Search

US-12625928-B2 - Device and a method for performing a cryptographic algorithm

US12625928B2US 12625928 B2US12625928 B2US 12625928B2US-12625928-B2

Abstract

A device and a method for performing a cryptographic algorithm is described herein.. A method performed by a device, the device comprising a first processor and a processing module, the method comprising: obtaining, by the first processor, first data, comprising a representation of computer program code that embodies a cryptographic algorithm; obtaining, by the first processor, second data; receiving, by the first processor, a request for a first mechanism to be performed, the request comprising: information identifying the first mechanism; information identifying the first data as corresponding to a program; and information identifying the second data as corresponding to an input; transmitting, by the first processor, to the processing module, a second request for the first mechanism to be performed, the second request comprising: information identifying the first mechanism; information identifying the first data as corresponding to the program; and information identifying the second data as corresponding to the input; and executing, by the processing module, the program represented in the first data taking the second data as the input.

Inventors

  • David John Gerard SWARBRICK

Assignees

  • NCIPHER SECURITY LIMITED

Dates

Publication Date
20260512
Application Date
20230206
Priority Date
20220207

Claims (20)

  1. 1 . A method performed by a device, the device comprising a first processor and a processing module, wherein the processing module comprises a further processor implementing a first instruction set architecture, the first instruction set architecture comprising machine code instructions, the method comprising: obtaining, by the first processor, first data, comprising a representation of computer program code that embodies a cryptographic algorithm; obtaining, by the first processor, second data; receiving, by the first processor, a request for a first mechanism to be performed, the request comprising: information identifying the first mechanism; information identifying the first data as corresponding to a program; and information identifying the second data as corresponding to an input; transmitting, by the first processor, to the processing module, a second request for the first mechanism to be performed, the second request comprising: information identifying the first mechanism; information identifying the first data as corresponding to the program; and information identifying the second data as corresponding to the input; and executing, by the processing module, the program represented in the first data taking the second data as the input, wherein the processing module further comprises: an instruction memory configured to store the machine code instructions; and a masking component comprising a first input and a second input, wherein the first input of the masking component is coupled to an output of the instruction memory and the second input of the masking component is configured to receive an indication that the program is being executed, and wherein the masking component, in response to receiving the indication that the program is being executed, is configured to mask the machine code instructions from the first instruction set architecture that are not part of a subset of approved machine code instructions.
  2. 2 . The method according to claim 1 , wherein a first set of basic instructions supported by the further processor comprises assembly instructions for use by a user-defined program, and wherein the assembly instructions in the first set of basic instructions are implemented using the subset of approved machine code instructions in the first instruction set architecture that are approved for use in user-defined algorithms.
  3. 3 . The method according to claim 2 , wherein the first set of basic instructions are provided for use in an unrestricted way in the program.
  4. 4 . The method according to claim 2 , wherein the processing module comprises a plurality of hardware circuits, and each machine code instruction in the subset of approved machine code instructions is associated with a hardware circuit in the plurality of hardware circuits.
  5. 5 . The method according to claim 2 , further comprising: performing the first mechanism by which the program is executed.
  6. 6 . The method according to claim 1 , wherein the first data comprises the representation of the computer program code in an assembly language, and wherein: the assembly language comprises a first set of basic instructions; and each instruction in the first set of basic instructions is associated with a machine code instruction from the subset of approved machine code instructions.
  7. 7 . The method according to claim 6 , wherein the assembly language comprises an instruction comprising an indication of a first cryptographic mechanism, wherein the first cryptographic mechanism is associated with a first set of one or more machine code instructions in the first instruction set architecture.
  8. 8 . The method according to claim 1 , wherein the masking component comprises a third input, the third input configured to receive an indication that a first cryptographic mechanism associated with a first set of one or more machine code instructions in the first instruction set architecture is being used, and wherein the masking component is configured to mask the machine code instructions from the first instruction set architecture that are not part of either: 1) the subset of approved machine code instructions; or 2) the first set of one or more machine code instructions, in response to receiving the indication that the program is being executed and the first cryptographic mechanism is being used.
