Secure processor with resistance to external monitoring attacks

Assignee

• Cryptography Research, Inc. · US

Inventors

• Paul C. Kocher · Menlo Park, US
• Pankaj Rohatgi · Hartsdale, US
• Joshua M. Jaffe · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/061
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.