Abstract: A cryptographic engine for modulo N multiplication, which is structured as a plurality of almost identical, serially connected Processing Elements, is controlled so as to accept input in blocks that are smaller than the maximum capability of the engine in terms of bits multiplied at one time. The serially connected hardware is thus partitioned on the fly to process a variety of cryptographic key sizes while still maintaining all of the hardware in an active processing state.

Abstract: A data processing system, which is particularly useful for carrying out modular multiplication, especially for cryptographic purposes, comprises a plurality of independent, serially connected processing elements which are provided with data in a cyclical fashion via a control mechanism that is capable of transferring data from a set of registers to earlier ones in the series of the serially connected processing elements, at the end of a predetermined number of cycles.

Abstract: Electronic circuit chips which include cryptography functions are arranged in multichip configurations through the utilization of a shared external memory. Security of the chips is preserved via a handshaking protocol which permits each chip to access limited portions of the memory as defined in a way that preserves the same high security level as the tamper proof chips themselves. The chips may be operated to work on different tasks or to work on the same task thus providing a mechanism for trading off speed versus redundancy where desired.

Abstract: In an array of groups of cryptographic processors, the processors in each group operate together but are securely connected through an external shared memory. The processors in each group include cryptographic engines capable of operating in a pipelined fashion. Instructions in the form of request blocks are supplied to the array in a balanced fashion to assure that the processors are occupied processing instructions.

Abstract: A mechanism is provided in which access to the functionality present on an integrated circuit chip is controllable via an encrypted certificate of authority which includes time information indicating allowable periods of operation or allowable duration of operation. The chip includes at least one cryptographic engine and at least one processor. The chip also contains hard coded cryptographic keys including a chip private key, a chip public key and a third party's public key. The chip is also provided with a battery backed up volatile memory which contains information which is used to verify authority for operation. The certificate of authority is also used to control not only the temporal aspects of operation but is also usable to control access to certain functionality that may be present on the chip, such as access to some or all of the cryptographic features provided in conjunction with the presence of the cryptographic engine, such as key size.

Abstract: The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of simultaneous operation in two subphases per processing element and the chaining together of processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a pardonable chain with separate parts for processing factors of the modulus.

Abstract: The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of simultaneous operation in two subphases per processing element and the chaining together of processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a pardonable chain with separate parts for processing factors of the modulus.

Abstract: A data processing system, which is particularly useful for carrying out modular multiplication, especially for cryptographic purposes, comprises a plurality of independent, serially connected processing elements which are provided with data in a cyclical fashion via a control mechanism that is capable of transferring data from a set of registers to earlier ones in the series of the serially connected processing elements, at the end of a predetermined number of cycles.

Abstract: A cryptographic engine for modulo N multiplication, which is structured as a plurality of almost identical, serially connected Processing Elements, is controlled so as to accept input in blocks that are smaller than the maximum capability of the engine in terms of bits multiplied at one time. The serially connected hardware is thus partitioned on the fly to process a variety of cryptographic key sizes while still maintaining all of the hardware in an active processing state.

Abstract: In an array of groups of cryptographic processors, the processors in each group operate together but are securely connected through an external shared memory. The processors in each group include cryptographic engines capable of operating in a pipelined fashion. Instructions in the form of request blocks are supplied to the array in a balanced fashion to assure that the processors are occupied processing instructions.

Abstract: A method and apparatus are provided for identifying a defective processor of a plurality of processors of a multi-processor system. In such method, a first command is submitted to a first processor and to a second processor within the multi-processor system. The first command is executed by each of the first and second processors. A first result of executing the first command by the first processor is compared with a second result of executing the second command by the second processor. A hard error is indicated when the first result does not match the second result. To further isolate a fault within the system, commands are submitted to different pairings of processors and the results are compared to isolate a faulty processor from among them.

Abstract: Electronic circuit chips which include cryptography functions are arranged in multichip configurations through the utilization of a shared external memory. Security of the chips is preserved via a handshaking protocol which permits each chip to access limited portions of the memory as defined in a way that preserves the same high security level as the tamper proof chips themselves. The chips may be operated to work on different tasks or to work on the same task thus providing a mechanism for trading off speed versus redundancy where desired.

