Security chip and application processor

US 10,263,961 B2
Filed: 11/21/2016
Issued: 04/16/2019
Est. Priority Date: 01/21/2016
Status: Active Grant

First Claim

Patent Images

1. An operating method of a security chip, the operating method comprising:

performing, at the security chip,transmitting, to an application processor (AP), a device public key of a device key pair, the device key pair associated with public key infrastructure communications;

receiving a request, from the AP, to generate a digital signature on a certificate form, the certificate form including the device public key;

generating the digital signature, based on the received request to generate the digital signature, the digital signature generated based on an encryption operation using a certificate authority (CA) private key;

transmitting the digital signature to the AP;

receiving a certificate from the AP, the certificate including the digital signature; and

storing the certificate at the security chip.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security chip and an application processor may be included in a device configured to engage in encrypted communications with an external client, including public key infrastructure communications, in an environment where a certificate authority is absent. The security chip may provide the application processor with a device public key from among a pair of device keys related to public key infrastructure communications, receive a request from the application processor to generate a digital signature on a certificate form including the device public key, provide the application processor with a digital signature generated based on an encryption operation using a certificate authority private key, and receive and store a certificate including the digital signature from the application processor.

Citations

15 Claims

1. An operating method of a security chip, the operating method comprising:
- performing, at the security chip,transmitting, to an application processor (AP), a device public key of a device key pair, the device key pair associated with public key infrastructure communications;
  
  receiving a request, from the AP, to generate a digital signature on a certificate form, the certificate form including the device public key;
  
  generating the digital signature, based on the received request to generate the digital signature, the digital signature generated based on an encryption operation using a certificate authority (CA) private key;
  
  transmitting the digital signature to the AP;
  
  receiving a certificate from the AP, the certificate including the digital signature; and
  
  storing the certificate at the security chip.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The operating method of claim 1, whereinthe security chip is a semiconductor chip,the security chip and the AP are included in a common device;
    - andthe semiconductor chip is separate from the AP.
  - 3. The operating method of claim 1, further comprising:
    - performing, at the security chip,performing mutual authentication with the AP;
      
      generating a symmetric key associated with communication between the security chip and the AP;
      
      encrypting data transmitted to the AP according to the generated symmetric key; and
      
      decrypting data received from the AP according to the generated symmetric key.
  - 4. The operating method of claim 1, wherein,the device public key, a device private key, and the CA private key are installed at the security chip through a hardware security module in a process of manufacturing the security chip.
  - 5. The operating method of claim 1, further comprising:
    - performing, at the security chip,transmitting the certificate, based on receiving a request for the certificate to be transmitted to an external client;
      
      receiving pre-symmetric key information, the pre-symmetric key information generated by the external client and encrypted according to the device public key; and
      
      decrypting the pre-symmetric key information according to a device private key.
  - 6. The operating method of claim 5, further comprising:
    - performing, at the security chip,transmitting the decrypted pre-symmetric key information to the AP as information associated with generation of a session key.
  - 7. The operating method of claim 5, further comprising:
    - performing, at the security chip,generating a session key according to the decrypted pre-symmetric key information; and
      
      transmitting the session key to the AP.
  - 8. The operating method of claim 1, further comprising:
    - performing, at the security chip,receiving a separate certificate from an external server, the certificate including a server public key;
      
      generating pre-symmetric key information according to first random data and second random data, the first random data generated internally at the security chip and the second random data received from the external server; and
      
      generating encrypted pre-symmetric key information for transmission to the external server, based on encrypting the pre-symmetric key information according to the server public key.
  - 9. The operating method of claim 8, further comprising:
    - performing, at the security chip,transmitting the pre-symmetric key information to the AP as information associated with generation of a session key.
  - 10. The operating method of claim 1, further comprising:
    - performing, at the security chip,performing a handshake process according to a connection to an external device;
      
      performing a session process based on completion of the handshake process;
      
      wherein performing the session process includes selectively performing encryption and decryption operations according to a device private key.

11. A method, comprising:
- generating, at an application processor (AP), a certificate form based on a device public key received from a semiconductor chip;
  
  transmitting a request, from the AP to the semiconductor chip, to generate a digital signature associated with the certificate form, such that the semiconductor chip generates the digital signature;
  
  receiving the requested digital signature from the semiconductor chip;
  
  generating, at the AP, a certificate that includes the requested digital signature, based on receiving the requested digital signature from the semiconductor chip, the digital signature being generated at the semiconductor chip according to a certificate authority (CA) private key; and
  
  transmitting the generated certificate to the semiconductor chip.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - transmitting the generated certificate to an external device;
      
      receiving encrypted pre-symmetric key information from the external device, wherein the encrypted pre-symmetric key information is encrypted according to the device public key included in the generated certificate; and
      
      transmitting a request, to the semiconductor chip, to decrypt the encrypted pre-symmetric key information.
  - 13. The method of claim 12, further comprising:
    - receiving decrypted pre-symmetric key information from the semiconductor chip, based on the decrypted pre-symmetric key information being decrypted from the encrypted pre-symmetric key information at the semiconductor chip; and
      
      generating a session key according to the decrypted pre-symmetric key information.
  - 14. The method of claim 12, wherein the transmitting the generated certificate to the external device further includes,transmitting a request, to the semiconductor chip, to receive the generated certificate;
    - andtransmitting the generated certificate, received from the semiconductor chip, to the external device.
  - 15. The method of claim 11, further comprising:
    - receiving another certificate from an external device, the other certificate including a server public key;
      
      decrypting the other certificate according to a certificate public key to generate a decrypted certificate;
      
      transmitting, to the semiconductor chip, the server public key included in the decrypted certificate; and
      
      receiving encrypted pre-symmetric key information from the semiconductor chip, wherein the encrypted pre-symmetric key information is encrypted at the semiconductor chip according to the transmitted server public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Chu, Youn-sung, Han, Min-ja, Lee, Kyung-jin
Primary Examiner(s)
King, John B

Application Number

US15/357,228
Publication Number

US 20170214662A1
Time in Patent Office

876 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 9/006   involving public key infras...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0869   involving random numbers or...

H04L 9/0877   using additional device, e....

H04L 9/3263   involving certificates, e.g...

Security chip and application processor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Security chip and application processor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links