantage of these well-known security modules is their limitation to only very specific applications.

First of all, it is only an asymmetric data encryption algorithm on one separate security chip, or only symmetric data encryption on a chip, in both cases - with direct hardware support. with

This limitation is the cause of another shortcoming of the previous solutions - information critical to security in the computing unit implementing the encryption algorithm is partially transmitted over the unprotected bus of the computing unit, for example, when managing cryptographic keys and transmitting useful data, and therefore can be intercepted.

The task of this invention is to create a security microcircuit that does not have the above-mentioned disadvantages. M

In this invention, this task is performed with the help of a security microcircuit in accordance with clause 1 Ge) of the claims.

The aforementioned security microcircuit is completely decoupled from the connected hardware and can be "queried" only through the data interface and the command interface. Since the security microcircuit contains its own processor, its own internal bus of the microcircuit, to which the connected hardware devices do not have access, as well as various 3o algorithmic modules that implement various security measures, according to asymmetric and symmetric algorithms, the security microcircuit is universally applicable and does not provide any safety-relevant information to connected hardware.

Thus, connected hardware and application software can be introduced, configured and agreed to without compromising the security of various cryptographic functions performed with 70 algorithmic modules. c Thanks to the improvement of the security microcircuit in accordance with clause 5 of the claims, it becomes possible

From" to recognize tampering with the connection to the security microcircuit and, if necessary, respond to them by erasing all data.

Methods of improvement according to this invention follow from the corresponding claims.

A preferred embodiment of the invention is shown in the figures and described in more detail below. shk At the same time:

Ge») Figure 1 - a sketch of a possible layout of a security microcircuit;

Figure 2 - block diagram of possible algorithmic modules; o Figure C - layout of a safe timer.

Gee! 20 With the help of Figures 1-3, the invention is explained in more detail.

Figure 1 shows the layout of the security microcircuit 50. The security microcircuit C contains at least the following components: processor P; a set of M7 independent algorithmic modules Ati, which ensures the implementation of encryption algorithms; 29 memory device 5P;

ГФ) data interface O5, independent of the performance of the processor P; I use a safe B5 command interface that connects either to the microcircuit's own internal data bus, or directly to the P processor; its own internal data bus OB microcircuit, through which the M7 set of independent algorithmic modules Ati 60 is connected to the O5 data interface; own internal IC bus, to which all components are connected, except for the O5 data interface.

Thanks to the decoupling of the data interface 05 from the internal bus of the microcircuit IV, the encryption power no longer depends on the processor P. In addition, the internal data of the microcircuit from the internal bus of the microcircuit YV cannot be changed or, accordingly, listened to by third parties, in particular, on the data interface O5. because the 5C security microcircuit may also contain the following components:

timer 2M; sensor module 5M; AKM actuator module,

These components are also connected to the IC bus internal to the chip.

Different communication protocols can be used to communicate between individual components, that is, control the sequence of operations, regardless of the communication protocols with the connected ANMU hardware.

The data interface 05 and the command interface B5 are the only access points of the ANMU/7/0 connected hardware to the security chip C.

Connected ANMU hardware devices have no other access to the 5C security chip and, thus, to safety-critical data used and/or stored in the ZO security chip.

Thanks to this disconnection of the 5C security chip from its "outside world", it becomes impossible for outsiders, that is, for intruders, to obtain any security-relevant data from the 5C security chip.

Processor P can be any processor that has sufficient speed for the requirements of the planned application.

Algorithmic modules of AMi are independent modules, each of which is "responsible" for a specific cryptographic protocol or for a corresponding encryption method. This means, for example, methods or protocols for encrypting and decrypting useful data, protecting the integrity or digital signature, or creating hash values. The index "i" uniquely identifies each algorithmic module of AMi. It is an arbitrary natural number in the range from 1 to n. At the same time, n is the number of AI algorithmic modules implemented on the 5C security chip.

Possible examples of implementation of algorithmic modules of AMi are given below.

Algorithmic module AMi can, for example, be specially designed for the implementation of a cryptographic code of a symmetric method of encryption of the ZM, for example, a standard method of data encryption (- Oia Epsiriop

Ziapdaga - OE5). The module can be designed so that it can perform OEZ-encryption with different i) key lengths, for example, triple OE5Z-encryption. Other symmetric cryptographic methods can be implemented in other algorithmic modules of AMI.