  9. 9 . The method according to claim 1 , further comprising: performing a first determination comprising: determining whether a first policy associated with the second data permits the second data to be used with the program represented in the first data; and determining whether a further policy associated with the computer program code permits the computer program code to be used with the second data.
  10. 10 . The method according to claim 9 , wherein the first determination further comprises determining whether the first policy permits the second data to be used in the first mechanism.
  11. 11 . The method according to claim 1 , wherein the device is a hardware security module.
  12. 12 . The method according to claim 1 , wherein obtaining the first data comprises receiving the representation of the computer program code from a client device.
  13. 13 . A non-transitory computer readable medium comprising computer readable code configured to cause a computer device to perform process of method, the computer device comprising a first processor and a processing module, wherein the processing module comprises a further processor implementing a first instruction set architecture, the first instruction set architecture comprising machine code instructions, comprising: obtaining, by the first processor, first data, comprising a representation of computer program code that embodies a cryptographic algorithm; obtaining, by the first processor, second data; receiving, by the first processor, a request for a first mechanism to be performed, the request comprising: information identifying the first mechanism; information identifying the first data as corresponding to a program; and information identifying the second data as corresponding to an input; transmitting, by the first processor, to the processing module, a second request for the first mechanism to be performed, the second request comprising: information identifying the first mechanism; information identifying the first data as corresponding to the program; and information identifying the second data as corresponding to the input; and executing, by the processing module, the program represented in the first data taking the second data as the input, wherein the processing module further comprises: an instruction memory configured to store the machine code instructions; and a masking component, being implemented in a hardware, comprising a first input and a second input, wherein the first input of the masking component is coupled to an output of the instruction memory and the second input of the masking component is configured to receive an indication that the program is being executed, and wherein the masking component, in response to receiving the indication that the program is being executed, is configured to mask the machine code instructions from the first instruction set architecture that are not part of a subset of approved machine code instructions.
  14. 14 . The non-transitory computer readable medium according to claim 13 , wherein the computer device is a hardware security module.
  15. 15 . The non-transitory computer readable medium according to claim 13 , wherein the first data comprises the representation of the computer program code in an assembly language, and wherein: the assembly language comprises a first set of basic instructions; and each instruction in the first set of basic instructions is associated with a machine code instruction from the subset of approved machine code instructions, and wherein the first set of basic instructions are provided for use in an unrestricted way in the program.
  16. 16 . The non-transitory computer readable medium according to claim 13 , wherein a first set of basic instructions supported by the further processor comprises assembly instructions for use by a user-defined program, and wherein the assembly instructions in the first set of basic instructions are implemented using the subset of approved machine code instructions in the first instruction set architecture that are approved for use in user-defined algorithms, and wherein the first set of basic instructions are provided for use in an unrestricted way in the program.
  17. 17 . A device comprising: a first processor; and a processing module, wherein the processing module comprises a further processor implementing a first instruction set architecture, the first instruction set architecture comprising machine code instructions; the first processor being configured to: obtain first data, comprising a representation of computer program code that embodies a cryptographic algorithm; obtain second data; receive a request for a first mechanism to be performed, the request comprising information identifying the first mechanism, information identifying the first data as corresponding to a program, and information identifying the second data as corresponding to an input; and transmit to the processing module a second request for the first mechanism to be performed, the second request comprising information identifying the first mechanism, information identifying the first data as corresponding to the program, and information identifying the second data as corresponding to the input; the processing module being configured to: execute the program represented in the first data taking the second data as the input, wherein the processing module further comprises: an instruction memory configured to store the machine code instructions; and a masking component, being implemented in a hardware, comprising a first input and a second input, wherein the first input of the masking component is coupled to an output of the instruction memory and the second input of the masking component is configured to receive an indication that the program is being executed, and wherein the masking component, in response to receiving the indication that the program is being executed, is configured to mask the machine code instructions from the first instruction set architecture that are not part of a subset of approved machine code instructions.
  18. 18 . The device according to claim 17 , wherein the device is a hardware security module.
