Hardware-generated dynamic identifier

US 10,567,170 B2
Filed: 12/24/2015
Issued: 02/18/2020
Est. Priority Date: 12/24/2015
Status: Active Grant

First Claim

Patent Images

1. An electronic apparatus, comprising:

a hardware-encoded internal private key, comprising a hardware-encoded fuse array not reasonably directly readable without destructively examining the electronic apparatus; and

one or more logic elements comprising a passive key generation engine, the key generation engine having write permission only to one or more special-purpose memory locations for storing pseudo-unique hardware-generated dynamic identifiers (HGDIs), the key generation engine comprising;

circuitry to receive an unencrypted third-party key from a third party;

function circuitry to apply a one-directional operation to the third-party key and the internal private key to generate a pseudo-unique HGDI, wherein the HGDI is unique and persistent with respect to the third party key; and

derivation circuitry to derive a cypher of the public key and the function circuitry.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, there is disclosed an electronic apparatus, comprising: a hardware-encoded internal private key; and one or more logic elements comprising a key generation engine to: receive an third-party key; and operate on the third-party key and the internal private key to generate a hardware-generated dynamic identifier (HGDI). There is also disclosed a method of providing an HGDI engine, and one or more computer-readable mediums having stored thereon executable instructions for providing an HGDI.

Citations

21 Claims

1. An electronic apparatus, comprising:
- a hardware-encoded internal private key, comprising a hardware-encoded fuse array not reasonably directly readable without destructively examining the electronic apparatus; and
  
  one or more logic elements comprising a passive key generation engine, the key generation engine having write permission only to one or more special-purpose memory locations for storing pseudo-unique hardware-generated dynamic identifiers (HGDIs), the key generation engine comprising;
  
  circuitry to receive an unencrypted third-party key from a third party;
  
  function circuitry to apply a one-directional operation to the third-party key and the internal private key to generate a pseudo-unique HGDI, wherein the HGDI is unique and persistent with respect to the third party key; and
  
  derivation circuitry to derive a cypher of the public key and the function circuitry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The electronic apparatus of claim 1, wherein the one or more logic elements are immutable hardware logic elements.
  - 3. The electronic apparatus of claim 1, wherein the key generation engine is further to encrypt the HGDI.
  - 4. The electronic apparatus of claim 1, wherein the key generation engine is further to encrypt the HGDI with a salt.
  - 5. The electronic apparatus of claim 1, further comprising a filter to reject third-party keys not provided by a key authority.
  - 6. The electronic apparatus of claim 1, wherein the one or more special-purpose memory locations are not read restricted.
  - 7. The electronic apparatus of claim 1, wherein the one or more special-purpose memory locations are not read restricted to system-level resources.
  - 8. The electronic apparatus of claim 1, further comprising means to mitigate a replay attack.
  - 9. The electronic apparatus of claim 8, wherein the means comprise a temporal counter.

10. One or more tangible, non-transitory computer-readable storage mediums having stored thereon executable instructions for a processor of a hardware platform to provide passive key generation, wherein the instructions are to write only to one or more special-purpose memory locations for storing pseudo-unique hardware-generated dynamic identifiers (HGDIs), further operable to:
- provide an internal private key, comprising a hardware-encoded fuse array not reasonably directly readable without destructively examining the hardware platform;
  
  receive an unencrypted third-party key from a third party; and
  
  apply a one-directional operation to the third-party key and the internal private key to generate a pseudo-unique HGDI, wherein the HGDI is unique and persistent with respect to the third party key; and
  
  derive a cypher of the public key and the function circuitry.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The one or more tangible, non-transitory computer-readable storage mediums of claim 10, wherein the one or more storage mediums comprise immutable hardware logic elements.
  - 12. The one or more tangible, non-transitory computer-readable storage mediums of claim 10, wherein the instructions are further to encrypt the HGDI with a salt.
  - 13. The one or more tangible, non-transitory computer-readable storage mediums of claim 10, wherein the instructions are further to reject third-party keys not provided by a key authority.
  - 14. The one or more tangible, non-transitory computer-readable storage mediums of claim 10 wherein the one or more special-purpose memory locations are not read restricted to system-level resources.
  - 15. The one or more tangible, non-transitory computer-readable storage mediums of claim 10, wherein the instructions are further to mitigate a replay attack.
  - 16. The one or more tangible, non-transitory computer-readable storage mediums of claim 15, wherein the instructions are further to mitigate a replay attack comprising inspecting a temporal counter.
  - 17. The one or more tangible, non-transitory computer-readable storage mediums of claim 10, wherein providing the internal private key comprises deriving the internal private key from a value encoded in hardware.
  - 18. The one or more tangible, non-transitory computer-readable storage mediums of claim 17, wherein deriving the internal private key from the value encoded in hardware comprises applying a one-way function to the value encoded in hardware.

19. A method of providing a hardware-generated device identifier (HGDI) engine within immutable hardware of an electronic apparatus, the HGDI engine having write permission only to one or more special-purpose memory locations for storing pseudo-unique HGDIs, comprising providing passive key generation, and further comprising:
- providing a hardware-encoded internal private key, comprising a hardware-encoded fuse array not reasonably directly readable without destructively examining the electronic apparatus;
  
  receiving an unencrypted third-party key from a third party; and
  
  applying a one-directional operation to the third-party key and the internal private key to generate a pseudo-unique HGDI, wherein the HGDI is unique and persistent with respect to the third party key; and
  
  deriving a cypher of the public key and the function circuitry.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19, further comprising encrypting the HGDI with a salt.
  - 21. The method of claim 19, further comprising rejecting third-party keys not provided by a key authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Rosenquist, Matthew L., Tatourian, Igor
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Truong, Thong P

Application Number

US14/757,894
Publication Number

US 20170187525A1
Time in Patent Office

1,517 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/1441   Countermeasures against mal...

H04L 9/065   Encryption by serially and ...

H04L 9/083   involving central third par...

H04L 9/0861   Generation of secret inform...

H04L 9/0877   using additional device, e....

H04L 9/14   using a plurality of keys o...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

Hardware-generated dynamic identifier

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Hardware-generated dynamic identifier

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links