Title of Invention	"A MICROPROCESSOR WITH RANDOM CYCLIC ENCRYPTION AND DECRYPTION"
Abstract	A microprocessor with random cyclic encryption and decryption comprising of a central processing unit (1), a functional unit (2,3), a memory cache (5) for storing information, a bus (6) which connects the central processing unit (1), the functional unit (2,3) and the memory cache (5) to one another for the purpose of interchanging data, a respective first encryption unit (12,32,52), associated with the units (1,2,3,5), which is connected between the bus (6) and the associated unit (1,2,3,5) and comprises a first storing means (10,50) for providing a key and a combinational logic element (11,51) which is connected between the bus (6) and the associated unit (1,2,3,5), the key being the same for the units and being alterable, a second encryption unit (53) which is associated with the memory cache (5) and comprises a second storing means (54) for providing a functional key, and also a combinational logic element (55) which is connected between the first means (54) for providing the key for the associated first encryption unit (50) and the combinational logic element (51) for the associated first encryption unit (52), characterized in that the encryption and decryption key is randomly changed in sync with a clock for greater security of data transfer.

Title of Invention

"A MICROPROCESSOR WITH RANDOM CYCLIC ENCRYPTION AND DECRYPTION"

Abstract

A microprocessor with random cyclic encryption and decryption comprising of a central processing unit (1), a functional unit (2,3), a memory cache (5) for storing information, a bus (6) which connects the central processing unit (1), the functional unit (2,3) and the memory cache (5) to one another for the purpose of interchanging data, a respective first encryption unit (12,32,52), associated with the units (1,2,3,5), which is connected between the bus (6) and the associated unit (1,2,3,5) and comprises a first storing means (10,50) for providing a key and a combinational logic element (11,51) which is connected between the bus (6) and the associated unit (1,2,3,5), the key being the same for the units and being alterable, a second encryption unit (53) which is associated with the memory cache (5) and comprises a second storing means (54) for providing a functional key, and also a combinational logic element (55) which is connected between the first means (54) for providing the key for the associated first encryption unit (50) and the combinational logic element (51) for the associated first encryption unit (52), characterized in that the encryption and decryption key is randomly changed in sync with a clock for greater security of data transfer.

