Modules to securely provision an asset to a target device
First Claim
1. A method comprising:
- receiving, by an Appliance device at a first facility, a Module over a network from a Service device at a second facility, different from the first facility, wherein the Module is a first application that, when executed by the Appliance device, securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device;
receiving, by the Appliance device, a communication from a cryptographic manager (CM) client library of a tester device, wherein the communication comprises an argument from the CM client library;
in response to the communication, invoking the Module by the Appliance device to generate a Module sequence based on the argument; and
sending, by the Appliance device, the Module sequence to the CM client library, wherein a tester script of the tester device delivers the Module sequence to a CM Core of the target device to securely provision the data asset to the target device in the operation phase of the manufacturing lifecycle of the target device, wherein the target device is a monolithic integrated circuit that is not part of the Appliance device, wherein the CM core is configured to execute a set of commands to provide cryptographic control of the data asset when the target device is deployed in a product, wherein the set of commands to provide cryptographic control comprises at least one of feature activation of one or more features of the target device, configuration management of the target device, or secure key management of the target device.
1 Assignment
0 Petitions
Accused Products
Abstract
The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.
254 Citations
5 Claims
-
1. A method comprising:
-
receiving, by an Appliance device at a first facility, a Module over a network from a Service device at a second facility, different from the first facility, wherein the Module is a first application that, when executed by the Appliance device, securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device; receiving, by the Appliance device, a communication from a cryptographic manager (CM) client library of a tester device, wherein the communication comprises an argument from the CM client library; in response to the communication, invoking the Module by the Appliance device to generate a Module sequence based on the argument; and sending, by the Appliance device, the Module sequence to the CM client library, wherein a tester script of the tester device delivers the Module sequence to a CM Core of the target device to securely provision the data asset to the target device in the operation phase of the manufacturing lifecycle of the target device, wherein the target device is a monolithic integrated circuit that is not part of the Appliance device, wherein the CM core is configured to execute a set of commands to provide cryptographic control of the data asset when the target device is deployed in a product, wherein the set of commands to provide cryptographic control comprises at least one of feature activation of one or more features of the target device, configuration management of the target device, or secure key management of the target device. - View Dependent Claims (2, 3)
-
-
4. An Appliance device comprising:
-
a processor; a network interface coupled to the processor; and a tester device interface coupled to the processor, wherein the processor is operable to; receive a Module over the network interface from a Service device at a first facility, different from a second facility where the Appliance device is located, wherein the Module is a first application that, when executed by the Appliance device, securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device, wherein the target device is a monolithic integrated circuit that is not part of the Appliance device and the target device comprises a cryptographic manager (CM) core, the CM core is a hardware core configured to execute a set of commands to provide cryptographic control of the data asset when the target device is deployed in a product, wherein the set of commands to provide cryptographic control comprises at least one of feature activation of one or more features of the target device, configuration management of the target device, or secure key management of the target device; receive a communication over the tester device interface from a cryptographic manager (CM) client library of a tester device, wherein the communication comprises an argument from the CM client library; in response to the communication, invoke the Module to generate a Module sequence based on the argument; and send the Module sequence to the CM client library to be run by a test script of the tester device that delivers the Module sequence to the CM Core of the target device to securely provision the data asset to the target device in the operation phase of the manufacturing lifecycle of the target device. - View Dependent Claims (5)
-
Specification