公开(公告)号：WO2006027309A1

公开(公告)日：2006-03-16

申请号：PCT/EP2005/053997

申请日：2005-08-15

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM UNITED KINGDOM LIMITED ,  FAYAD, Camil ,  LI, John ,  SUTTER, Siegfried

Inventor： FAYAD, Camil ,  LI, John ,  SUTTER, Siegfried

IPC: G06F1/00

CPC classification number: G06F21/72 ,  G06F21/6218 ,  G06F21/79

Abstract: A mechanism is provided in which a secure chip for performing cryptographic and/or other functions is able to securely access a separate random access memory externally disposed with respect to a secure chip boundary. Addressing of the external memory is controlled so as to define certain regions therein which receive and store only encrypted information from the chip. Other regions of the external memory are set aside for the receipt and storage of unencrypted information. Access to the external memory is provided through a controlled interface which communicates with internal chip hardware which operates to control the flow of communication between various internal components such as cryptographic engines, data processors, internal memory of both the volatile and the nonvolatile variety and an external interface which provides the only other access to the chip. The internal chip hardware with which the external memory interface communicates is implemented as a combined ASIC and programmable hardware circuit, wherein the programmable hardware circuit is also securely configurable.

Abstract translation: 提供了一种机制，其中用于执行加密和/或其他功能的安全芯片能够安全地访问相对于安全芯片边界而外部设置的单独的随机存取存储器。 控制外部存储器的寻址，以便限定其中接收并存储来自芯片的加密信息的某些区域。 外部存储器的其他区域用于接收和存储未加密的信息。 通过与内部芯片硬件通信的受控接口提供对外部存储器的访问，该内部芯片硬件用于控制各种内部组件（例如密码引擎，数据处理器，易失性和非易失性品种的内部存储器）之间的通信流和外部 接口，只提供对芯片的唯一访问。 外部存储器接口通信的内部芯片硬件被实现为组合ASIC和可编程硬件电路，其中可编程硬件电路也可以安全地配置。

公开(公告)号：WO2007080136A1

公开(公告)日：2007-07-19

申请号：PCT/EP2007/050014

申请日：2007-01-02

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM UNITED KINGDOM LIMITED ,  FAYAD, Camil ,  LI, John ,  SUTTER, Siegfried

Inventor： FAYAD, Camil ,  LI, John ,  SUTTER, Siegfried

IPC: G06F21/02

CPC classification number: G06F21/76 ,  G06F21/72 ,  G06F21/79

Abstract: Electronic circuit chips which include cryptography functions are arranged in multichip configurations through the utilization of a shared external memory. Security of the chips is preserved via a handshaking protocol which permits each chip to access limited portions of the memory as defined in a way that preserves the same high security level as the tamper proof chips themselves. The chips may be operated to work on different tasks or to work on the same task thus providing a mechanism for trading off speed versus redundancy where desired.

Abstract translation: 包括加密功能的电子电路芯片通过利用共享的外部存储器而被布置成多芯片配置。 通过握手协议来保护芯片的安全性，该握手协议允许每个芯片访问存储器的有限部分，其以与防篡改芯片本身保持相同的高安全级别的方式定义。 芯片可以被操作以在不同的任务上工作或者在相同的任务上工作，从而提供了一种用于在需要时对速度与冗余进行交换的机制。

公开(公告)号：WO2006027308A2

公开(公告)日：2006-03-16

申请号：PCT/EP2005/053996

申请日：2005-08-15

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION ,  IBM UNITED KINGDOM LIMITED ,  FAYAD, Camil ,  LI, John ,  SUTTER, Siegfried

Inventor： FAYAD, Camil ,  LI, John ,  SUTTER, Siegfried

IPC: G06F1/00

CPC classification number: G06F21/72 ,  G06F21/79

Abstract: An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using cryptographic keys that are present in hard coded form on the chip. In particular the flow control circuit includes a programmable hardware portion which is configurable in a secure manner to create a flexible internal chip architecture. The chip also includes a volatile memory disposed on a voltage island on which is maintained either through a battery backup or from a fixed power source (mains). The chip is thus enabled to securely perform cryptographic operations with the processors controlling the cryptographic engines through the flow control circuit.

Abstract translation: 提供集成电路芯片，其包含一个或多个处理器以及一个或多个密码引擎。 具有命令处理器的流程控制电路经由仅通过加密信息的安全外部接口接受请求和数据。 流量控制电路使用在芯片上以硬编码形式存在的密码密钥来中介该信息的解密。 特别地，流控制电路包括可安全地配置以创建灵活的内部芯片架构的可编程硬件部分。 该芯片还包括设置在电压岛上的易失性存储器，通过备用电池或固定电源（主电源）维持该电压岛。 芯片因此能够安全地执行加密操作，其中处理器通过流控制电路来控制密码引擎。

公开(公告)号：WO2006027308A3

公开(公告)日：2006-05-11

申请号：PCT/EP2005053996

申请日：2005-08-15

Applicant: IBM ,  IBM UK ,  FAYAD CAMIL ,  LI JOHN ,  SUTTER SIEGFRIED

Inventor： FAYAD CAMIL ,  LI JOHN ,  SUTTER SIEGFRIED

IPC: G06F1/00

CPC classification number: G06F21/72 ,  G06F21/79

Abstract: An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using cryptographic keys that are present in hard coded form on the chip. In particular the flow control circuit includes a programmable hardware portion which is configurable in a secure manner to create a flexible internal chip architecture. The chip also includes a volatile memory disposed on a voltage island on which is maintained either through a battery backup or from a fixed power source (mains). The chip is thus enabled to securely perform cryptographic operations with the processors controlling the cryptographic engines through the flow control circuit.

Abstract translation: 提供一种集成电路芯片，其包含一个或多个处理器和一个或多个加密引擎。 具有命令处理器的流控制电路经由安全的外部接口接收请求和数据，通过该外部接口仅传递加密的信息。 流控制电路使用以硬编码形式存在于芯片上的加密密钥介入该信息的解密。 特别地，流控制电路包括可编程硬件部分，其可以以安全的方式配置以创建灵活的内部芯片架构。 该芯片还包括布置在电压岛上的易失性存储器，其上通过电池备份或从固定电源（电源）保持。 因此，芯片能够通过流量控制电路与控制密码引擎的处理器进行安全地执行加密操作。