Full Text	- 1 - The invention reiates to a microprocessor arrangement in which a central processing unit, a further unit and a memory unit are connected to one another via a bus and encryption is performed. Such microprocessor arrangements are used in security-critical applications, for example in a chip card. The arrangement is integrated on a single semiconductor chip, a"microcontrolier". The bus handles ail the data traffic. By way of example, the bus transmits data, addresses, program commands, control commands, etc. The programs to be executed are stored in a nonvolatile memory (ROM); data can likewise be stored in the nonvolatile memory or temporarily in a volatile memory (RAM). On account of the long access time to these memories, the data to be processed are buffered in faster caches. All the memories and the buses on the microprocessor or microcontroller are easily identifiable regular structures on the chip. They therefore represent preferred points of attack when attempts are being made to tap off chip-internal circuits or operating cycles for the purpose of covertly observing security-related data and functions. Any attacks can be made by probing, which involves tapping off the signal profiles by placing needles onto significant structures, In conventional microprocessors or microcontrollers, data stored in the memory are therefore scrambled using complex encryption. Reading requires a corresponding level of computation complexity. The data are subsequently transferred and supplied to the various functional units of the microprocessor generally in unencrypted form. In the event of a needle attack on the bus, all data could therefore be requested- as plain text. Comparatively complex encryption and, decryption also of the data traffic from and-to the central processing unit (CPU), a peripheral unit or an arithmetic and logic unit (ALU) or of the cache are not recommended-, since this would significantly reduce the access speed to these units. The object of the invention is to specify a microprocessor arrangement which has a higher level of security against covert observation of internal cycles.- This object is achieved by a microprocessor arrangement which functional comprises: a central processing unit-; a further unit; a memory unit; a bus which connects the central processing unit, the functional further unit^and the memory to one another for the purpose of interchanging data; a respective first encryption unit* associated with the units, which is connected between the bus and the associated unit and comprises a means for providing a key and a combinational logic element which is connected between the bus and the associated unit, the key being the same for the units and being alterable; a second encryption unit which is associated with the memory unit and comprises a means for providing a further key, and also a combinational logic element which is connected between the means for providing the key for the associated first encryption unit and the combinational logic element for the associated first encryption unit. -3- In the microprocessor arrangement in accordance with the invention, each functional unit connected to the bus is provided with an encryption device which is of relatively simple design. This comprises a means for providing a key, fot example a register, and also a combinational logic element, for example, an Exclusive^CR-gate- The encryption- device is capable of both encrypting the data item which is output onto the bus by the functional unit and decrypting a data item which is to be received. The encryption device is of simple design and therefore results in no significant delay during data transfer. Expediently, the key stored in the register is altered from time to time. The key is updated preferably with every operating clock cycle. So that a data value which is output onto the bus by a functional unit and is encrypted can be decrypted again by another functional unit when the key changes, the key registers for each functional unit need to contain the same key for affiliated read and write operations. To this end, the key is expediently generated by a key generator which forwards the same key to all the key registers in sync with the clock. Preferably, the key is generated under random control. Despite the simple encryption and decryption which barely takes, up any delay time, the random provision of various keywords provides adequate security against tapping-off and covert observation of the data traffic. To prevent a memory connected to the bus, for example a cache, a buffer or a translation lookaside buffer, from storing the information as plain text, additional encryption and decryption are required. To this end, a further encryption unit is provided which again comprises a means for providing the key, for example a further key register, and also a combinational logic element, for example an Exclusive-OR-gate. -4- A fundamental aspect is that the combinational logic element for the further encryption unit is arranged between the combinational logic element for the first encryption unit and the latter's key register. This has the advantage that all the bus sections, particularly those between the combinational logic element for the first encryption unit/ which is arranged between the bus and the memory, and the memory, carry only encrypted data. The key register for the second encryption unit is fed by a further key generator. Expediently, this key is also altered from time to time.- In this caser it is necessary to ensure that data buffered in the memory in encrypted form are read again using the same key. The key for said key register is therefore updated only when the memory no longer contains any valid information. This is the case, for example, when the memory is completely empty or when the memory is reinitialized This is done,- for example/ when the microprocessor arrangement has terminated an application and starts a hew application. In the event of such an application change^ it is no longer necessary to change the memory content for security reasons, since the change of key means that a new application can no longer use the data content still held in the memory anyway.