Systems and methods for processing and verifying data using signatures

US 10,452,869 B2
Filed: 05/07/2014
Issued: 10/22/2019
Est. Priority Date: 05/07/2014
Status: Active Grant

First Claim

Patent Images

1. A device for processing message data comprising:

a network interface configured to;

receive, from another device, the message data, a first signature corresponding to the message data, and a third signature corresponding to the message data and the first signature, wherein the third signature is a signature generated by another network interface of the other device based on the message data and the first signature;

verify an integrity of the message data and the first signature based on the third signature;

a first component configured to receive the message data and the first signature from the other device via the network interface; and

a security processor configured to;

receive the message data and the first signature from the network interface via the first component;

determine, based on the first signature, whether the message data is valid;

determine a second signature corresponding to the message data; and

convey the second signature to the first component.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an example, a device for processing data is suggested, said device comprising a first component, wherein the first software component is arranged for receiving the data; a security processor for receiving said data and a first signature, wherein the security processor is arranged for determining based on the first signature whether the data are valid; for determining a second signature for the data; and for conveying the second signature to the first component.

Citations

35 Claims

1. A device for processing message data comprising:
- a network interface configured to;
  
  receive, from another device, the message data, a first signature corresponding to the message data, and a third signature corresponding to the message data and the first signature, wherein the third signature is a signature generated by another network interface of the other device based on the message data and the first signature;
  
  verify an integrity of the message data and the first signature based on the third signature;
  
  a first component configured to receive the message data and the first signature from the other device via the network interface; and
  
  a security processor configured to;
  
  receive the message data and the first signature from the network interface via the first component;
  
  determine, based on the first signature, whether the message data is valid;
  
  determine a second signature corresponding to the message data; and
  
  convey the second signature to the first component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The device according to claim 1, further comprising a second component, the first component being configured to convey the message data and the second signature to the second component.
  - 3. The device according to claim 2, wherein the first component is configured to convey the second signature to the second component if the message data is valid.
  - 4. The device according to claim 3, wherein the first component is configured not to convey the second signature to the second component if the message data is invalid.
  - 5. The device according to claim 1, wherein the security processor is configured to convey the second signature to the second component via the first component.
  - 6. The device according to claim 5, wherein the second component is configured to verify the integrity of the message data based on the second signature.
  - 7. The device according to claim 5, wherein the first component is configured to convey the message data to the second component via at least one software layer.
  - 8. The device according to claim 1, wherein the security processor is configured to convey the second signature to the first component if the message data is valid.
  - 9. The device according to claim 8, wherein the security processor is configured to not convey the second signature to the first component if the message data is invalid.
  - 10. The device according to claim 1, further comprising at least one software layer, wherein the security processor is configured to convey a result indicative of a validity of the message data and the second signature to the first component via the least one software layer.
  - 11. The device according to claim 1, wherein the second signature comprises information indicative of a validity of the message data.
  - 12. The device according to claim 1, wherein the first signature, the second signature, and/or the third signature comprises at least one of the following:
    - a hash-code;
      
      a cryptographic hash-code;
      
      a security code;
      
      a safety code; and
      
      a cyclic redundancy code.
  - 13. The device according to claim 1, wherein the first component is configured to:
    - initiate a first action if the message data is valid; and
      
      initiate a second action if the message data is invalid.
  - 14. The device according to claim 1, wherein the second component is configured to:
    - initiate a first action if the message data is valid.
  - 15. The device according to claim 1, wherein the first component is a software component of an application layer.
  - 16. The device according to claim 1, wherein the second component is a software component of an application layer.
  - 17. The device according to claim 1, wherein the device is an integrated device, a microprocessor or a microcontroller.
  - 18. The device according to claim 1, wherein the device is connected to the other device via a connection between the network interface and the other network interface of the other device.

19. A device for processing message data comprising:
- a network interface configured to;
  
  receive, from another device, the message data, a first signature corresponding to the message data, and a third signature corresponding to the message data and the first signature, wherein the third signature is a signature generated by another network interface of the other device based on the message data and the first signature;
  
  verify an integrity of the message data and the first signature based on the third signature;
  
  a first component configured to receive the message data and the first signature from the other device via the network interface;
  
  a second component; and
  
  a security processor configured to;
  
  receive the message data and the first signature from the network interface via the first component;
  
  determine, based on the first signature, whether the message data is valid; and
  
  inform the first component whether the message data is valid;
  
  wherein the first component is further configured to determine a second signature for the message data and convey the second signature and the message data to the second component.
- View Dependent Claims (20, 21, 22)
- - 20. The device according to claim 19, wherein the first component is configured to determine the second signature for the message data and convey the second signature and the message data to the second component if the message data is valid.
  - 21. The device according to claim 19, wherein the security processor is configured to inform the first component whether the message data is valid via a message conveyed to the first component.
  - 22. The device according to claim 19, wherein the security processor is configured to send a message to the first component to inform the first component whether the message data is invalid.

