| US 7,543,159 B2 | ||
| Device and method with reduced information leakage | ||
| Michael Baentsch, Langnau am Albis (Switzerland); Peter Buhler, Horgen (Switzerland); Thomas Eirich, Waedenswil (Switzerland); Frank Hoering, Zurich (Switzerland); Marcus Oestreicher, Zurich (Switzerland); and Thomas D. Weigold, Thalwil (Switzerland) | ||
| Assigned to International Business Machines Corporation, Armonk, N.Y. (US) | ||
| Appl. No. 10/495,345 PCT Filed Nov. 05, 2002, PCT No. PCT/IB02/04620 § 371(c)(1), (2), (4) Date Nov. 03, 2004, PCT Pub. No. WO03/042799, PCT Pub. Date May 22, 2003. |
||
| Claims priority of application No. 01811093 (EP), filed on Nov. 14, 2001. | ||
| Prior Publication US 2006/0090081 A1, Apr. 27, 2006 | ||
| Int. Cl. G06F 12/14 (2006.01) | ||
| U.S. Cl. 713—193 [713/189; 713/194; 380/281] | 1 Claim |
| 1. A method of processing and executing an operation on a data-processing system comprising a processor, a first persistent
memory, a second persistent memory, an operating system, and a first cryptographic key stored in said second persistent memory,
the method comprising:
a writing step for writing first unencrypted information into said first persistent memory, wherein the first unencrypted
information is selected to comprise a second cryptographic key usable for decrypting second encrypted information for the
operation;
an encryption step for encrypting said first unencrypted information under use of said first cryptographic key, creating therefrom
first encrypted information in said first persistent memory;
an access-limitation step for setting the data-processing system to a state in which writing into said first persistent memory
is controlled by the operating system;
a decryption step for decrypting said first encrypted information under use of said first cryptographic key, thereby generating
therefrom the first unencrypted information; and
an execution step for executing the operation by said processor, using the first unencrypted information generated in the
decryption step; and
a scanning step for scanning the first persistent memory for cryptographic keys, the scanning step comprising walking memory
to seek an object type representing a cryptographic key; and
wherein the first persistent memory has a first level of power dissipation;
wherein the second persistent memory has a second level of power dissipation that is lower than said first level of power
dissipation; and
wherein the encryption step is configured to encrypt cryptographic keys recognized by the scanning step.
|