- In one refinement of the invention, the encxyption units comprise only Exclusive-OR-gates and associated key registers for each functiona-l~unit connected to the bus* The circuit complexity is relatively low. The key generators each need to be provided only in simple form. The additional computation complexity is relatively low by comparison with the security obtained against covert observation of the data traffic. -5- The invention is explained in more detail below with reference to the exemplary embodiment shown in the drawing. The figure shown in the drawing shows a block diagram of a microcontroller for security applications in accordance with the invention. The microcontroller comprises a number of components: a central processing unit (CPU) 1, which handles control of the data traffic; a memory 2, which permanently stores data and programs which are to be executed; a peripheral unit 3, which implements data traffic to external circuits arranged outside the microcontroller; a buffer 5, which buffers data. Connections shown in bold comprise a plurality of lines. The nonvolatile memory 2 comprises a decryption device 21 which performs very good encryption with a relatively long key length. However, decryption requires a relatively long computation time and is of corresponding complexity in terms of circuitry. Data to be read from the memory 2 are therefore temporarily buffered in the memory 5, which can be accessed much faster. The memory 5 is a "cache". The functional units mentioned are connected to one another by means of a bus 6 which comprises a multiplicity of data and control lines. Arranged between the bus 6 and each of the functional units is an encryption unit, for example the units 12, 32 and 52. The encryption unit encrypts the data traffic which is output onto the bus 6 by the functional unit, and decrypts the data traffic received. The encryption units for the functional units 1, 2 and 3 are of identical design. By way of example, the encryption unit 12 associated with the CPU 1 comprises a key register 1.0 s&or^g. a keyword. An Exclusive-OR-gate 11 is connected in the data -6- path between CPU 1 and bus 6. In addition, the gate 11 is also supplied with the key Kl from the key register 10. By logically combining the data value received from the bus 6 with the keyword Kl, the data item Tl received from the bus 6 in encrypted form is converted into plain text T. The line from the Exclusive-GR-gate to the GPU 1 cannot generally be readily tapped, since the CPU 1 has an irregular structure. When the CPU 1 outputs a data value T onto the bus 6, this plain text data value is logically combined in the Exclusive-OR-gate 11 with a key provided by the key register 10 and is provided on the bus as a data value Tl. Another unit, for example a peripheral unit 3, receives the encrypted data item Tl and decrypts it in complementary fashion. The key Kl used for encryption in the unit 12 is altered cyclically. The key is provided by a key generator 61 which generates the keyword randomly* With every clock cycle provi~del3 by a clock generator 62, the keyword Kl changes. It is fundamental that a key Kl u~se~c? for encrypting a data value which is output upstream of the GPU 1 is likewise available on the other encryption units for decrypting the same data value. To this end, all the key registers associated with the respective functional units are connected to the random number generator 61 and to the clock generator 62 in parallel. As a result, by way of example, a data value T delivered by the CPU 1 is output onto the bus as data value Tl in encrypted form and is decrypted using the same key Kl on the peripheral unit 3, where it is provided as the same data item T in plain text. The randomly controlled updating of the key achieves a high level of security against a decryption attempt on the data item transferred via the bus. Connected upstream of the cache 5 is an encryption device 52 corresponding to the encryption devices 12 and 32. The -7- encryption device 52 comprises a key register 50 which is connected to the clock generator 62 and to the random number generator 61 in the same way* and also an Exclusive-OR-gate 51, which is connected in the data path between the bus 6 and the cache 5. With no other measures, the data traffic running between the gate 51 and the cache 5 would be available as plain text; in addition, the data would be stored in the cache 5 as plain text. To provide additional encryption for the data stored in the cache 5, a further encryption unit 53 is provided which is combined with the encryption unit 52 in order to re-encrypt the data decrypted by the encryption device 52 using the key Kl. The further encryption device 53 comprises a key register 54 and also an Exclusive-OR-gate 55. The Exclusive-OR-gate 55 is connected between the key register 50 and the Exclusive-OR-gate 51. The Exclusive-OR-gate 55 logically combines the keys from the registers 50 and 54 with one anotheri The effect of this is that the data stream T2 delivered to the cache 5 by the Exclusive-OR-gate 51 is in encrypted form. Correspondingly, the data T2 read from the cache 5 are decrypted again using the keyword K2 stored in the key register 54 and are encrypted for output onto the data bus 6 using the current alterable key Kl stored in the key register 50. While the cache 5 stores valid data which need to be read to the bus again for further processing, the keyword K2 provided by the key register 54 must continue to remain the same* The keyword K2 is generated by a further key generator 63. Expediently, the key K2 is changed when the cache 5 no longer contains any valid data. The key is again updated on the basis of a random pattern, so that sufficient security is ensured -8- against unscrambling of the data which are stored in the memory and are transferred via the bus section between the gate 51 and the memory 5.