Secure feature and key management in integrated circuits

US 10,084,771 B2
Filed: 09/30/2015
Issued: 09/25/2018
Est. Priority Date: 08/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a root authority system, data identifying a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit, a command template that designates content, form, or both of a delegate signing block (DSB) for a delegate authority system, and delegate permissions associated with the delegate authority system;

signing, by the root authority system, the command using a root authority key to create a root signed block (RSB), the RSB comprising a signature signed by the root authority key, a delegate public key associated with the delegate authority system, and the data identifying the command, the command template, and the delegate permissions; and

providing the RSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the RSB being verified by the security manager core, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Citations

15 Claims

1. A method comprising:
- receiving, by a root authority system, data identifying a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit, a command template that designates content, form, or both of a delegate signing block (DSB) for a delegate authority system, and delegate permissions associated with the delegate authority system;
  
  signing, by the root authority system, the command using a root authority key to create a root signed block (RSB), the RSB comprising a signature signed by the root authority key, a delegate public key associated with the delegate authority system, and the data identifying the command, the command template, and the delegate permissions; and
  
  providing the RSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the RSB being verified by the security manager core, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the RSB is provided to the security manager core via a tester interface of the integrated circuit.
  - 3. The method of claim 1 wherein the command instructs the security manager core to update a state of the hardware feature of the integrated circuit, wherein the update to the hardware feature is persistent or non-persistent.
  - 4. The method of claim 1 wherein the command is to deliver one or more keys to components of the integrated circuit, wherein the keys pertain to at least one of:
    - encryption operations of the components, digital rights management operations of the components, password management operations of the components, or authentication operations of the components.
  - 5. The method of claim 1 wherein the command is to store one or more hardware constants within the integrated circuit, the hardware constants comprising at least one of:
    - a product chip identifier, one or more security keys, one or more base keys, or error correction data.

6. A method comprising:
- receiving, by a root authority system, input parameters indicating a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit;
  
  creating, by the root authority system, a root signed block (RSB) comprising a signature signed by a root authority key associated with the root authority system, the command, a delegate public key and delegate permissions associated with a delegate authority system, and a command template that designates content, form, or both of a delegate signing block (DSB) to be created by the delegate authority system; and
  
  providing the RSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the RSB being verified by the security manager core and a signature of the DSB being verified by the security manager core using the delegate public key provided in the RSB, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6 wherein the delegate permissions define management capabilities of the delegate authority system over the security manager core.
  - 8. The method of claim 6 wherein the RSB further comprises a command template associated with the command.
  - 9. The method of claim 6 wherein the RSB further comprises one or more requirements for a delegate authority signature.
  - 10. The method of claim 6 further comprising delivering the RSB to the delegate authority system.

11. A method comprising:
- receiving, by a delegate authority system, input parameters including a command that, when executed by a security manager core of an integrated circuit, enables the security manager core to update a functionality of a hardware feature of the integrated circuit, and a command template that designates content, form, or both of a delegate signing block (DSB) to be created by the delegate authority system, wherein the input parameters are received as part of a root signed block (RSB) signed by a root private key associated with a root authority system, the RSB comprising a signature of the command template;
  
  verifying, by the delegate authority system, the signature of the command template with a root public key associated with the root authority system;
  
  signing, by the delegate authority system, the input parameters to create a delegate signed block (DSB) in response to the signature of the command template being verified, the DSB comprising a signature signed by a delegate private key associated with the delegate authority system, and the command; and
  
  providing the DSB to the security manager core of the integrated circuit, wherein the command, in response to the signature of the DSB being verified by the security manager core, is executed by the security manager core to enable the security manager core to update the functionality of the hardware feature.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11 wherein the input parameters are received as part of a root signed block (RSB) provided by a root authority system.
  - 13. The method of claim 12 wherein the DSB is associated with the RSB, the RSB being provided to the security manager core.
  - 14. The method of claim 12 wherein the RSB comprises one or more of:
    - delegate permissions associated with the delegate authority system, a public key associated with the delegate authority system, a command template associated with the command, or requirements for a delegate authority signature.
  - 15. The method of claim 14 wherein the delegate permissions define management capabilities of the delegate authority system over the security manager core.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptography Research, Inc. (Rambus Inc.)
Original Assignee
Cryptography Research, Inc. (Rambus Inc.)
Inventors
Kocher, Paul Carl, Jun, Benjamin Che-Ming, Leiserson, Andrew John
Primary Examiner(s)
Kim, Tae K

Application Number

US14/871,951
Publication Number

US 20160028722A1
Time in Patent Office

1,091 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 21/71   to assure secure computing ...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 9/083   involving central third par...

H04L 9/0897   involving additional device...

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

H04W 12/04   Key management, e.g. using ...

H04W 12/041   Key generation or derivation

Secure feature and key management in integrated circuits

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Secure feature and key management in integrated circuits

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links