1. Field of the Invention
The present invention generally relates to cyphering or encryption of data, of programs or more generally of binary codes to be stored in one or several memories external to an integrated processor in charge of exploiting these codes.
2. Discussion of the Related Art
An example of application of the present invention is the encryption of target programs downloaded by a device (computer, video or audio data reader, device provided with a downloadable program execution microprocessor, etc.) in which these programs must be stored. The downloading may, for example, use the Internet. More specifically, the present invention relates to the programs or data for which it is desired to prevent exploitable access by a non-authorized user.
Reference will be made hereafter to “data” to indifferently designate any binary code, be it routines, or data processed by such routines.
FIG. 1 partially and very schematically illustrates the structure of a system with a microprocessor and an external memory to which the present invention applies. A so-called secure area 1 is defined, within which is arranged a CPU communicating, via one or several buses 3, with a memory 4 (EXT MEM) external to secure area 1. Area 1 is, for example, the integrated microprocessor or, more generally, one or several data processing integrated circuits defining a secure area within which it is considered that the processed data are not likely to be pirated. In practice, secure area 1 is most often formed of a single integrated circuit chip, external memory 4 being another chip.
The encryption to which the present invention applies is that of any data transiting on bus(es) 3, between memory 4 and CPU 2 or more generally area 1; This encryption includes coding the stored data by means of a key known by the integrated processor. Generally, this encryption key is transmitted thereto by an asymmetrical encryption process from the distant system providing the program, so that the processor stores it in a protected internal area, and uses it both to decypher the downloaded program and cypher the data in the external memory.
An example of a solution for cyphering a memory, external to a microprocessor integrated on a single chip, is described in U.S. Pat. No. 5,825,878. The solution advocated by this document is to integrate the direct access memory controller with the microprocessor core as well as an internal memory and a logic encryption/decryption circuit.
Other solutions for cyphering programs in a memory external to a microprocessor are described, for example, in U.S. Pat. Nos. 5,982,887 and 6,041,449.
In all cases, the cyphered program in the external memory is independent from the chip forming the execution microprocessor.
A first disadvantage is that the cyphering key of the program stored in the memory external to the microprocessor is not dedicated to the chip which cyphers the data. Thereby, in case one of the keys is pirated, it can be reused to decypher any external memory since all chips use a same type of cyphering.
A second disadvantage is linked to the cyphering method used. Generally, cypherings by blocks by algorithms of DES or AES type according to a so-called ECB technique (Electronic Code Book) are used. The size of a block depends on the cyphering algorithm used. In an ECB technique, two identical blocks are cyphered in the same way. A weakness then includes possible attacks by a so-called dictionary technique, where the redundancy of identically cyphered messages may enable identification of the clear message. As opposed to the ECB technique, another block cyphering technique is known, in which the cyphered code depends on the preceding blocks. This technique (CBC, Cypher Block Chaining) requires an always identical sequential access to the memory, which makes it incompatible for the cyphering of a program for which random direct accesses in the external memory are desired to be had.
More generally, a particular problem is posed when direct access is desired to the external memory, as opposed to a sequential operation. In such a case, the write cyphering in the memory and the read decyphering in this memory must be performed, continuously and sequentially in the same order by the processor exploiting them. Such direct access and continuous cyphering requirements make conventional solutions inapplicable to efficiently cypher the data of an external memory by blocks.