- It is recommended that the key K2 be changed when the cache 5 is emptied on the basis of a cache flush. Such an operation is performed by way of example/ when the application processed by the microprocessor arrangement changes. With a cache flush, all the data values in the cache are reset to a prescribed value In principle, it is also possible to dispense with resetting the memory content, since the memory content can no longer be decrypted anyway when there is a change of key. The effect achieved by the invention is that all the data traffic running via the bus 6 and, in addition, the data buffered in the buffer are always in encrypted form and are not available as plain text. The use of Exclusive-OR-gates allows symmetrical encryption and decryption methods to be used, which require little circuit and computation complexity! The length of key is oriented toward the number of lines in the bus. It is possible for all the lines or only some of the lines to be encrypted. The key register is then correspondingly smaller. For every line, one bit of a keyword is used. With bus lines, both the data lines and the status and control lines of the bus can be encrypted* In principle, it is also possible to encrypt single security-related signal lines in microprocessor arrangements or other circuits with appropriate use of the measures described above % As a random source for the key generators 61 and 63, a physical source is particularly suitable. If the security requirement is less, the key can also be generated by a pseudo random number generator. The key generators can be in the form of linear feedback shift registers (LFSR). The key can be updated by the clock generator 62 with every clock cycle for the bus 6 or not -9- until a particular number of clock cycles have elapsed. Suitable choice of the parameters sets a desired degree of security. 10 WE CLAIM 1. A microprocessor with random cyclic encryption and decryption comprising of a central processing unit (1), a functional unit (2,3), a memory cache (5) for storing information, a bus (6) which connects the central processing unit (1), the functional unit (2,3) and the memory cache (5) to one another for the purpose of interchanging data, a respective first encryption unit (12,32,52), associated with the units (1,2,3,5), which is connected between the bus (6) and the associated unit (1,2,3,5) and comprises a first storing means (10,50) for providing a key and a combinational logic element (11,51) which is connected between the bus (6) and the associated unit (1,2,3,5), the key being the same for the units and being alterable, a second encryption unit (53) which is associated with the memory cache (5) and comprises a second storing means (54) for providing a functional key, and also a combinational logic element (55) which is connected between the first means (54) for providing the key for the associated first encryption unit (50) and the combinational logic element (51) for the associated first encryption unit (52), characterized in that the encryption and decryption key is randomly changed in sync with a clock for greater security of data transfer. 2. The microprocessor as claimed in claim 1, wherein a generator (61) for the key is provided, and in that the first storing means (10,50) for providing the key for the first encryption units (12,32,52) comprise a register (10,50) whose output is connected to the respective combinational logic element (11,51) and whose input side is connected to the generator (61) for the key. 3. The microprocessor as claimed in claim 1 or 2, wherein the generator (61) is a random number generator which can generate binary numbers randomly. 2. 4. The microprocessor as claimed in claim 3, wherein the first storing means (10,50) can be controlled by a common clock generator (62). 5. The microprocessor as claimed in one of claims 1 to 4, wherein the second storing means (54) for providing the further key for the second encryption unit (53) comprise a register having its input connected to a second generator (63) for the further key, and in that the combinational logic element (55) for the second encryption unit (53) is connected by its inputs to the output of the register (54) for the second encryption unit and to the register (50) for the associated first encryption unit (52), and by its output to an input of the combinational logic unit (51) for the associated first encryption unit (52). 6. The microprocessor as claimed in one of claims 1 to 5, wherein the combinational logic units (11,51,55) are Exclusive-OR-gates. 7. The microprocessor as claimed in one of the claims 1 to 6, wherein the memory cache (5) is in the form of a volatile memory. 8. The microprocessor as claimed in one of claims 1 to 7, wherein the second generator (63) for the further key can be controlled such that it can generate a new key if the memory cache (5) has no valid memory content. 9. The microprocessor as claimed in claim 8, wherein the second generator (63) can generate the further key after the memory unit (5) has been initialized. 10. The microprocessor as claimed in one of claims 1 to 9, wherein a further memory (2) is provided, and in that the memory cache (5) can buffer data for the further memory (2). A microprocessor with random cyclic encryption and decryption comprising of a central processing unit (1), a functional unit (2,3), a memory cache (5) for storing information, a bus (6) which connects the central processing unit (1), the functional unit (2,3) and the memory cache (5) to one another for the purpose of interchanging data, a respective first encryption unit (12,32,52), associated with the units (1,2,3,5), which is connected between the bus (6) and the associated unit (1,2,3,5) and comprises a first storing means (10,50) for providing a key and a combinational logic element (11,51) which is connected between the bus (6) and the associated unit (1,2,3,5), the key being the same for the units and being alterable, a second encryption unit (53) which is associated with the memory cache (5) and comprises a second storing means (54) for providing a functional key, and also a combinational logic element (55) which is connected between the first means (54) for providing the key for the associated first encryption unit (50) and the combinational logic element (51) for the associated first encryption unit (52), characterized in that the encryption and decryption key is randomly changed in sync with a clock for greater security of data transfer.

