The present invention is an improvement upon the integrated circuit chips described in application Ser. No. 10/938,835 filed on Sep. 10, 2004. In this application is part of a collection related applications all filed with the same specification, but with a different set of claims, there is described a circuit which provides “Cryptography On A CHip” (COACH). These COACH chips include a microprocessor element, a cryptography engine, and an external interface together with battery backed up memory. At least part of the memory for a COACH device is provided in a battery backed up fashion with guaranteed volatility. Additionally, each COACH device is provided with a unique set of hard wired cryptographic keys used as a private key in a cryptography system. Additionally, the cryptography engine, interface, microprocessor, and memory are coordinated through a switch control having an application specific integrated circuit (ASIC) portion together with a field programmable gate array (FPGA) portion. The operation of the COACH devices are described in the above-referenced patent application. In particular, there is described therein (and herein as well) a mechanism for initializing each COACH device. This initialization is provided in a secure manner via the secret, private cryptography keys contained on each COACH device. Typically, these private keys are provided by fused devices. In a fused device mechanism, the cryptographic private key may be established subsequent to the manufacture and packaging of the chip. However, it is noted that the private key may be hardwired into the COACH device during its manufacture as well.
In the COACH system, there is provided a mechanism for securely programming the FPGA portion of the central control switch which coordinates the activities of the various other component areas mapped on to the chip including a cryptographic engine and a separate microprocessor having its own dedicated on chip memory. In addition, there is also a separate memory in which is secure and volatile. COACH devices are preferably provided with standard security features including meshes and intrusion detection which causes erasure of the volatile memory.
One of the features provided in the above-referenced patent application is a system and method for the use of an external memory. Normally, the use of an external memory in conjunction with a secure mechanism, such as a COACH device, would be impossible without compromising its security features. However, as described in the above-referenced patent application, and herein as well, there is provided a cryptographically secure mechanism by which the COACH device is still nonetheless able to utilize an externally deployed memory. In particular, the above-referenced patent application describes an external memory interface which permits the storing and retrieval of both encrypted and clear data in an external memory in a secure fashion. One of the mechanisms for providing this security is through the controlled access of various regions of the external memory which can be securely defined as being either for encrypted data or for unencrypted data. This capability greatly extends the utility of COACH devices.
However, and most relevantly for the present invention, two COACH devices are, without the present invention, incapable of sharing access to a common external memory. In particular, without the present invention, COACH devices cannot operate in a coordinated fashion. However, with the introduction of the capability of controlled access to a common memory, it is now possible now to COACH devices work in a coordinated fashion. This coordinated effort may for example be the carrying out of parallel operations on the same set of data in a redundant fashion so as to provide a mechanism which is more highly reliable. Should the results of such operations carried out on two separate coordinated COACH devices not be the same, an error indication would be generated.
In other scenarios, COACH devices are now rendered capable of operation in a coordinated fashion in which each COACH device operates on a different portion the same task so as to complete the task more quickly. Accordingly, it is seen that the ability to securely control access to an external memory shared between COACH devices provides a mechanism for user selectable parameters of either speed or redundancy. Additionally, with the use of the coordinating techniques of the present invention, it is also seen that the aspects of COACH device coordination are not in fact limited to merely two COACH devices, but rather can be extended to any practical number of such mechanisms.