Secure feature and key management in integrated circuits
First Claim
Patent Images
1. A method comprising:
- receiving, by a root authority system, data identifying a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit, a command template that designates content, form, or both of a delegate signing block (DSB) for a delegate authority system, and delegate permissions associated with the delegate authority system;
signing, by the root authority system, the command using a root authority key to create a root signed block (RSB), the RSB comprising a signature signed by the root authority key, a delegate public key associated with the delegate authority system, and the data identifying the command, the command template, and the delegate permissions; and
providing the RSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the RSB being verified by the security manager core, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.
-
Citations
15 Claims
-
1. A method comprising:
-
receiving, by a root authority system, data identifying a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit, a command template that designates content, form, or both of a delegate signing block (DSB) for a delegate authority system, and delegate permissions associated with the delegate authority system; signing, by the root authority system, the command using a root authority key to create a root signed block (RSB), the RSB comprising a signature signed by the root authority key, a delegate public key associated with the delegate authority system, and the data identifying the command, the command template, and the delegate permissions; and providing the RSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the RSB being verified by the security manager core, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving, by a root authority system, input parameters indicating a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit; creating, by the root authority system, a root signed block (RSB) comprising a signature signed by a root authority key associated with the root authority system, the command, a delegate public key and delegate permissions associated with a delegate authority system, and a command template that designates content, form, or both of a delegate signing block (DSB) to be created by the delegate authority system; and providing the RSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the RSB being verified by the security manager core and a signature of the DSB being verified by the security manager core using the delegate public key provided in the RSB, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving, by a delegate authority system, input parameters including a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit, and a command template that designates content, form, or both of a delegate signing block (DSB) to be created by the delegate authority system, wherein the input parameters are received as part of a root signed block (RSB) signed by a root private key associated with a root authority system, the RSB comprising a signature of the command template; verifying, by the delegate authority system, the signature of the command template with a root public key associated with the root authority system; signing, by the delegate authority system, the input parameters to create a delegate signed block (DSB) in response to the signature of the command template being verified, the DSB comprising a signature signed by a delegate private key associated with the delegate authority system, and the command; and providing the DSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the DSB being verified by the security manager core, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature. - View Dependent Claims (12, 13, 14, 15)
-
Specification