In another application example, it is provided to perform asymmetric AM cryptographic algorithms in algorithmic modules of AM. Examples of asymmetric AM cryptographic algorithms are sufficiently known to specialists, for example, K5A encryption. ise)

The above-mentioned symmetric ZM encryption algorithms and asymmetric AM cryptographic algorithms can be provided both separately and together in different algorithmic modules AMIi on the 5C security chip.

On the security microcircuit C, a set of algorithmic modules AMIi of the same type ise) c5 can also be provided to implement the same method of encryption, for example, to increase the performance of the microcircuit "r security 5C. This can, for example, provide that one algorithmic module AMI is intended for processing the input data stream, and another algorithmic module AMIi of the same type - for processing the output data stream.

Algorithmic modules of AMi also serve to encrypt useful data, which through the O5 data interface "

Open text is provided by the connected ANMU hardware on its own internal bus of the microcircuit with the OB data and can be encrypted by any user-installed ANMU hardware through

And the B5 command interface, with the encryption method, in which the applied algorithmic module is also selected? AMI from the M72 set of independent AMI algorithmic modules.

Encrypted in any algorithmic module of AMi, the useful data is transmitted again through its own

The internal bus of the OB data chip and the Y5 data interface, now in an encrypted form, to the connected Y5" hardware of ANMU.

Through the OB data interface, the connected hardware of the ANMUU informs the 5C security microcircuit

Me. parameters of the corresponding payload encoding request. This can be, for example, a given encryption algorithm, key length, or similar parameters needed to encrypt useful data. Then, with the help of connected hardware of ANMU through the OZ data interface, for example, an operation is started

Me. encryption of useful data. Processor P manages the administrative flow of data encryption processes in the security microcircuit of the ZS, as well as the operation of the cryptographic protocols described below.

However, the processor P does not necessarily transport encrypted, decrypted or accordingly processed two cryptographically useful data. Of course, if they are not transported by the P processor, they are transported via the OB chip's own internal data bus, which is another advantage of the chip

F) security of 5C - the performance of 5C encryption does not depend on the R. ka processor. In addition, due to the decoupling of the internal data bus of the OB microcircuit from the internal bus of the YV microcircuit, it is impossible to listen or change on the O5 interface the internal data transported through the microcircuit's own internal bus IV.

This significantly improves the security characteristics of the security microcircuit of the ZS in comparison with other security modules, since the data essential for security, for example, the cryptographic key used for encryption, cannot be recognized by an outsider.

In the storage device 5P, both unencrypted data and data that must be temporarily stored for the implementation of cryptographic algorithms, for example, intermediate keys in encryption methods operating on the principle of exponential key change, or intermediate keys that use in FE5 encryption.

Algorithmic modules of AMi can also be intended for the implementation of various security measures, for example, known authentication protocols or also for the implementation of methods of changing the key, or generating cryptographic keys.

With the help of the 5M sensor module, physical tampering with the connection to the security chip is detected

WITH; can also be evaluated and reported to the P processor via its own internal IC bus.

In the AKM executive module, on the command from the P processor, measures are taken to neutralize the encroachments detected by the ZM sensor module. Such a security measure can be, for example, erasing all currently stored data in the storage device. 70 The 2M timer includes at least the following components: LO timer interface; timer controller 7; counting circuit 25, and counting circuit 75 contains, at least: data buffer OB; real time counter K2; TA clock coordinator; and counter switch 2).

Timer 2M performs autonomous tasks, for example, issuing time stamps. Time stamps are sent to other hardware devices connected to the security microcircuit of the security system via the timer interface.

The timer controller 7C provides control of the sequence of operations of the timer 2M.

The timer interface 70 is the interface of the 7M timer bus to the IC's internal IC bus. The LO timer interface is primarily used to communicate with external controllers - in the version using a 5C security chip with a R processor.

Outputs are also provided for controlling the sequence of operations of the cryptographic communication protocol, i.e. Ga for managing communication with other controllers, in particular, with the processor P. An output is also provided, through which the timer 2M signals attempts at changes detected by the sensor module ZM, for example, changes in tact. Other i) outputs are intended for the exchange of timer 2M data, i.e. absolute or relative mass signals set by the timer 2M module.

