Method and system for controlled distribution of application code and content data within a computer network

US 20020150243A1
Filed: 04/12/2001
Published: 10/17/2002
Est. Priority Date: 04/12/2001
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a semiconductor chip, the method comprising:

selecting a private cryptographic key;

selecting a public cryptographic key, wherein the public cryptographic key and the private cryptographic key are not related by a cryptographic key pair relationship; and

embedding the private cryptographic key and the public cryptographic key in a read-only memory on the semiconductor chip.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server'"'"'s private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.

168 Citations

39 Claims

1. A method for configuring a semiconductor chip, the method comprising:
- selecting a private cryptographic key;
  
  selecting a public cryptographic key, wherein the public cryptographic key and the private cryptographic key are not related by a cryptographic key pair relationship; and
  
  embedding the private cryptographic key and the public cryptographic key in a read-only memory on the semiconductor chip.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the semiconductor chip provides interface processing at a client.
  - 3. The method of claim 1 wherein the embedding step further comprises the embedding of a serial number associated with the semiconductor chip.
  - 4. The method of claim 3 further comprising:
    - storing the public cryptographic key in a database in association with the serial number.
  - 5. The method of claim 1 wherein the private cryptographic key, and the public cryptographic key in the read-only memory are inaccessible to an input/output connection of the semiconductor chip.

6. An article of manufacture comprising:
- a first read-only memory structure containing an embedded private cryptographic key; and
  
  a second read-only memory structure containing an embedded public cryptographic key, wherein the public cryptographic key and the private cryptographic key are not related by a cryptographic key pair relationship.
- View Dependent Claims (7, 8, 9)
- - 7. The article of manufacture of claim 6 wherein the article of manufacture is a semiconductor chip.
  - 8. The article of manufacture of claim 7 wherein the semiconductor chip is capable of providing interface processing at a client.
  - 9. The article of manufacture of claim 8 wherein the first read-only memory structure and the second read-only memory structure are contained within a cryptographic unit of a CPU chip.

10. A method for secure communication between a client and a server in a data processing system, the method comprising:
- generating a client message at the client;
  
  retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client;
  
  encrypting the client message with the embedded server public key; and
  
  sending the client message to the server.
- View Dependent Claims (11, 12, 14, 15, 17, 18, 20)
- - 11. The method of claim 10 further comprising:
    - retrieving client authentication data;
      
      retrieving an embedded client private key from a read-only memory structure in an article of manufacture in the client;
      
      encrypting the client authentication data with the embedded client private key; and
      
      storing the encrypted client authentication data in the client message.
  - 12. The method of claim 11 further comprising:
    - retrieving an embedded client serial number from a read-only memory structure in an article of manufacture in the client; and
      
      storing a copy of the embedded client serial number in the client message.
  - 14. The apparatus of claim 13 further comprising:
    - means for retrieving client authentication data;
      
      means for retrieving an embedded client private key from a read-only memory structure in an article of manufacture in the client;
      
      means for encrypting the client authentication data with the embedded client private key; and
      
      means for storing the encrypted client authentication data in the client message.
  - 15. The apparatus of claim 14 further comprising:
    - means for retrieving an embedded client serial number from a read-only memory structure in an article of manufacture in the client; and
      
      means for storing a copy of the embedded client serial number in the client message.
  - 17. The computer program product of claim 16 further comprising:
    - instructions for retrieving client authentication data;
      
      instructions for retrieving an embedded client private key from a read-only memory structure in an article of manufacture in the client;
      
      instructions for encrypting the client authentication data with the embedded client private key; and
      
      instructions for storing the encrypted client authentication data in the client message.
  - 18. The computer program product of claim 17 further comprising:
    - instructions for retrieving an embedded client serial number from a read-only memory structure in an article of manufacture in the client; and
      
      instructions for storing a copy of the embedded client serial number in the client message.
  - 20. The method of claim 16 further comprising:
    - retrieving server authentication data;
      
      retrieving a server private key;
      
      encrypting the server authentication data with the server private key; and
      
      storing the encrypted server authentication data in the server message.

13. An apparatus for secure communication between a client and a server in a data processing system, the apparatus comprising:
- means for generating a client message at the client;
  
  means for retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client;
  
  means for encrypting the client message with the embedded server public key; and
  
  means for sending the client message to the server.

16. A computer program product in a computer-readable medium for use in a data processing system for secure communication between a client and a server, the computer program product comprising:
- instructions for generating a client message at the client;
  
  instructions for retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client;
  
  instructions for encrypting the client message with the embedded server public key; and
  
  instructions for sending the client message to the server.

19. A method for secure communication between a client and a server in a data processing system, the method comprising:
- generating a server message at the server;
  
  retrieving information that was requested by the client;
  
  storing the retrieved information in the server message;
  
  retrieving a client public key, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client;
  
  encrypting the server message with the client public key; and
  
  sending the server message to the client.

