Controlling digital certificate use

US 10,003,467 B1
Filed: 03/30/2015
Issued: 06/19/2018
Est. Priority Date: 03/30/2015
Status: Active Grant

First Claim

Patent Images

1. A system-on-chip, comprising:

a processor; and

a fuse-based memory storing;

information for deriving a first public key associated with a first asymmetric key pair; and

one or more current certificate version numbers, each associated with a corresponding digital certificate;

wherein, in a secure boot process, the processor is configured to;

load a digital certificate that includes a loaded certificate version number associated with the digital certificate and a secondary public key associated with a second asymmetric key pair;

authenticate the loaded digital certificate using the first public key;

compare the loaded certificate version number with a corresponding current certificate version number in the fuse-based memory, wherein the loaded certificate version number being equal to or higher than the corresponding current certificate version number indicates that the loaded digital certificate is a trusted certificate; and

determine that the loaded digital certificate is a trusted certificate;

wherein the processor is further configured to replace a current certificate version number stored in the fuse-based memory with the loaded certificate version number associated with a trusted digital certificate, thereby preventing a digital certificate with an older certificate version number from being determined as a trusted certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current certificate version indicators, each associated with a corresponding digital certificate, and the version indicator is used by the processor to determine the trust of the corresponding digital certificate.

65 Citations

View as Search Results

20 Claims

1. A system-on-chip, comprising:
- a processor; and
  
  a fuse-based memory storing;
  
  information for deriving a first public key associated with a first asymmetric key pair; and
  
  one or more current certificate version numbers, each associated with a corresponding digital certificate;
  
  wherein, in a secure boot process, the processor is configured to;
  
  load a digital certificate that includes a loaded certificate version number associated with the digital certificate and a secondary public key associated with a second asymmetric key pair;
  
  authenticate the loaded digital certificate using the first public key;
  
  compare the loaded certificate version number with a corresponding current certificate version number in the fuse-based memory, wherein the loaded certificate version number being equal to or higher than the corresponding current certificate version number indicates that the loaded digital certificate is a trusted certificate; and
  
  determine that the loaded digital certificate is a trusted certificate;
  
  wherein the processor is further configured to replace a current certificate version number stored in the fuse-based memory with the loaded certificate version number associated with a trusted digital certificate, thereby preventing a digital certificate with an older certificate version number from being determined as a trusted certificate.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system-on-chip of claim 1, wherein, in the case that the loaded certificate version number is higher than the current certificate version number, the processor is further configured to update the corresponding current certificate version number in the fuse-based memory with the loaded version number.
  - 3. The system-on-chip of claim 1, wherein the fuse-based memory also stores one or more current key version numbers, each associated with a corresponding secondary public key;
    - andwherein, after determining the loaded digital certificate to be a trusted certificate, the processor is further configured to;
      
      compare a key version number associated with the secondary public key of the loaded digital certificate with a corresponding current key version number in the fuse-based memory;
      
      in the case that the key version number is lower than the corresponding current key version number, determine that the secondary public key is not a trusted public key; and
      
      in the case that the key version number is equal to or higher than the corresponding current key version number, determine that the secondary public key is a trusted public key.
  - 4. The system-on-chip of claim 3, wherein the processor is further configured to, in the case that the key version number is higher than the current key version number, update the corresponding current key version number in the fuse-based memory to indicate the key version number of the secondary public key.
  - 5. The system-on-chip of claim 1, wherein the processor is further configured to, in the case that the loaded certificate version number is higher than the current certificate version number, update the corresponding current certificate version number in the fuse-based memory with the loaded certificate version number, in response to a command from a trusted entity.

