Secure dynamic on chip key programming
First Claim
1. A method for provisioning integrated circuits with confidential data, the method comprising:
- embedding, by the manufacturer, a customer identifier during manufacture of each integrated circuit, wherein the integrated circuits share the customer identifier;
deriving, by the manufacturer, for each integrated circuit, a transport key by applying a first key derivation function to the customer identifier and a master transport key;
sending, by the manufacturer, the transport key to a customer, whereby the customer encrypts confidential data with the transport key and lacks information required for derivation of transport key;
receiving, in each integrated circuit, the encrypted confidential data from the customer;
deriving, in each integrated circuit, transport key by applying the first key derivation function to the customer identifier and the master transport key;
decrypting, in each integrated circuit, the encrypted confidential data with the transport key to obtain decrypted confidential data;
deriving, in each integrated circuit, a unique product key by applying a second key derivation function to an integrated circuit identifier and the master transport key, wherein the integrated circuit identifier was previously stored in the integrated circuit and is unique for each integrated circuit;
encrypting, in each integrated circuit, the decrypted confidential data with the unique product key to obtain re-encrypted confidential data; and
storing the re-encrypted confidential data in a confidential data memory of each integrated circuit in an eFuse.
10 Assignments
0 Petitions
Accused Products
Abstract
Provisioning an integrated circuit with confidential data, by receiving in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key, deriving in the integrated circuit the transport key by applying a key derivation function to a customer identifier, the customer identifier having been previously stored in the integrated circuit, decrypting in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data, deriving in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier, the integrated circuit identifier having been previously stored in the integrated circuit, encrypting in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, and storing the re-encrypted confidential data in a confidential data memory of the integrated circuit.
29 Citations
12 Claims
-
1. A method for provisioning integrated circuits with confidential data, the method comprising:
-
embedding, by the manufacturer, a customer identifier during manufacture of each integrated circuit, wherein the integrated circuits share the customer identifier; deriving, by the manufacturer, for each integrated circuit, a transport key by applying a first key derivation function to the customer identifier and a master transport key; sending, by the manufacturer, the transport key to a customer, whereby the customer encrypts confidential data with the transport key and lacks information required for derivation of transport key; receiving, in each integrated circuit, the encrypted confidential data from the customer; deriving, in each integrated circuit, transport key by applying the first key derivation function to the customer identifier and the master transport key; decrypting, in each integrated circuit, the encrypted confidential data with the transport key to obtain decrypted confidential data; deriving, in each integrated circuit, a unique product key by applying a second key derivation function to an integrated circuit identifier and the master transport key, wherein the integrated circuit identifier was previously stored in the integrated circuit and is unique for each integrated circuit; encrypting, in each integrated circuit, the decrypted confidential data with the unique product key to obtain re-encrypted confidential data; and storing the re-encrypted confidential data in a confidential data memory of each integrated circuit in an eFuse. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for distributing confidential data comprising:
-
deriving, by a manufacturer, for each integrated circuit of a plurality of integrated circuits, a transport key by applying a key derivation function to a customer identifier and a master transport key, wherein the customer identifier was embedded by the manufacturer during manufacture of each integrated circuit and is shared by the plurality of integrated circuits; sending the transport key to a customer, whereby the customer encrypts confidential data with the transport key and lacks information required for derivation of the transport key, wherein the customer sends the encrypted confidential data to a programming facility; and at the programming facility, provisioning each integrated circuit with the encrypted confidential data, wherein the provisioning further comprises; receiving, in each integrated circuit, the encrypted confidential data; deriving, in each integrated circuit, the transport key by applying the first key derivation function to the customer identifier and the master transport key; decrypting, in each integrated circuit, the encrypted confidential data with the transport key to obtain decrypted confidential data; deriving, in each integrated circuit, a unique product key by applying a second key derivation function to an integrated circuit identifier and the master transport key, wherein the integrated circuit identifier was previously stored in the integrated circuit and is unique for each integrated circuit; encrypting, in each integrated circuit, the decrypted confidential data with the unique product key to obtain re-encrypted confidential data; and storing the re-encrypted confidential data in a confidential data memory of each integrated circuit in an eFuse.
-
Specification