23. A device for processing message data comprising:
- a network interface configured to generate a third signature based on the message data received from another device and a first signature corresponding to the message data, wherein the message data and the first signature are verifiable using the third signature;
  
  a security processor, anda first component configured to convey the message data and a second signature generated based on the message data to the security processor,wherein the security processor is configured to;
  
  determine, based on the second signature, whether the message data received from the first component is valid;
  
  generate the first signature for the message data in response to the message data being determined valid using the second signature;
  
  provide the message data, the third signature, and the first signature to the other device via the network interface.
- View Dependent Claims (24, 25, 26)
- - 24. The device according to claim 23, wherein the security processor is configured to:
    - provide the message data, the third signature, and the first signature to the other device if the integrity of the message data has been confirmed via the first signature.
  - 25. The device according to claim 23, wherein the first component is configured to determine the second signature based on the message data.
  - 26. The device according to claim 23, wherein the third signature, the message data, the third signature, and the first signature are provided to the other device via a network that is interfaced with the network interface.

27. A method for processing message data at a device including a security processor, a network interface, and a first component, said method comprising:
- receiving, by the network interface, the message data, a first signature corresponding to the message data, and a third signature corresponding to the message data and the first signature, wherein the third signature is a signature generated by another network interface of another device based on the message data and the first signature;
  
  verifying, by the network interface of the device, an integrity of the message data and the first signature based on the third signature;
  
  receiving, via the network interface of the device, the message data and the first signature at the first component of the device from the other device;
  
  receiving, via the first component, the message data and the first signature at the security processor from the network interface;
  
  determining, by the security processor based on the first signature, whether the message data is valid;
  
  determining a second signature for the message data; and
  
  conveying the second signature to the first component.
- View Dependent Claims (28, 29, 30, 31, 34)
- - 28. The method according to claim 27, wherein:
    - the second signature is determined by the security processor;
      
      the second signature is conveyed from the security processor to the first component; and
      
      the method further comprises;
      
      verifying the integrity of the message data at the first component based on the second signature; and
      
      initiating, by the first component;
      
      a first action if the message data is valid; and
      
      a second action if the message data is invalid.
  - 29. The method according to claim 27, further comprising:
    - conveying the second signature from the security processor to a second component via the first component.
  - 30. The method according to claim 29, further comprising:
    - verifying the integrity of the message data at the second component based on the second signature.
  - 31. The method according to claim 27, further comprising:
    - conveying the message data and the second signature from the first component to a second component.
  - 34. A non-transitory computer program product directly loadable into a memory of a digital processing device, comprising software code portions for performing the steps of the method according to claim 27.

32. A method for processing message data at a device including a security processor, a network interface, and a first component, said method comprising:
- receiving, by the network interface, the message data, a first signature corresponding to the message data, and a third signature corresponding to the message data and the first signature, wherein the third signature is a signature generated by a network interface of another device based on the message data and the first signature;
  
  verifying, by the network interface of the device, an integrity of the message data and the first signature based on the third signature;
  
  receiving, via the network interface of the device, the message data and the first signature at the first component of the device from the other device;
  
  receiving, via the first component, the message data and the first signature at the security processor from the network interface;
  
  determining, by the security processor based on the first signature, whether the message data is valid;
  
  determining, by the first component, whether the message data is valid based on information provided by the security processor;
  
  determining a second signature for the message data by the first component; and
  
  conveying the second signature and the message data to the second component.
- View Dependent Claims (35)
- - 35. A non-transitory computer program product directly loadable into a memory of a digital processing device, comprising software code portions for performing the steps of the method according to claim 32.

33. A device comprising:
- means for receiving, at a network interface, message date, a first signature corresponding to the message data, and a third signature, from another device, wherein the third signature corresponds to the message data and the first signature, and is a signature generated by a network interface of the other device based on the message data and the first signature;
  
  means for verifying an integrity of the message data and the first signature based on the third signature;
  
  means for receiving, via the network interface, the message data and the first signature from the other device at the first component;
  
  means for receiving message data and the first signature from the network interface at a security processor of the device via the first component;
  
  means for determining, by the security processor based on the first signature, whether the message data is valid;
  
  means for determining a second signature for the message data; and
  
  means for conveying the second signature to the first component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Inventors
Temple, Christopher, Nugraha, Dian Tresna, Wiley, Edward, Heidt, Laurent
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US14/271,866
Publication Number

US 20150324599A1
Time in Patent Office

1,994 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1004   to protect a block of data ...

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

Systems and methods for processing and verifying data using signatures

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for processing and verifying data using signatures

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links