Full Text

- 1 -
The invention reiates to a microprocessor arrangement in which a central processing unit, a further unit and a memory unit are connected to one another via a bus and encryption is performed.
Such microprocessor arrangements are used in security-critical applications, for example in a chip card. The arrangement is integrated on a single semiconductor chip, a"microcontrolier". The bus handles ail the data traffic. By way of example, the bus transmits data, addresses, program commands, control commands, etc. The programs to be executed are stored in a nonvolatile memory (ROM); data can likewise be stored in the nonvolatile memory or temporarily in a volatile memory (RAM). On account of the long access time to these memories, the data to be processed are buffered in faster caches.
All the memories and the buses on the microprocessor or microcontroller are easily identifiable regular structures on the chip. They therefore represent preferred points of attack when attempts are being made to tap off chip-internal circuits or operating cycles for the purpose of covertly observing security-related data and functions. Any attacks can be made by probing, which involves tapping off the signal profiles by placing needles onto significant structures,
In conventional microprocessors or microcontrollers, data stored in the memory are therefore scrambled using complex

encryption. Reading requires a corresponding level of computation complexity. The data are subsequently transferred and supplied to the various functional units of the microprocessor generally in unencrypted form. In the event of a needle attack on the bus, all data could therefore be requested- as plain text. Comparatively complex encryption and, decryption also of the data traffic from and-to the central processing unit (CPU), a peripheral unit or an arithmetic and logic unit (ALU) or of the cache are not recommended-, since this would significantly reduce the access speed to these units.
The object of the invention is to specify a microprocessor arrangement which has a higher level of security against covert observation of internal cycles.-
This object is achieved by a microprocessor arrangement which
functional comprises: a central processing unit-; a further unit; a memory
unit; a bus which connects the central processing unit, the functional further unit^and the memory to one another for the purpose of
interchanging data; a respective first encryption unit* associated with the units, which is connected between the bus and the associated unit and comprises a means for providing a key and a combinational logic element which is connected between the bus and the associated unit, the key being the same for the units and being alterable; a second encryption unit which is associated with the memory unit and comprises a means for providing a further key, and also a combinational logic element which is connected between the means for providing the key for the associated first encryption unit and the combinational logic element for the associated first encryption unit.

-3-
In the microprocessor arrangement in accordance with the invention, each functional unit connected to the bus is provided with an encryption device which is of relatively simple design. This comprises a means for providing a key, fot example a register, and also a combinational logic element, for example, an Exclusive^CR-gate*- The encryption- device is capable of both encrypting the data item which is output onto the bus by the functional unit and decrypting a data item which is to be received. The encryption device is of simple design and therefore results in no significant delay during data transfer.
Expediently, the key stored in the register is altered from time to time. The key is updated preferably with every operating clock cycle. So that a data value which is output onto the bus by a functional unit and is encrypted can be decrypted again by another functional unit when the key changes, the key registers for each functional unit need to contain the same key for affiliated read and write operations. To this end, the key is expediently generated by a key generator which forwards the same key to all the key registers in sync with the clock. Preferably, the key is generated under random control. Despite the simple encryption and decryption which barely takes, up any delay time, the random provision of various keywords provides adequate security against tapping-off and covert observation of the data traffic.
To prevent a memory connected to the bus, for example a cache, a buffer or a translation lookaside buffer, from storing the information as plain text, additional encryption and decryption are required. To this end, a further encryption unit is provided which again comprises a means for providing the key, for example a further key register, and also a combinational logic element, for example an Exclusive-OR-gate.

