Modules to securely provision an asset to a target device
First Claim
1. A method comprising:
- receiving, by an Appliance device, a Module over a network from a Service device;
receiving, by the Appliance device, a first deployment authorization message from the Service device, wherein the first deployment authorization message ties the Module to a first Appliance cluster comprising at least the Appliance device and delivers a module key that is used to encrypt a data asset in the Module;
receiving, by the Appliance device, a communication from a cryptographic manager (CM) client library of a tester device, wherein the communication comprises an argument from the CM client library;
in response to the communication, invoking the Module by the Appliance device to generate a Module sequence based on the argument;
verifying that the Appliance device is tied to the Module using the first deployment authorization message; and
sending, by the Appliance device, the Module sequence to the CM client library, wherein a tester script of the tester device delivers the Module sequence to a CM Core of a target device in an operation phase of a manufacturing lifecycle of the target device, wherein the Module sequence comprises a sequence of operations that securely provisions the data asset of the Module to the target device.
1 Assignment
0 Petitions
Accused Products
Abstract
The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.
17 Citations
14 Claims
-
1. A method comprising:
-
receiving, by an Appliance device, a Module over a network from a Service device; receiving, by the Appliance device, a first deployment authorization message from the Service device, wherein the first deployment authorization message ties the Module to a first Appliance cluster comprising at least the Appliance device and delivers a module key that is used to encrypt a data asset in the Module; receiving, by the Appliance device, a communication from a cryptographic manager (CM) client library of a tester device, wherein the communication comprises an argument from the CM client library; in response to the communication, invoking the Module by the Appliance device to generate a Module sequence based on the argument; verifying that the Appliance device is tied to the Module using the first deployment authorization message; and sending, by the Appliance device, the Module sequence to the CM client library, wherein a tester script of the tester device delivers the Module sequence to a CM Core of a target device in an operation phase of a manufacturing lifecycle of the target device, wherein the Module sequence comprises a sequence of operations that securely provisions the data asset of the Module to the target device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An Appliance device comprising:
-
a processor; a network interface coupled to the processor; and a tester device interface coupled to the processor, wherein the processor is operable to; receive a Module over a network from a Service device; receive a first deployment authorization message from the Service device, wherein the first deployment authorization message ties the Module to a first Appliance cluster comprising at least the Appliance device and delivers a module key that is used to encrypt a data asset in the Module; receive a communication from a cryptographic manager (CM) client library of a tester device, wherein the communication comprises an argument from the CM client library; in response to the communication, invoke the Module to generate a Module sequence based on the argument; verify that the Appliance device is tied to the Module using the first deployment authorization message; and send the Module sequence to the CM client library, wherein a tester script of the tester device delivers the Module sequence to a CM Core of a target device in an operation phase of a manufacturing lifecycle of the target device, wherein the Module sequence comprises a sequence of operations that securely provisions the data asset of the Module to the target device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification