A. Technical Field
The present invention relates generally to secure microcontroller systems and/or modules, and more particularly to systems and methods for employing unique identification elements within the security architecture of the secure microcontroller systems and/or modules.
B. Background of the Invention
The importance of data security within today's computing systems is well understood by one of skill in the art. Significant research and development has occurred across numerous markets in an attempt to establish security protocols and architectures that maintain the integrity of data during authentication, data transit, and storage. Although these efforts have resulted in major improvements to secure systems, there still remains meaningful risk that data within a secure system can become compromised.
The difficulty in designing and maintaining a secure computing system is related to the daunting task of addressing all of the potential vulnerabilities of the system that may compromise data security. One such vulnerability is the manner in which encryption keys are generated and maintained within the secure system as well as how these keys are implemented in authentication, communication and storage operations. If encryption keys are not derived from a sufficiently random and/or unique source, then the keys could potentially be replicated by an attacker and used to obtain information from the system. For example, if an individual is able to predict a pseudo-random number used to seed encryption keys within the system (e.g., understand the algorithm used to generate the number), then that individual could derive encryption keys to decrypt data either stored in the system or in transit between modules of the system. As a result, security engineers are constantly looking for ways in which the randomness of keys may be increased.
FIG. 1 illustrates a standard architecture to illustrate how data can be attacked within a secure system. One skilled in the art will recognize that the general concept of data security, and corresponding systems and methods, are relevant in a vastly diverse set of computing systems, all of which are relevant to the present invention.
The exemplary system 100 includes a microcontroller 105 and a module 110, which communicate data using a communication channel 150. The module 110 and communication channel 150 may be realized by numerous implementations understood by one of skill in the art. The data being transmitted within communication channel 150 is encrypted. The data may also be encrypted and stored in either the microcontroller 105 or the module 110 depending on the design of the system.
Encryption keys are used within the system to encrypt and decrypt the data. These keys may be generated using various techniques including those defined by well-known protocols understood by one of skill in the art. The microcontroller 105 has both an encoding block 140 and a decoding block 130 that are used to encrypt and decrypt data. In this particular instance, the encoding and decoding blocks 130, 140 interface to a processing unit 115 or core via a memory/bus interface 120. Comparatively, the module 110 also has an encoding block 160 and a decoding block 170 that communicate with a module block 180 that can perform a function(s).
Data may be attacked at various points within this secure system 100. First, data may be attacked as it is communicated within the communication channel 150 between the microcontroller 105 and the module 110. An individual or computing device may intercept traffic within the channel 150 and attempt to decrypt the data. Second, an individual or computing device may attempt to retrieve data stored in microcontroller 105 or the module 110. If this stored data is encrypted, the individual needs to decrypt the data before it becomes useable. In both cases, the strength of the encryption keys is paramount in preventing the attacks.
What is needed are systems, devices and methods that address the above-described concerns.