6. A computing device, comprising:
- a processor;
  
  a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating a digital certificate; and
  
  a second memory for storing one or more current certificate version indicators, each associated with a corresponding digital certificate, wherein the one or more current certificate version indicators are used by the processor to determine the trust of the corresponding digital certificate;
  
  wherein the processor is further configured to;
  
  receive and authenticate a new trusted digital certificate to replace an old digital certificate that has been compromised; and
  
  replace a current certificate version indicator stored in the second memory with a certificate version indicator of the new trusted digital certificate, thereby preventing a digital certificate with an older certificate version number from being determined as a trusted certificate.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 7. The computing device of claim 6, wherein the processor is configured to:
    - load a digital certificate having a loaded certificate version indicator;
      
      authenticate the loaded digital certificate using the first public key;
      
      compare the loaded certificate version indicator with a corresponding current certificate version indicator in the second memory;
      
      in the case that the loaded certificate version indicator is lower than the current certificate version indicator, determine that the loaded digital certificate is not a trusted certificate; and
      
      in the case that the loaded certificate version indicator is equal to or higher than the current certificate version indicator, determine that the loaded digital certificate is a trusted certificate.
  - 8. The computing device of claim 7, wherein the processor is further configured to, in the case that the loaded certificate version indicator is higher than the current certificate version indicator, update the corresponding current certificate version indicator in the second memory with the loaded certificate version indicator.
  - 9. The computing device of claim 7, wherein the second memory is further configured to store one or more current key version indicators, each associated with a corresponding current secondary public key;
    - andwherein the processor is further configured to, after determining the loaded digital certificate to be a trusted certificate;
      
      compare a version indicator for a secondary public key provided by the loaded digital certificate with a corresponding current key version indicator stored in the persistent memory;
      
      in the case that the version indicator for the secondary public key is lower than the current key version indicator, determine that the secondary public key is not a trusted public key; and
      
      in the case that the version indicator for the secondary public key is equal to or higher than the current key version indicator, determine that the secondary public key is a trusted public key.
  - 10. The computing device of claim 9, wherein the processor is further configured to, in the case that the version indicator for the secondary public key is higher than the current key version indicator, update the corresponding current key version indicator in the persistent memory to indicate the version indicator for the secondary public key.
  - 11. The computing device of claim 7, wherein the processor is further configured to, in the case that the loaded certificate version indicator is higher than the current certificate version indicator, update the corresponding current certificate version indicator in the persistent memory with the loaded certificate version indicator, in response to a command from a trusted entity.
  - 12. The computing device of claim 6, wherein, in the case that the loaded certificate version indicator is higher than the current certificate version indicator, the processor is further configured to update the corresponding current certificate version indicator in the second memory with the loaded certificate version indicator, in response to a command from a trusted entity.
  - 13. The computing device of claim 6, wherein the information about the first public key comprises a symmetric key configured for decrypting an encrypted version of the first public key.
  - 14. The computing device of claim 6, wherein the information about the first public key comprises prime numbers for deriving the first public key.
  - 15. The computing device of claim 6, wherein the persistent memory is a fuse-based memory or a system boot ROM (read only memory).
  - 16. The computing device of claim 6, wherein the second memory is a fuse-based memory or is an electrically erasable programmable non-volatile memory.

17. A method for generating a digital certificate for a computing device, the computing device having a first public key associated with a first asymmetric key pair for authenticating a digital certificate, the method comprising:
- generating a second public key associated with a second asymmetric key pair and a corresponding key version number;
  
  generating a digital certificate including a certificate version number and the first public key, the generated digital certificate further including the second public key and the corresponding key version number associated with the second public key;
  
  signing the generated digital certificate; and
  
  sending the generated digital certificate to the computing device, wherein the computing device is configured to;
  
  authenticate the generated digital certificate using the first public key and the certificate version number;
  
  extract the second public key and the key version number from the generated digital certificate; and
  
  authenticate the second public key using the corresponding key version number associated with the second public key.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein signing the generated digital certificate comprises:
    - using a hash algorithm to generate a message digest of at least a portion of the generated digital certificate;
      
      encrypting the message digest using a first private key associated with the first asymmetric key pair; and
      
      including the encrypted message digest in the generated digital certificate.
  - 19. The method of claim 17, wherein the certificate version number associated with the generated digital certificate is higher than a certificate version number sent previously to the computing device.
  - 20. The method of claim 17, wherein the key version number associated with the secondary public key is higher than a public key version number sent previously to the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Miller, Derek Del, Potlapally, Nachiketh Rao, Patel, Rahul Gautam
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US14/673,570
Time in Patent Office

1,177 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

H04L 9/0877   using additional device, e....

H04L 9/0891   Revocation or update of sec...

H04L 9/3268   using certificate validatio...

Controlling digital certificate use

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling digital certificate use

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links