-4-
A fundamental aspect is that the combinational logic element for the further encryption unit is arranged between the combinational logic element for the first encryption unit and the latter's key register. This has the advantage that all the bus sections, particularly those between the combinational logic element for the first encryption unit/ which is arranged between the bus and the memory, and the memory, carry only encrypted data.
The key register for the second encryption unit is fed by a further key generator. Expediently, this key is also altered from time to time.- In this caser it is necessary to ensure that data buffered in the memory in encrypted form are read again using the same key. The key for said key register is therefore updated only when the memory no longer contains any valid information. This is the case, for example, when the memory is completely empty or when the memory is reinitialized* This is done,- for example/ when the microprocessor arrangement has terminated an application and starts a hew application. In the event of such an application change^ it is no longer necessary to change the memory content for security reasons, since the change of key means that a new application can no longer use the data content still held in the memory anyway.-
In one refinement of the invention, the encxyption units comprise only Exclusive-OR-gates and associated key registers for each functiona-l~unit connected to the bus* The circuit complexity is relatively low. The key generators each need to be provided only in simple form. The additional computation complexity is relatively low by comparison with the security obtained against covert observation of the data traffic.

-5-
The invention is explained in more detail below with reference to the exemplary embodiment shown in the drawing.
The figure shown in the drawing shows a block diagram of a microcontroller for security applications in accordance with the invention. The microcontroller comprises a number of components: a central processing unit (CPU) 1, which handles control of the data traffic; a memory 2, which permanently stores data and programs which are to be executed; a peripheral unit 3, which implements data traffic to external circuits arranged outside the microcontroller; a buffer 5, which buffers data. Connections shown in bold comprise a plurality of lines.
The nonvolatile memory 2 comprises a decryption device 21 which performs very good encryption with a relatively long key length. However, decryption requires a relatively long computation time and is of corresponding complexity in terms of circuitry. Data to be read from the memory 2 are therefore temporarily buffered in the memory 5, which can be accessed much faster. The memory 5 is a "cache". The functional units mentioned are connected to one another by means of a bus 6 which comprises a multiplicity of data and control lines.
Arranged between the bus 6 and each of the functional units is an encryption unit, for example the units 12, 32 and 52. The encryption unit encrypts the data traffic which is output onto the bus 6 by the functional unit, and decrypts the data traffic received.
The encryption units for the functional units 1, 2 and 3 are of identical design. By way of example, the encryption unit 12 associated with the CPU 1 comprises a key register 1.0 s&or^g. a keyword. An Exclusive-OR-gate 11 is connected in the data

-6-
path between CPU 1 and bus 6. In addition, the gate 11 is also supplied with the key Kl from the key register 10. By logically combining the data value received from the bus 6 with the keyword Kl, the data item Tl received from the bus 6 in encrypted form is converted into plain text T. The line from the Exclusive-GR-gate to the GPU 1 cannot generally be readily tapped, since the CPU 1 has an irregular structure. When the CPU 1 outputs a data value T onto the bus 6, this plain text data value is logically combined in the Exclusive-OR-gate 11 with a key provided by the key register 10 and is provided on the bus as a data value Tl. Another unit, for example a peripheral unit 3, receives the encrypted data item Tl and decrypts it in complementary fashion.
The key Kl used for encryption in the unit 12 is altered cyclically. The key is provided by a key generator 61 which generates the keyword randomly* With every clock cycle provi~del3 by a clock generator 62, the keyword Kl changes. It is fundamental that a key Kl u~se~c? for encrypting a data value which is output upstream of the GPU 1 is likewise available on the other encryption units for decrypting the same data value. To this end, all the key registers associated with the respective functional units are connected to the random number generator 61 and to the clock generator 62 in parallel. As a result, by way of example, a data value T delivered by the CPU 1 is output onto the bus as data value Tl in encrypted form and is decrypted using the same key Kl on the peripheral unit 3, where it is provided as the same data item T in plain text. The randomly controlled updating of the key achieves a high level of security against a decryption attempt on the data item transferred via the bus.
Connected upstream of the cache 5 is an encryption device 52 corresponding to the encryption devices 12 and 32. The

