Microprocessor atomic secure encrypt and send instruction
Inventors
Assignees
United States Department of the Air Force
Publication Number
US-11487887-B2
Publication Date
2022-11-01
Expiration Date
2040-01-22
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
Various embodiments of the disclosed subject matter provide systems, methods, architectures, mechanisms, apparatus, computer implemented method and/or frameworks configured for guaranteeing that a payload portion of every data packet provided to a secure/encrypted output port of a processor such as a microprocessor is encrypted.
Core Innovation
The invention provides systems, methods, and apparatus configured to guarantee that the payload portion of every data packet sent to a secure/encrypted output port of a microprocessor is encrypted. Specifically, the invention introduces an atomic output instruction, termed Atomic Encrypt And Send (AEAS), which receives header and payload data of an output packet, encrypts the payload data, and sends the resulting packet with the encrypted payload to a designated output port.
This approach addresses the difficulty of ensuring software and hardware in a microprocessor system can definitively protect critical information during processing. It guarantees that data transmitted via secure output ports is always encrypted, either by only allowing the AEAS instruction to be used for output or by configuring the microprocessor to exclude instructions capable of sending unencrypted payloads to secure ports.
The invention further contemplates modifications to the instruction set architecture (ISA) of microprocessors, either as a reduced instruction set lacking instructions supporting compile-time unresolvable port addressing or non-encrypting output, or as a full instruction set microprocessor with a secure operating mode that inhibits execution of such instructions. Complementary compiler and software development system configurations verify or enforce that executable code will never send unencrypted payloads to secure output ports.
Claims Coverage
The patent includes multiple independent claims covering a method and a microprocessor configuration that guarantee encryption of data sent through secure output ports. The claims focus on modifications to instruction sets and operating modes to ensure compliance.
Modification of microprocessor instruction set to enforce encryption
The microprocessor instruction set is modified with the Atomic Encrypt And Send (AEAS) instruction to ensure the processor does not execute any instruction that permits compile-time unresolvable port addressing or data output to a secure port without encryption.
Reduced instruction set microprocessor configuration
A microprocessor configured as a reduced instruction set microprocessor whose instruction set architecture lacks any instructions allowing unencrypted data output to secure ports or compile-time unresolvable addressing.
Full instruction set microprocessor with invokable secure operating mode
A full instruction set microprocessor that enters a secure operating mode which inhibits execution of instructions supporting compile-time unresolvable port addressing or unencrypted data output to secure ports, triggered by signal levels, flags, signatures, commands, or secure device communication.
Secure operating mode activation mechanisms
The microprocessor enters secure mode in response to conditions including a microprocessor input signal, a secure mode program flag, compiled program signature, secure mode command, or indications of secure device communication.
Verification via compiler and instruction set restrictions
Use of compilers and instruction set architectures that restrict or lack instructions capable of sending unencrypted data to secure output ports, ensuring software cannot send unencrypted payloads to these ports.
The claims collectively cover novel microprocessor instruction set modifications and operating modes that ensure encryption of payload data sent out of secure output ports, coupled with compiler and verification methods to enforce this guarantee.
Stated Advantages
Guarantees that payload data sent to secure output ports is always encrypted, enhancing software and hardware security.
Simplifies verification and enforcement of software security by using an atomic encrypt and send instruction.
Enables software evaluation prior to execution to verify compliance with encryption requirements.
Supports multiple microprocessor configurations including reduced instruction sets and secure operating modes for flexible security enforcement.
Documented Applications
Use in microprocessors and microprocessor architectures to ensure data security when sending out packets through secure/encrypted output ports.
Implementation in software development systems and compilers to generate and verify code that prevents sending unencrypted data to secure output ports.
Support for systems requiring secure communication, enabling compliance with security protocols by ensuring encryption of all outbound payloads.
Interested in licensing this patent?