  19. 19 . The device according to claim 17 , wherein a first set of basic instructions supported by the further processor comprises assembly instructions for use by a user-defined program, and wherein the assembly instructions in the first set of basic instructions are implemented using the subset of approved machine code instructions in the first instruction set architecture that are approved for use in user-defined algorithms, and wherein the first set of basic instructions are provided for use in an unrestricted way in the program.
  20. 20 . The device according to claim 17 , wherein the first data comprises the representation of the computer program code in an assembly language, and wherein: the assembly language comprises a first set of basic instructions; and each instruction in the first set of basic instructions is associated with a machine code instruction from the subset of approved machine code instructions, and wherein the first set of basic instructions are provided for use in an unrestricted way in the program.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The present application is a National Stage Filing of PCT International Application No. PCT/GB2023/050261 filed on Feb. 6, 2023, which claims priority to European application No. 22275013.5, filed with the European Patent Office on Feb. 7, 2022, which applications are incorporated herein by reference in their entirety. FIELD The present invention relates to a device and a method for performing a cryptographic algorithm. In particular, wherein the method is performed by a device comprising a first processor and a processing module. BACKGROUND Various devices may be used to perform cryptographic algorithms. For example, a Hardware Security Module (HSM) is a device that securely stores and manages cryptographic keys, and performs a set of cryptographic algorithms. A HSM may comprise both physical and non-physical properties that provide security. Non-physical security properties can include the use of encryption, i.e. the inclusion in the device of software or a physical component to perform encryption of the stored data. Physical security properties can include tamper switches triggered by physical access, and a tamper proof membrane surrounding the physical boundary of the device for example. The set of algorithms supported by the HSM may be defined by a trusted party. For example, computer program code embodying the algorithms can be embedded in the HSM when manufactured by the trusted party, or can be provided by the trusted party as a whole or in part after manufacture, in the form of a download, an update, or plug-in. To add a new cryptographic algorithm to the set of algorithms supported by the HSM device, the trusted party may define an interface to the new algorithm and translate the specification of the algorithm into executable code. An upgrade procedure is then carried out at the HSM by the trusted party, such that the new code is stored on the HSM. This upgrade procedure interrupts service from the HSM. BRIEF DESCRIPTION OF THE FIGURES Devices and methods in accordance with non-limiting embodiments will now be described with reference to the accompanying figures in which: FIG. 1 is a schematic illustration of a Hardware Security Module (HSM) device 21 in accordance with an example; FIG. 2 shows an example key wrapping algorithm, in which a first input key is encrypted under a second input key; FIG. 3 is a schematic illustration of a Hardware Security Module (HSM) device 31 according to an embodiment; FIG. 4A shows a crypto co-processor 353 according to an example; FIG. 4B shows a cryptographic engine according to an example; FIG. 4C shows a mapping between the custom assembly language and the machine code instructions according to an example; FIG. 4D shows a method performed by the HSM 31 according to an example; FIG. 4E shows a masking mechanism according to an example; FIG. 4F shows opcodes associated with the first Instruction Set Architecture (ISA) according to an example; FIG. 4G shows an example method performed by the masking component according to an example; FIG. 4H shows an implementation of the masking component according to an example; FIG. 4I shows a logic truth table for an implementation of the first mask according to an example; FIG. 4J shows an example implementation of the first mask according to an example; FIG. 5A shows a first part of a method for performing the first mechanism according to an example; FIG. 5B shows a second part of the method for performing the first mechanism according to an example; FIG. 6 shows the inputs for programmable key derivation according to an example; FIG. 7 shows a method of obtaining, by the CPU 303, the inputs used for a method according to an example; FIG. 8 shows a method of generating a program key according to an example; FIG. 9 shows an example of a “Cmd DeriveKey” command 901 according to an example; FIG. 10 shows a schematic illustration of a computer implemented method performed by the second processor 401, of the HSM 31 in accordance with an embodiment; FIG. 11 shows an illustration of the constraints in the Access Control Lists (ACL) according to an example; FIG. 12A shows a first implementation of the system according to an example; FIG. 12B shows a second implementation of the system according to an example; FIG. 13 shows an illustration of the method performed by the HSM 31 according to an example; FIG. 14 shows a process for generating the HSM firmware according to an example; FIG. 15A shows a process for generating the translator 87; FIG. 15B shows a deserialization process according to an example; FIG. 16A shows a schematic illustration of an example Field Programmable Gate Array (FPGA), which can be included in a HSM device according to an embodiment; FIG. 16B shows a schematic illustration of a SOC Field Programmable Gate Array (FPGA), which may be included in a HSM device according to an alternative embodiment; FIG. 17 is a schematic illustration of a plan view of a HSM device accordin