Abstract: A system and method for generating a message digest comprising: receiving a block of data and processing the block of data to achieve a message digest, the processing of the block of data including evaluating the block of data at time (t) in terms of time (t?x), wherein x is greater than or equal to 2.

Abstract: The modular exponentiation function used in public key encryption and decryption systems is implemented in a standalone engine having at its core modular multiplication circuits which operate in two phases which share overlapping hardware structures. The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design comprising a series of nearly identical processing elements linked together in a chained fashion. As a result of the two-phase operation and the chaining together of partitioned processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a partitionable chain with separate parts for processing factors of the modulus. In this mode, the system is particularly useful for exploiting characteristics of the Chinese Remainder Theorem to perform rapid exponentiation operations.

Abstract: A system and method are provided in which a third party chip vendor is enabled to securely program an electronic circuit chip supplied from a chip manufacturer. The chip vendor supplies a vendor's public cryptography key to the chip manufacturer who hard codes it on the chip along with a chip private key and a chip public key. One or more cryptographic engines on the chip, which preferably has a tamper resistant/detecting boundary, are used to decrypt program instructions supplied to the chip after having been encrypted with the vendor's private key and the chip public key. The chip includes a processor and an associated memory which receives a version of the instructions decrypted with the chip private key and the vendor's public key. The chip also preferably includes programmable hardware which is also securely programmable by the downstream chip vendor.

Abstract: A mechanism is provided in which access to the functionality present on an integrated circuit chip is controllable via an encrypted certificate of authority which includes time information indicating allowable periods of operation or allowable duration of operation. The chip includes at least one cryptographic engine and at least one processor. The chip also contains hard coded cryptographic keys including a chip private key, a chip public key and a third party's public key. The chip is also provided with a battery backed up volatile memory which contains information which is used to verify authority for operation. The certificate of authority is also used to control not only the temporal aspects of operation but is also usable to control access to certain functionality that may be present on the chip, such as access to some or all of the cryptographic features provided in conjunction with the presence of the cryptographic engine, such as key size.

Abstract: A system and method are provided for securely providing configuration information, that is, programming, to programmable hardware such as a Field Programmable Gate Array (FPGA) or a Programmable Logic Device (PLD). Security is provided by first verifying authority to enter configuration information via the decryption of an encrypted certificate of authority. The decryption is carried out using a cryptography engine disposed on the chip containing the programmable hardware. Additionally, the configuration information is itself provided in an encrypted form which requires recognition of the certificate of authority in order to decrypt it and to place it in storage locations within the programmable hardware. In this manner, the flexibility advantages of programmable hardware are fully met without the disadvantage of the programmable hardware being compromised by other users.

Abstract: A mechanism is provided in which a secure chip for performing cryptographic and/or other functions is able to securely access a separate random access memory externally disposed with respect to a secure chip boundary. Addressing of the external memory is controlled so as to define certain regions therein which receive and store only encrypted information from the chip. Other regions of the external memory are set aside for the receipt and storage of unencrypted information. Access to the external memory is provided through a controlled interface which communicates with internal chip hardware which operates to control the flow of communication between various internal components such as cryptographic engines, data processors, internal memory of both the volatile and the nonvolatile variety and an external interface which provides the only other access to the chip.

Abstract: An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using one or more cryptographic keys passed to the command processor. The decrypted information is stored in a preferably volatile, on-chip memory in unencrypted form. The flow control circuit is then able to accept requests which invoke the stored, decrypted instructions. More specifically, the invoked instructions are usable to control the cryptographic engines present on the chip in ways knowable only to the one who provides the encrypted instructions. In this way, many different encryption algorithms are employable in a secure fashion.

Abstract: The modular exponentiation function used in public key encryption and decryption systems is implemented in a standalone engine having at its core modular multiplication circuits which operate in two phases which share overlapping hardware structures. The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of the two-phase operation and the chaining together of partitioned processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a partitionable chain with separate parts for processing factors of the modulus. In this mode, the system is particularly useful for exploiting characteristics of the Chinese Remainder Theorem to perform rapid exponentiation operations.