Crypto algorithms are not executed in the 7M timer module itself. Other modules of the 5C security chip are responsible for the implementation of authentication protocols and other security measures. Processor P must decide and manage access rights, through the timer interface 70, to the timer 7M. ish

The timer controller 2C controls the timer interface 7/0 and the counter circuit 25. In addition, the controller. ("3 timer 7C receives, through the timer interface 710, logical commands from the processor R.

Logical commands of the processor P are interpreted by the timer controller 7C and converted into signals of the i-th z5 internal control of the timer module 2M. Thus, the 7C timer controller controls the functional progress of the "I operations of the entire module. Thus, it is the control unit for the entire timer module. The commands used by the timer controller 7C to influence the course of operations of the timer 2M can, for example, provide the following operations: setting the astronomical time on the clock of the timer 2M (date, time, synchronization mechanism); "accepting the loaded parameters into the current time function; time reading from the 7M timer clock; - with the establishment of calendar functions (lunar rhythm, taking into account leap years, taking into account summer time, etc.); "» setting the reverse clock setting function, i.e. - whether the reverse setting should be carried out at the specified time or at any time; starting and stopping the 7M timer; d" parameterization of the TA clock adjuster, i.e. setting the parameters required for the TA clock adjuster; resolution parameterization 2M timer module, that is, setting the 2M timer to measure

F time in seconds, milliseconds or microseconds; av) parameterization of the time transmission format by timer 2M; reading 2M status information through the timer;

Ф parameterization of the calculation method - should it be binary or modulo; "from" switching on and off the 2M timer test mode.

In addition, with the help of the 7C timer controller, data access control and functional access control are carried out. In this case, this means, for example, the following modes: access to the 72M timer is allowed only after a successful verification of the secret number; access is allowed only after successful authentication; i) access is allowed only for reading; name) access is allowed for writing only.

The counter circuit 75 of the 2M timer includes, as described above, a real-time CI counter. 60 The CL real-time counter is a modulo counting scheme made of cascaded counters.

Cascading and synchronization of the K7 real-time counter can take place taking into account the characteristics of time jumps caused, for example, by the transition to summer time or a leap year and the like. For some cryptographic applications, a "relative" time number is also provided, i.e., a monotonic binary counter of sufficient bit size to correspond to the desired time. 65 The TA clock adjuster serves to form the required time base for time measurement in the 2M timer module with external clocking, as is the case, for example, in the case of the use of chip cards common nowadays.

The OB data buffer serves for memorizing the data necessary for the operation of the 7M timer.

It is advisable to manage the key in algorithmic modules of AMi directly in the hardware. This significantly increases work productivity, first of all, when quickly changing the key between differently encrypted data streams. This is especially important for packet-oriented communication or when connecting data, when working in systems of collective application or in mass media, for example, in a local computer network (LAN), in which different communication partners need to transfer and cryptographically process many packets in different ways.

Claims (6)

The formula of the invention 1. The communication security microcircuit (C), which is connected to the connected hardware (ANMU) only through the data interface (05) and through the command interface (B5), which includes a processor (P), a set (M7) of algorithmic modules (AM;,, i-1...n) designed to implement encryption algorithms, and independent algorithmic modules (AM;) are connected through the chip's own internal bus (IB) to the processor (P) and through its own internal bus data (OB) of the microcircuit - with a data interface (05), a memory device (ZR) connected to the internal bus (IB) of the microcircuit. 2. Security microcircuit (5C) according to claim 1, in which at least one algorithmic module (AM;) is provided for implementation of symmetric encryption algorithms (BM). 3. Security chip (C) according to claim 1 or claim 2, in which at least one algorithmic module (AM;) is provided from the set (7) of algorithmic modules (AM;) for implementing asymmetric encryption algorithms (AM). 4. A security microcircuit (5C) according to any of claims 1-3, in which a timer (7M) is provided, which reliably generates and outputs absolute time signals and/or relative time signals. high school 5. The security microcircuit (5C) according to any of claims 1-4, in which a sensor module (ZM) and/or an executive module (AKM) is provided for detecting unauthorized connection attempts to the security microcircuit (C) and/or (o) to implement security measures in the presence of recognized attempts of unauthorized connection to the security chip (C). 6. The security microcircuit (5C) according to any of claims 1-5, in which the algorithmic modules (AM) are made with the possibility of supporting cryptographic key management directly in the hardware. (Se) «c) (Se) « - with . and? sh" (22) ("c) b 50 s" F) ime) 60 b5