-7-
encryption device 52 comprises a key register 50 which is connected to the clock generator 62 and to the random number generator 61 in the same way* and also an Exclusive-OR-gate 51, which is connected in the data path between the bus 6 and the cache 5. With no other measures, the data traffic running between the gate 51 and the cache 5 would be available as plain text; in addition, the data would be stored in the cache 5 as plain text.
To provide additional encryption for the data stored in the cache 5, a further encryption unit 53 is provided which is combined with the encryption unit 52 in order to re-encrypt the data decrypted by the encryption device 52 using the key Kl. The further encryption device 53 comprises a key register 54 and also an Exclusive-OR-gate 55. The Exclusive-OR-gate 55 is connected between the key register 50 and the Exclusive-OR-gate 51. The Exclusive-OR-gate 55 logically combines the keys from the registers 50 and 54 with one anotheri The effect of this is that the data stream T2 delivered to the cache 5 by the Exclusive-OR-gate 51 is in encrypted form.
Correspondingly, the data T2 read from the cache 5 are decrypted again using the keyword K2 stored in the key register 54 and are encrypted for output onto the data bus 6 using the current alterable key Kl stored in the key register 50.
While the cache 5 stores valid data which need to be read to the bus again for further processing, the keyword K2 provided by the key register 54 must continue to remain the same* The keyword K2 is generated by a further key generator 63. Expediently, the key K2 is changed when the cache 5 no longer contains any valid data. The key is again updated on the basis of a random pattern, so that sufficient security is ensured

-8-
against unscrambling of the data which are stored in the memory and are transferred via the bus section between the gate 51 and the memory 5.-
It is recommended that the key K2 be changed when the cache 5 is emptied on the basis of a cache flush. Such an operation is performed by way of example/ when the application processed by the microprocessor arrangement changes. With a cache flush, all the data values in the cache are reset to a prescribed value In principle, it is also possible to dispense with resetting the memory content, since the memory content can no longer be decrypted anyway when there is a change of key.
The effect achieved by the invention is that all the data traffic running via the bus 6 and, in addition, the data buffered in the buffer are always in encrypted form and are not available as plain text. The use of Exclusive-OR-gates allows symmetrical encryption and decryption methods to be used, which require little circuit and computation complexity! The length of key is oriented toward the number of lines in the bus. It is possible for all the lines or only some of the lines to be encrypted. The key register is then correspondingly smaller. For every line, one bit of a keyword is used. With bus lines, both the data lines and the status and control lines of the bus can be encrypted* In principle, it is also possible to encrypt single security-related signal lines in microprocessor arrangements or other circuits with appropriate use of the measures described above % As a random source for the key generators 61 and 63, a physical source is particularly suitable. If the security requirement is less, the key can also be generated by a pseudo random number generator. The key generators can be in the form of linear feedback shift registers (LFSR). The key can be updated by the clock generator 62 with every clock cycle for the bus 6 or not

-9-
until a particular number of clock cycles have elapsed. Suitable choice of the parameters sets a desired degree of security.

