The present invention relates to the secure enablement of a processing entity and in particular, but not exclusively, to the enablement of a cryptographic unit only whilst an enabling entity is present.
In the present context, the term xe2x80x9csecurexe2x80x9d is used in a relative sense to indicate that the security features provided are sufficiently hard to circumvent as to make it unattractive to try to do so. Of course, this judgement will depend on the benefits to be obtained by circumventing the security features and some embodiments of the present invention are only suitable for low value applications whilst other embodiments are suitable for higher valued applications.
FIG. 1 illustrates a known arrangement in which a processing entity 10 is enabled/disabled by a signal passed to it over line 16 from a control entity 11. The signal is used, for example to control a hardware gate placed in a clock signal line of the processing entity such that if this gate is disabled, the processing entity is unable to function at all. To cause the control entity to output an enabling signal on line 16, the latter must be supplied with the correct password from an enabling entity 12 (which may be, for example, a smartcard or a security server. The supplied password is temporarily stored in a register 14 of the control entity 11 and then compared in comparison block 15 with a reference copy of the correct password held in register 13. If the supplied password matches the reference word, the comparison block outputs an enabling signal on line 16. The control entity 11 and processing entity 10 are, for example, fabricated in the same chip. In a more sophisticated version of this general arrangement, rather than storing a copy of the correct password in register 13, a signature of this word is stored, this signature being that produced by passing the password through a one-way function; when a password is supplied to the control entity it is first subject to the same one-way function before being compared with the signature stored in register 13. This latter arrangement is more secure as the correct password is not stored in clear in register 13.
Examples of this general type of arrangement may be found in EP-A-0,566,512 (Innovatron) and in our co-pending European Patent Application No. 95410047.5.
The FIG. 1 arrangement is vunerable to a number of attacks. For example, it is possible for a sophisticated attacker to force all bits in registers 13 and 14 to a common state so that the comparison block always outputs an enabling signal. Alternatively, the state of the line 16 could be forced to its enable state. These attacks can be effected by persons only having access to the control entity 11. Where an attacker also has access to the enabling entity 12, then other attacks are also possible. For example, the correct password could simply be copied whilst being passed from the enabling entity to the control entity, the copied version of the password then being replayed to enable subsequent operation of the processing entity (it may be desired to do this if use of the enabling entity is somehow restricted, for example, by date expiry or by units of usage).
It is an object of the present invention to provide an arrangement for enabling a processing entity in a manner that is more secure at least in certain respects.
According to the present invention, there is provided a system comprising processing means needing the input of a set of control values for its proper working, a control entity for providing said set of control values to said processing means, and an enabling entity that can be placed in communication with said control entity to enable the latter to produce said control values; said enabling entity comprising:
first TP-word generation means for providing a first set of touch-point words,
means for providing command indicators associated with touch-point words of said first set,
build-word generation means for producing build words each having a value dependent on the value of a corresponding one of the touch-point words of said first set and its associated said command indicator, and
means for passing said build words to the control entity,
and said control entity comprising:
second TP-word generation means for providing a second set of touch-point words corresponding to those of the said first set,
receive means for receiving said build words from the enabling entity,
command-word generation means for generating command words each with a value dependent both on (a) the value of a respective one of said build words, and (b) the value of the touch-point word in said second set corresponding to the touch point word of said first set used in producing the build word referred to in (a), whereby the command word has a value dependent on the command indicator used in producing the related build word, and
means for using the value of at least one said command word in producing said set of control values for input to said processing means;
said system further comprising coordination means for coordinating operation of said entities.
The command indicators may directly indicate the command-word values to be produced or may indirectly indicate these values (for example, each command indicator may reference a respective command-word storage location conceptually holding a corresponding command word the value of which can be set independently of the command indicator concerned). Where a sequence of command words is to be generated in which at least some of the words have the same value, then having the command indicator directly indicating command-word value means that the same command indicator must be used each time the corresponding command value is to be produced; however,if the command indicator is only an indirect indication of command-word value, then different command indicators can be translated by the command word generation means to the same command word value.
The command indicators can be provided either independently of the ordering of the touch-point words of the first set or, preferably, by the positions of the associated touch point words in the first set (in this case, then the command indicator will generally only be an indirect indication of command-word value).
In many cases the processing entity will operate cyclically and will need said set of control values to be supplied thereto each processing cycle by the control means. This may be achieved in a number of ways, including by generating the same (or different) sets of touch point words each cycle or by storing the first and second sets and reusing them multiple times. In a preferred embodiment, a said second set of touch point words and the corresponding set of build words are stored in the control entity and used for multiple processing cycles.
Preferably, the build-word generation means comprises a memory holding a lookup table containing build-word values, the lookup table being logically organised as columns referenced by command indicator and rows referenced by touch-point-word value. It will be appreciated that in the present context, the terms xe2x80x9crowsxe2x80x9d and xe2x80x9ccolumnsxe2x80x9d have no special individual significance and are interchangable.
As regards the command-word generation means, this advantageously comprises:
function-evaluation means for evaluating any selected one of a plurality of predetermined functions each taking build words as arguments,
selection means for selecting one of said plurality of functions as the said selected one in dependence on the value of a current touch point word of the second succession, and
means for applying a current build word to the function evaluation means,
the result of the evaluation of the selected function by the function-evaluation means serving as a command word. Preferably, the function evaluation means takes the form of a memory holding a lookup table containing command word values, this lookup table being logically organised as columns associated with respective ones of said functions, and rows associated with respective build word values.
Preferably, the control values are provided by the control entity to the processing entity over a common path.
According to another aspect of the present invention, there is provided an enabling entity for enabling a control entity to produce a set of control values for input to a processing entity that requires these values for its proper working, said enabling entity comprising:
TP-word generation means for providing a set of touch-point words,
means for providing command indicators associated with said touch-point words,
coordination means for coordinating operation of said TP-word generation means with corresponding means provided in said control entity,
build-word generation means for producing build words each having a value dependent on the value of a corresponding touch-point word and its associated command indicator, and
means for passing said build words to said control entity.
According to a further aspect of the present invention, there is provided a method of producing a set of control values for input to a processing entity that requires these values for its proper working, said method comprising the steps of:
(A) providing a first set of touch-point words each with an associated command indicator,
(B) producing build words each having a value dependent on the value of a corresponding said touch-point word and its associated command indicator,
(C) providing a second set of touch-point words corresponding to those of the said first set,
(D) command-word generation means for generating command words each with a value dependent both on (a) the value of a respective one of said build words, and (b) the value of the touch-point word of said second set corresponding to the touch point word of said first set used in producing the build word referred to in (a), whereby the command word has a value dependent on the command indicator used in producing the related build word, and
(E) using the value of at least one said command word in producing said set of control values for input to said processing entity;
steps (A) and (B) being carried in an entity distinct from that in which steps (C), (D) and (E) are effected.