In the finance and transaction processing industry, there is often a need to protect data contained within a computer system and transmitted over a computer network. Over the years, a number of mechanisms have been developed to meet this need.
One of the mechanisms that has been developed to protect data being transmitted over a computer network is the cryptographic processor. A cryptographic processor accomplishes this by transforming the data to be protected into an unrecognizable form using a cryptographic scheme and a key. Even with knowledge of the cryptographic scheme, the recognizable form of the data is inaccessible while the data is being transmitted over the computer network so long as the key is kept secret. Cryptographic processors can be created to implement a variety of cryptographic schemes for the encryption and decryption of data.
However, since it is necessary for the keys used by a cryptographic processor to be stored and transmitted within the computer system, additional protection is required to prevent unauthorized access to and copying of the keys. A mechanism that has been developed to further protect data from copying is electrical circuitry such as that described in U.S. Pat. No. 4,523,271 to Levien. The electrical circuitry disclosed in Levien enables access to data in a protected memory only if the access is in response to an instruction that was previously fetched from the same memory or if the microprocessor is in an input/output cycle. Thus, the circuitry prevents unauthorized access to data within the protected memory.
While these types of mechanisms protect data from electronic attacks, they are insufficient to protect data from physical attacks. Some well known forms of physical attack are mechanical or chemical intrusion, temperature modification, and radiation exposure. One mechanism that has been developed to protect data against physical attack is an intrusion barrier such as that described in U.S. Pat. No. 5,027,397 to Double, of common assignee with this application. The intrusion barrier disclosed in Double includes a screen material surrounding the electronic assembly which screen material has formed thereon fine conductive lines and an electrical supply and signal detection means to detect a change in the resistance of the conductive lines. The intrusion barrier disclosed in Double further includes temperature sensing means and radiation detection means to detect a predetermined decrease in the temperature or increase in the radiation, respectively.
Using a cryptographic processor in conjunction with the electrical and physical protection devices of Levien and Double, a secure cryptographic module can be created. However, a major drawback of such a cryptographic module is its lack of flexibility. The erasable programmable read only memory (EPROM) used in the cryptographic module is programmed with a set of defined cryptographic functions. The particular cryptographic functions that are programmed into the EPROM are selected by determining what functions would be desirable to most users of the cryptographic module. However, there may be additional cryptographic functions which a particular user would like to have added to a cryptographic module. These additional functions may be unknown at the time the EPROM is programmed, they may be user specific and only required by a few users, or they may involve proprietary steps or processes that the user does not want disclosed. In any event, it is not commercially feasible to add all of these additional functions to the functions that are programmed into the EPROM. Using present cryptographic modules, the EPROM would have to be removed from the module, erased, and then reprogrammed to include the additional functions. These additional steps can be costly and time consuming, and maybe even impossible, because the physical protection is specifically designed to inhibit such activity.