Controlling use of encryption keys

US 10,116,645 B1
Filed: 10/20/2016
Issued: 10/30/2018
Est. Priority Date: 03/30/2015
Status: Active Grant

First Claim

Patent Images

1. A system-on-chip, comprising:

a processor;

a fuse-based memory storing;

information for deriving a first public key for a first asymmetric key pair; and

one or more current key version numbers, each associated with a corresponding secondary public key;

wherein, in a secure boot process, the processor is configured to;

load a digital certificate that includes a secondary public key for a second asymmetric key pair and a key version number associated with the secondary public key;

authenticate the digital certificate using the first public key;

compare a key version number for the secondary public key provided by the digital certificate with a corresponding current key version number in the fuse-based memory;

if the key version number for the secondary public key is lower than the current key version number, determine that the secondary public key is not a trusted public key; and

if the key version number for the secondary public key is equal to or higher than the current key version number, determine that the secondary public key is a trusted public key;

wherein the processor is configured to replace an old secondary public key with a new trusted secondary public key if the key version number for the new secondary public key is equal to or higher than the current key version number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device includes a processor and a persistent memory for storing information about a first public key associated with a first asymmetric key pair for authenticating the source of a digital certificate. The computing device also includes a second memory for storing one or more current key version indicators. Each of the current key version indicators is associated with a corresponding secondary public key, and the one or more current key version indicators are used by the processor to determine the trust of the corresponding secondary public key.

Citations

19 Claims

1. A system-on-chip, comprising:
- a processor;
  
  a fuse-based memory storing;
  
  information for deriving a first public key for a first asymmetric key pair; and
  
  one or more current key version numbers, each associated with a corresponding secondary public key;
  
  wherein, in a secure boot process, the processor is configured to;
  
  load a digital certificate that includes a secondary public key for a second asymmetric key pair and a key version number associated with the secondary public key;
  
  authenticate the digital certificate using the first public key;
  
  compare a key version number for the secondary public key provided by the digital certificate with a corresponding current key version number in the fuse-based memory;
  
  if the key version number for the secondary public key is lower than the current key version number, determine that the secondary public key is not a trusted public key; and
  
  if the key version number for the secondary public key is equal to or higher than the current key version number, determine that the secondary public key is a trusted public key;
  
  wherein the processor is configured to replace an old secondary public key with a new trusted secondary public key if the key version number for the new secondary public key is equal to or higher than the current key version number.
- View Dependent Claims (2, 3, 4)
- - 2. The system-on-chip of claim 1, wherein the processor is further configured to, if the version number for the secondary public key is higher than the current key version number, update the corresponding current key version number in the fuse-based memory to indicate the version number associated with the secondary public key.
  - 3. The system-on-chip of claim 1, wherein the processor is further configured to, if the version number for the secondary public key is higher than the current key version number and if an authorization is received from a system administrator or a trusted entity, update the corresponding current key version number in the fuse-based memory to indicate the version number associated with the secondary public key.
  - 4. The system-on-chip of claim 3, wherein the version number for the secondary public key is associated with a secondary public key that has been determined to be a trusted public key by the processor in a secure boot process.

5. A computing device, comprising:
- a processor;
  
  a persistent memory storing information about a first public key associated with a first asymmetric key pair for authenticating a digital certificate; and
  
  a second memory storing one or more current key version indicators, each associated with a corresponding secondary public key, wherein the processor is configured to use the one or more current key version indicators to determine whether to trust the corresponding secondary public key;
  
  wherein the processor is configured to replace an old secondary public key with a new trusted secondary public key if the key version number for the new secondary public key is equal to or higher than the current key version number.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 6. The computing device of claim 5, wherein the processor is configured to:
    - load a digital certificate that includes a secondary public key with an associated key version indicator;
      
      authenticate the loaded digital certificate using the first public key;
      
      extract the secondary public key and the associated key version indicator from the loaded digital certificate;
      
      compare the associated key version indicator extracted from the secondary public key with a corresponding current key version indicator in the second memory;
      
      if the associated key version indicator is lower than the current key version indicator, determine that the secondary public key is not a trusted public key; and
      
      if the associated key version indicator is equal to or higher than the current key version indicator, determine that the secondary public key is a trusted public key.
  - 7. The computing device of claim 6, wherein the processor is further configured to, if the key version indicator is higher than the current key version indicator, update the corresponding current key version indicator in the second memory to indicate the version indicator associated with the secondary public key.
  - 8. The computing device of claim 6, wherein, if the associated key version indicator is higher than the current key version indicator and if an authorization is received from a system administrator or a trusted entity, the processor is further configured to update the corresponding current key version indicator in the second memory to indicate the version indicator associated with the secondary public key.
  - 9. The computing device of claim 6, wherein the processor is further configured to, in response to a command from a trusted entity, update the current key version number in the second memory to a new key version number.
  - 10. The computing device of claim 9, wherein the new key version number is associated with a trusted secondary public key that has been determined to be a trusted public key by the processor in a secure boot process.
  - 11. The computing device of claim 5, wherein the information about the first public key comprises a symmetric key configured for decrypting an encrypted version of the first public key.
  - 12. The computing device of claim 5, wherein the information about the first public key comprises prime numbers for deriving the first public key.
  - 13. The computing device of claim 5, wherein the persistent memory is a fuse-based memory or a system boot ROM (read only memory).
  - 14. The computing device of claim 5, wherein the second memory is a fuse-based memory.
  - 15. The computing device of claim 5, wherein the processor and the persistent memory are on a system-on-chip.

16. A method for a provisioning server to deliver a cryptographic key to a computing device, the computing device having a first public key associated with a first asymmetric key pair for authenticating a digital certificate, the method comprising:
- generating a second public key associated with a second asymmetric key pair and a corresponding key version number;
  
  generating a digital certificate including the first public key, the generated digital certificate further including the second public key and the corresponding key version number associated with the second public key;
  
  signing the generated digital certificate; and
  
  sending the generated digital certificate to the computing device, wherein the computing device is configured to;
  
  authenticate the generated digital certificate using the first public key; and
  
  extract the second public key and the key version number from the generated digital certificate;
  
  use the key version number to determine that the secondary public key is a trusted secondary public key; and
  
  replace an old secondary public key with the new trusted secondary public key.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein signing the generated digital certificate comprises:
    - using a hash algorithm to generate a message digest of at least a portion of the generated digital certificate;
      
      encrypting the message digest using a first private key associated with the first asymmetric key pair; and
      
      including the encrypted message digest in the generated digital certificate.
  - 18. The method of claim 17, wherein the key version number associated with the second public key is higher than a public key version number sent previously to the computing device.
  - 19. The method of claim 17, wherein the computing device comprises a system-on-chip.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Miller, Derek Del, Potlapally, Nachiketh Rao, Patel, Rahul Gautam
Primary Examiner(s)
Tabor, Amare F

Application Number

US15/299,183
Time in Patent Office

740 Days
Field of Search

713156
US Class Current
CPC Class Codes

G06F 21/1076   Revocation

G06F 21/33   using certificates

G06F 21/44   Program or device authentic...

G06F 21/575   Secure boot

G06F 2221/034   Test or assess a computer o...

G09C 1/00   Apparatus or methods whereb...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/3268   using certificate validatio...

Controlling use of encryption keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling use of encryption keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links