10
WE CLAIM
1. A microprocessor with random cyclic encryption and decryption comprising of a central processing unit (1), a functional unit (2,3), a memory cache (5) for storing information, a bus (6) which connects the central processing unit (1), the functional unit (2,3) and the memory cache (5) to one another for the purpose of interchanging data,
a respective first encryption unit (12,32,52), associated with the units (1,2,3,5), which is connected between the bus (6) and the associated unit (1,2,3,5) and comprises a first storing means (10,50) for providing a key and a combinational logic element (11,51) which is connected between the bus (6) and the associated unit (1,2,3,5), the key being the same for the units and being alterable, a second encryption unit (53) which is associated with the memory cache (5) and comprises a second storing means (54) for providing a functional key, and also a combinational logic element (55) which is connected between the first means (54) for providing the key for the associated first encryption unit (50) and the combinational logic element (51) for the associated first encryption unit (52), characterized in that the encryption and decryption key is randomly changed in sync with a clock for greater security of data transfer.
2. The microprocessor as claimed in claim 1, wherein a generator (61) for the key is
provided, and in that the first storing means (10,50) for providing the key for the first
encryption units (12,32,52) comprise a register (10,50) whose output is connected to
the respective combinational logic element (11,51) and whose input side is connected to
the generator (61) for the key.
3. The microprocessor as claimed in claim 1 or 2, wherein the generator (61) is a
random number generator which can generate binary numbers randomly.
2.
4. The microprocessor as claimed in claim 3, wherein the first storing means (10,50)
can be controlled by a common clock generator (62).
5. The microprocessor as claimed in one of claims 1 to 4, wherein the second storing
means (54) for providing the further key for the second encryption unit (53) comprise a
register having its input connected to a second generator (63) for the further key, and in
that the combinational logic element (55) for the second encryption unit (53) is
connected by its inputs to the output of the register (54) for the second encryption unit
and to the register (50) for the associated first encryption unit (52), and by its output to
an input of the combinational logic unit (51) for the associated first encryption unit (52).
6. The microprocessor as claimed in one of claims 1 to 5, wherein the combinational
logic units (11,51,55) are Exclusive-OR-gates.
7. The microprocessor as claimed in one of the claims 1 to 6, wherein the memory
cache (5) is in the form of a volatile memory.
8. The microprocessor as claimed in one of claims 1 to 7, wherein the second
generator (63) for the further key can be controlled such that it can generate a new key
if the memory cache (5) has no valid memory content.
9. The microprocessor as claimed in claim 8, wherein the second generator (63) can
generate the further key after the memory unit (5) has been initialized.
10. The microprocessor as claimed in one of claims 1 to 9, wherein a further memory
(2) is provided, and in that the memory cache (5) can buffer data for the further
memory (2).
A microprocessor with random cyclic encryption and decryption comprising of a central processing unit (1), a functional unit (2,3), a memory cache (5) for storing information, a bus (6) which connects the central processing unit (1), the functional unit (2,3) and the memory cache (5) to one another for the purpose of interchanging data,
a respective first encryption unit (12,32,52), associated with the units (1,2,3,5), which is connected between the bus (6) and the associated unit (1,2,3,5) and comprises a first storing means (10,50) for providing a key and a combinational logic element (11,51) which is connected between the bus (6) and the associated unit (1,2,3,5), the key being the same for the units and being alterable,
a second encryption unit (53) which is associated with the memory cache (5) and comprises a second storing means (54) for providing a functional key, and also a combinational logic element (55) which is connected between the first means (54) for providing the key for the associated first encryption unit (50) and the combinational logic element (51) for the associated first encryption unit (52), characterized in that the encryption and decryption key is randomly changed in sync with a clock for greater security of data transfer.

Documents:

« Previous Patent

Next Patent »

Patent Number

200929

Indian Patent Application Number

IN/PCT/2002/00893/KOL

PG Journal Number

N/A

Publication Date

19-Jan-2007

Grant Date

19-Jan-2007

Date of Filing

03-Jul-2002

Name of Patentee

INFINEON TECHNOLOGIES AG

Applicant Address

ST. MARTIN STRASSE 53, B 1669 MUNCHEN

Inventors:

#	Inventor's Name	Inventor's Address
1	GAMMEL BERNDT	DR. BRENNER-STR. 16, 85570 MARKT SCHWABEN,
2	KNIFFLER, OLIVER,	WEDDIGENSTRASSE 1,81737,MUNCHYEN
3	SEDLAK, HOLGER,	NEUMUNSTER 10A,85658 EGMATING,

PCT International Classification Number

G09 F 7/10;G11C 7/24

PCT International Application Number

PCT/DE00/04448

PCT International Filing date

2000-12-14

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	00100955.4	2000-01-18	EUROPEAN UNION