21. An apparatus for secure communication between a client and a server in a data processing system, the apparatus comprising:
- means for generating a server message at the server;
  
  means for retrieving information that was requested by the client;
  
  means for storing the retrieved information in the server message;
  
  means for retrieving a client public key, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client;
  
  means for encrypting the server message with the client public key; and
  
  means for sending the server message to the client.
- View Dependent Claims (22, 24, 26, 28, 30)
- - 22. The apparatus of claim 21 further comprising:
    - means for retrieving server authentication data;
      
      means for retrieving a server private key;
      
      means for encrypting the server authentication data with the server private key; and
      
      means for storing the encrypted server authentication data in the server message.
  - 24. The computer program product of claim 23 further comprising:
    - instructions for retrieving server authentication data;
      
      instructions for retrieving a server private key;
      
      instructions for encrypting the server authentication data with the server private key; and
      
      instructions for storing the encrypted server authentication data in the server message.
  - 26. The method of claim 25 further comprising:
    - retrieving encrypted client authentication data from the client message;
      
      decrypting the client authentication data with the retrieved client public key; and
      
      verifying the decrypted client authentication data.
  - 28. The apparatus of claim 27 further comprising:
    - means for retrieving encrypted client authentication data from the client message;
      
      means for decrypting the client authentication data with the retrieved client public key; and
      
      means for verifying the decrypted client authentication data.
  - 30. The computer program product of claim 29 further comprising:
    - instructions for retrieving encrypted client authentication data from the client message;
      
      instructions for decrypting the client authentication data with the retrieved client public key; and
      
      instructions for verifying the decrypted client authentication data.

23. A computer program product in a computer-readable medium for use in a data processing system for secure communication between a client and a server, the computer program product comprising:
- instructions for generating a server message at the server;
  
  instructions for retrieving information that was requested by the client;
  
  instructions for storing the retrieved information in the server message;
  
  instructions for retrieving a client public key, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client;
  
  instructions for encrypting the server message with the client public key; and
  
  instructions for sending the server message to the client.

25. A method for secure communication between a client and a server in a data processing system, the method comprising:
- receiving a client message from the client;
  
  retrieving a server private key;
  
  decrypting the client message with the server private key;
  
  retrieving a client serial number from the decrypted client message; and
  
  retrieving a client public key that is associatively stored with the retrieved client serial number, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client.

27. An apparatus for secure communication between a client and a server in a data processing system, the apparatus comprising:
- means for receiving a client message from the client;
  
  means for retrieving a server private key;
  
  means for decrypting the client message with the server private key;
  
  means for retrieving a client serial number from the decrypted client message; and
  
  means for retrieving a client public key that is associatively stored with the retrieved client serial number, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client.

29. A computer program product in a computer-readable medium for use in a data processing system for secure communication between a client and a server, the computer program product comprising:
- instructions for receiving a client message from the client;
  
  instructions for retrieving a server private key;
  
  instructions for decrypting the client message with the server private key;
  
  instructions for retrieving a client serial number from the decrypted client message; and
  
  instructions for retrieving a client public key that is associatively stored with the retrieved client serial number, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client.

31. A method for secure communication between a client and a server in a data processing system, the method comprising:
- receiving a server message from the server;
  
  retrieving an embedded client private key from a read-only memory structure in an article of manufacture in the client; and
  
  decrypting the server message with the embedded client private key.
- View Dependent Claims (32, 33, 35, 36, 38, 39)
- - 32. The method of claim 31 further comprising:
    - retrieving encrypted server authentication data from the server message;
      
      retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client; and
      
      decrypting the server authentication data with the embedded server public key; and
      
      verifying the decrypted server authentication data.
  - 33. The method of claim 32 further comprising:
    - retrieving requested information from the server message; and
      
      in response to a determination that the decrypted server authentication data was verified, processing the requested information.
  - 35. The apparatus of claim 34 further comprising:
    - means for retrieving encrypted server authentication data from the server message;
      
      means for retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client; and
      
      means for decrypting the server authentication data with the embedded server public key; and
      
      means for verifying the decrypted server authentication data.
  - 36. The apparatus of claim 35 further comprising:
    - means for retrieving requested information from the server message; and
      
      means for processing the requested information in response to a determination that the decrypted server authentication data was verified.
  - 38. The computer program product of claim 37 further comprising:
    - instructions for retrieving encrypted server authentication data from the server message;
      
      instructions for retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client; and
      
      instructions for decrypting the server authentication data with the embedded server public key; and
      
      instructions for verifying the decrypted server authentication data.
  - 39. The computer program product of claim 38 further comprising:
    - instructions for retrieving requested information from the server message; and
      
      instructions for processing the requested information in response to a determination that the decrypted server authentication data was verified.

34. An apparatus for secure communication between a client and a server in a data processing system, the apparatus comprising:
- means for receiving a server message from the server;
  
  means for retrieving an embedded client private key from a read-only memory structure in an article of manufacture in the client; and
  
  means for decrypting the server message with the embedded client private key.

37. A computer program product in a computer-readable medium for use in a data processing system for secure communication between a client and a server, the computer program product comprising:
- instructions for receiving a server message from the server;
  
  instructions for retrieving an embedded client private key from a read-only memory structure in an article of manufacture in the client; and
  
  instructions for decrypting the server message with the embedded client private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hofstee, Harm Peter, Kahle, James Allan, Dubey, Pradeep K., Craft, David John

Granted Patent

US 7,603,703 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/201
CPC Class Codes

H04L 2463/102   applying security measure f...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 63/145   the attack involving the pr...

Method and system for controlled distribution of application code and content data within a computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

168 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlled distribution of application code and content data within a computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links