The present invention relates to secure processing devices generally, and particularly to smart cards which operate in conjunction with an external host, such as a set-top box.
Smart cards are typically employed in systems such as pay television systems and telephone systems to provide access to various services. Typically, the smart cards include secure algorithms which, when executed, are operative to generate access codes or keys which allow access to the services.
However, smart cards are generally limited by their low capacity memories and low processing performance which become a limitation when heavy computation tasks are executed. In such a case, a memory in a smart card has to be emptied and loaded many times during execution of a heavy computation task. This generally has an effect on computation speed and on the output of data from the smart. The tradeoff between memory size and computation speed is well known in the art.
The present invention seeks to provide an improved method and system for performing heavy computation tasks in systems based on secure processors.
In the present invention a secure processor, such as a smart card processor comprised in a smart card, classifies or receives a classification of computation tasks as either real-time tasks or non-real-time tasks, and processes real-time computation tasks without interruption. However, non-real-time tasks, which are generally heavy computation tasks, are computed uninterrupted only as long as a new real-time task is not waiting to be processed.
If a non-real-time task is processed and a new real-time task which is waiting to be processed is detected, the smart card processor interrupts the processing of the non-real-time task, thus resulting in computation of only a portion of the non-real-time task, and starts processing the new real-time task. Interruption of processing is performed either in response to an internal instruction in the smart card processor, or in response to an instruction transmitted to the smart card processor by the host.
At the end of the processing of the portion of the heavy computation task, the smart card processor obtains a setting representation of settings of processing components of the smart card processor. The setting representation generally includes settings of at least one of the following processing components: a program counter; a register; a RAM; a stack pointer; and a stack.
The setting representation obtained at the end of the portion of the computation task is typically encrypted and is transmitted in an encrypted form to a memory external to the smart card for storage therein. The memory external to the smart card may be a memory in a host, such as a computer or a set-top box (STB), and the smart card typically communicates with the host and the host memory via a conventional smart card reader.
When the smart card processor is ready to resume computation of the heavy computation task, or when the smart card processor receives from the host an instruction to resume computation, the smart card processor retrieves the encrypted setting representation from the host memory, decrypts the encrypted setting representation, separates the decrypted setting representation to regenerate the settings of the processing components, and resumes computation of the heavy computation task by using the settings of the processing components as initial conditions for the rest of the heavy computation task.
The communication of setting representation between the smart card processor and the host memory is typically a two-way serial communication via serial ports included in the smart card and in the smart card reader.
There is thus provided in accordance with a preferred embodiment of the present invention a method for performing a computation task in a secure processor removably operatively associated with a host including a memory external to the secure processor, the method including:
computing a portion of the task in the secure processor;
obtaining a setting representation of settings of processing components of the secure processor at the end of the computing step;
transmitting the setting representation to the external memory;
retrieving the setting representation from the external memory;
providing the setting representation to the secure processor; and
resuming computation of the task in the secure processor by employing the setting representation.
Preferably, the secure processor is included in a smart card.
Further preferably, the setting representation includes settings of at least one of the following processing components: a program counter; a register; a RAM; a stack pointer; and a stack. The setting of the RAM preferably includes a representation of the RAM content. The setting of the stack preferably includes a representation of the stack content.
Additionally, the method also includes the steps of:
encrypting the setting representation prior to the transmitting step; and
decrypting the setting representation prior to the step of resuming computation.
Preferably, the step of providing includes the step of providing the setting representation to the secure processor in an encrypted form.
Additionally, the step of providing also includes the step of decrypting the setting representation prior to the step of resuming computation.
Preferably, the step of obtaining includes converting at least one of the settings of the processing components to a data bit stream.
Further preferably, the transmitting step includes:
combining data bit streams corresponding to the settings of the processing components to form a combined data bit stream; and
transmitting the combined data bit stream to the external memory.
The external memory is preferably included in a host including a set-top box (STB). Alternatively, the external memory is included in a host including a computer.
Preferably, the computation task is operative to provide conditional access to at least one service provided via the STB.
Additionally, the method also includes the step of:
deleting the setting representation from the external memory in response to a disrupting event.
Preferably, the step of deleting includes deleting the setting representation after a time-out period.
Additionally, the method also includes the step of determining the portion of the task prior to the computing step by determining an end of the portion of the task.
Preferably, the end of the portion of the task is determined in response to a hardware interrupt.
Preferably, the computing step includes:
computing the task in the secure processor until a hardware interrupt indicating a request to process a new real-time task is received at the secure processor; and
determining the portion of the task as a portion of the task computed until reception of the hardware interrupt indicating a request to process the new real-time task.
Further preferably, the computing step includes:
periodically checking whether a new computation task classified as a real-time task is waiting to be processed;
computing the task in the secure processor as long as a real-time task is not waiting to be processed; and
if a real-time task is waiting to be processed:
ceasing computation of the task when the real-time task waiting to be processed is detected; and
determining the portion of the task as a portion of the task computed until detection of the real-time task waiting to be processed.
Additionally, the method also includes the step of executing the real-time task waiting to be processed.
There is also provided in accordance with a preferred embodiment of the present invention a method for performing a computation task in a secure processor operatively associated with an external memory external to the secure processor, the method including:
computing at least a portion of the task in the secure processor;
obtaining a setting representation of settings of processing components of the secure processor at the end of the computing step; and
employing serial communication to transmit the setting representation to the external memory for storage in the external memory, and to receive the setting representation from the external memory for resumption of computation of the task in the secure processor by use of the setting representation.
In accordance with a preferred embodiment of the present invention there is also provided a method for performing computation tasks in a plurality of secure processors operatively associated with an external memory external to all of the plurality of secure processors, the method including:
computing, in each of the plurality of secure processors, a computation task:
recognizing an interruption in computation in a group of secure processors, the group including at least one of the plurality of secure processors;
identifying each secure processor in the group;
obtaining a setting representation of settings of processing components of each secure processor in the group at time of occurrence of the interruption in computation;
transmitting each setting representation corresponding to each secure processor in the group to the external memory;
retrieving the each setting representation corresponding to each secure processor in the group from the external memory;
restoring the each setting representation corresponding to each secure processor in the group to each secure processor in the group in accordance with the identifying step; and
resuming computation in each secure processor in the group by employing the each setting representation corresponding to each secure processor in the group.
Preferably, the identifying step includes the step of employing processor identification codes to identify each secure processor in the group.
There is also provided in accordance with a preferred embodiment of the present invention a smart card including:
a smart card processor including:
determining apparatus operative to determine a portion of a computation task to be processed; and
a central processing unit (CPU), operatively associated with the determining apparatus and operative to compute the portion of a computation task, and to obtain a setting representation of settings of processing components of the smart card processor after the portion of a computation task is computed;
a smart card output interface operatively associated with the smart card processor for transmitting the setting representation to an external memory external to the smart card; and
a smart card input interface operatively associated with the smart card processor for receiving the setting representation from the external memory, wherein
the smart card processor is operative to resume computation of the task by employing the setting representation received from the external memory.
Preferably, the determining apparatus includes an interrupt controller.
Additionally, the smart card also includes an encryptor/decrypter associated with the smart card processor for encrypting the setting representation transmitted by the smart card output interface, and for decrypting the setting representation received by the smart card input interface.
There is also provided in accordance with a preferred embodiment of the present invention a system including the smart card and the external memory external to the smart card, wherein the external memory is included in a set-top box (STB).
Preferably, the smart card is operative to provide conditional access to at least one service provided via the STB.
There is also provided in accordance with a preferred embodiment of the present invention a secure processor operatively associated with an external memory external to the secure processor, the secure processor including:
determination apparatus operative to determine a portion of a computation task to be processed;
identification apparatus operative to identify the secure processor from a plurality of secure processors;
a CPU operatively associated with the determination apparatus and with the identification apparatus and operative to compute the portion of a computation task, and to obtain a first setting representation of settings of processing components of the secure processor after the portion of a computation task is computed;
an output interface operatively associated with the CPU and operative to transmit the first setting representation to the external memory; and
an input interface operatively associated with the CPU and operative to receive a second setting representation from the external memory, and to provide the second setting representation to the CPU, wherein
the secure processor is operative to resume computation of the task by employing the second setting representation received from the external memory if the identification apparatus identifies that the second setting representation belongs to the secure processor.