Key derivation for secure communications
First Claim
Patent Images
1. A method comprising:
- performing, by a computing device, a first encryption using a device security key stored in a first memory storage area of the computing device as cleartext;
deriving, using a first seed value comprising a combination of an address of the computing device and a first random number, a first derived key;
storing the first derived key in a second memory storage area of the computing device;
performing, after a compromise of the first derived key, a second encryption using the device security key as cleartext;
deriving, using a second seed value comprising a combination of the address of the computing device and a second random number, a second derived key; and
storing the second derived key in the second memory storage area of the computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A security system is disclosed in which a device-specific key value is provided to a security processing device, and then used to derive additional derived keys for use in secured communications. In response to identifying a compromise of the derived keys, the system can be instructed to derive new or replacement derived keys for use in the secured communications. In some embodiments, the security system can be used in a video reception device, to decrypt encrypted video content.
-
Citations
20 Claims
-
1. A method comprising:
-
performing, by a computing device, a first encryption using a device security key stored in a first memory storage area of the computing device as cleartext; deriving, using a first seed value comprising a combination of an address of the computing device and a first random number, a first derived key; storing the first derived key in a second memory storage area of the computing device; performing, after a compromise of the first derived key, a second encryption using the device security key as cleartext; deriving, using a second seed value comprising a combination of the address of the computing device and a second random number, a second derived key; and storing the second derived key in the second memory storage area of the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A device comprising:
-
a first memory storage area configured to store a device security key as cleartext; and a first processor configured to; encrypt the device security key in order to derive a first derived key, wherein the encrypting uses a first seed value comprising a combination of an address of the device and a first random number; store the first derived key in a second memory storage area of the device; after a compromise of the first derived key, re-encrypt the device security key in order to derive a second derived key, wherein the re-encrypting uses a second seed value comprising a combination of the address of the device and a second random number; and store the second derived key in the second memory storage area of the device, wherein the first memory storage area and the second memory storage area are secured by different types of security protection. - View Dependent Claims (12, 13)
-
-
14. A security method comprising:
-
encrypting, by a processor, a device key stored in a first memory of a device to derive a first derived key for the device, wherein the encrypting uses; the device key as cleartext, and a seed value comprising a combination of an address of the device and a random number; using the first derived key for multiple communication sessions involving the device; and performing, based on a second seed value compromising a combination of the address of the device and a second random number and after a key comprise, a second encryption of the device key to derive a second derived key for the device, wherein the second derived key is different from the first derived key. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification