Device keys
First Claim
1. A method for managing cryptographic keys that are specific to a personal device (100), the method being performed at a secure processing point (150) arranged in communication with the personal device, characterised in that the secure processing point performs the steps of:
- retrieving a unique chip identifier from a read-only storage (120) of an integrated circuit chip (110) included in the device (100);
storing a data package in the device, the data package including at least one cryptographic key;
receiving, in response to storing the data package, a backup data package from the device (100), which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage (125) of the chip (100);
associating the unique chip identifier with the received backup data package; and
storing the backup data package and the associated unique chip identifier in a permanent public database (170).
2 Assignments
0 Petitions
Accused Products
Abstract
A key management of cryptographic keys has a data package including one or more cryptographic keys that are transferred to a personal device 100 from a secure processing point 150 of a device assembly line in order to store device specific cryptographic keys in the personal device 100. In response to the transferred data package, a backup data package is received by the secure processing point 150 from the personal device 100, which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage 125 of a chip 110 included in the personal device 100. The secure processing point 150 is arranged to store the backup data package, together with an associated unique chip identifier read from the personal device 100, in a permanent, public database 170.
-
Citations
26 Claims
-
1. A method for managing cryptographic keys that are specific to a personal device (100), the method being performed at a secure processing point (150) arranged in communication with the personal device, characterised in that the secure processing point performs the steps of:
-
retrieving a unique chip identifier from a read-only storage (120) of an integrated circuit chip (110) included in the device (100);
storing a data package in the device, the data package including at least one cryptographic key;
receiving, in response to storing the data package, a backup data package from the device (100), which backup data package is the data package encrypted with a unique secret chip key stored in a tamper-resistant secret storage (125) of the chip (100);
associating the unique chip identifier with the received backup data package; and
storing the backup data package and the associated unique chip identifier in a permanent public database (170). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17)
-
-
9. A system for managing cryptographic keys that are specific to a personal device, the system including at least one personal device (100) and a secure processing point (150), which secure processing point is arranged in communication with the personal device, characterised in that:
-
the device includes an integrated circuit chip (110) with a unique chip identifier in a read-only storage (120) and a unique secret chip key in a tamper-resistant secret storage (125);
the secure processing point includes processing means (155) for retrieving the unique chip identifier and for storing a data package in the device, the data package including at least one cryptographic key;
the device includes processing means (127) for encrypting the received data package with the unique secret chip key and transferring a resulting backup data package back to the secure processing point; and
the processing means of the secure processing point is arranged for storing the received backup data package in association with the unique chip identifier in a permanent public database (170). - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
18. A personal device (100) managing cryptographic keys that are specific to the personal device, characterised in that the personal device includes:
-
an integrated circuit chip (110) with a unique chip identifier in a read-only storage (120) and a unique secret chip key in a tamper-resistant secret storage (125);
processing means (127) for outputting the unique chip identifier;
memory means (130) for storing a received data package including at least one cryptographic key; and
processing means (127) for encrypting the received data package with the unique secret chip key and outputting a resulting backup data package to a permanent public database (170). - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A secure processing point (150) for managing cryptographic keys that are specific to personal devices, the secure processing point being capable of communicating with a personal device (100), characterised in that the secure processing point includes processing means (155) for:
-
retrieving a unique chip identifier from a read-only storage (120) of an integrated circuit chip (l10) included by the personal device (100);
storing a data package including at least one cryptographic key in the personal device;
receiving an encrypted version of the data package, in the form of a backup data package, from the personal device in response to the stored data package; and
storing the received backup data package in association with the unique chip identifier in a permanent public database (170). - View Dependent Claims (26)
-
Specification