Method of storing unique constant values

US 20060015751A1
Filed: 07/14/2004
Published: 01/19/2006
Est. Priority Date: 07/14/2004
Status: Active Grant

First Claim

Patent Images

1. A method of securely storing a unique value associated with a device in a processing system without exposing a unique identifier for the device comprising:

obtaining the unique value associated with the device;

generating an encryption key based at least in part on a secret value securely stored in the device;

generating an initialization vector having a plurality of pseudo-randomly or randomly generated bits;

encrypting the unique value associated with the device using the encryption key and the initialization vector to form a first encrypted data structure; and

storing the first encrypted data structure in a memory of the processing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure storage and retrieval of a unique value associated with a device to/from a memory of a processing system. In at least one embodiment, the device needs to be able to access the unique value across processing system resets, and the device does not have sufficient non-volatile storage to store the unique value itself. Instead, the unique value is stored in the processing system memory in such a way that the stored unique value does not create a unique identifier for the processing system or the device. A pseudo-randomly or randomly generated initialization vector may be used to vary an encrypted data structure used to store the unique value in the memory.

Citations

33 Claims

1. A method of securely storing a unique value associated with a device in a processing system without exposing a unique identifier for the device comprising:
- obtaining the unique value associated with the device;
  
  generating an encryption key based at least in part on a secret value securely stored in the device;
  
  generating an initialization vector having a plurality of pseudo-randomly or randomly generated bits;
  
  encrypting the unique value associated with the device using the encryption key and the initialization vector to form a first encrypted data structure; and
  
  storing the first encrypted data structure in a memory of the processing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein obtaining the unique value comprises using a cryptographic protocol for communications between the device and a processing entity external to the processing system to securely obtain the unique value.
  - 3. The method of claim 1, wherein generating the encryption key comprises generating the encryption key using a one-way function.
  - 4. The method of claim 1, wherein the secret value is stored in non-volatile memory in the device.
  - 5. The method of claim 1, further comprising:
    - obtaining the first encrypted data structure from the memory;
      
      generating the encryption key based at least in part on the secret value securely stored in the device; and
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device.
  - 6. The method of claim 5, further comprising using the unique value in processing of a cryptographic protocol.
  - 7. The method of claim 1, further comprising:
    - obtaining the first encrypted data structure from the memory;
      
      generating the encryption key based at least in part on the secret value securely stored in the device;
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device;
      
      generating a second initialization vector having a plurality of pseudo-randomly or randomly generated bits;
      
      encrypting the unique value associated with the device using the encryption key and the second initialization vector to form a second encrypted data structure;
      
      storing the second encrypted data structure in a memory of the processing system; and
      
      deleting the first encrypted data structure from the memory.
  - 8. The method of claim 7, wherein generating the second initialization vector, encrypting the second encrypted data structure, storing the second encrypted data structure, and deleting the encrypted data structure are performed every N accesses of the unique value by the device, where N is a positive integer.

9. An article comprising:
- a storage medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for securely storing a unique value associated with a device in a processing system without exposing a unique identifier for the device by obtaining the unique value associated with the device;
  
  generating an encryption key based at least in part on a secret value securely stored in the device;
  
  generating an initialization vector having a plurality of pseudo-randomly or randomly generated bits;
  
  encrypting the unique value associated with the device using the encryption key and the initialization vector to form a first encrypted data structure; and
  
  storing the first encrypted data structure in a memory of the processing system.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The article of claim 9, wherein instructions for obtaining the unique value comprise instructions for using a cryptographic protocol for communications between the device and a processing entity external to the processing system to securely obtain the unique value.
  - 11. The article of claim 9, wherein instructions for generating the encryption key comprise instructions for generating the encryption key using a one-way function.
  - 12. The article of claim 9, wherein the secret value is stored in a non-volatile memory in the device.
  - 13. The article of claim 9, further comprising instructions for obtaining the first encrypted data structure from the memory;
    - generating the encryption key based at least in part on the secret value securely stored in the device; and
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device.
  - 14. The article of claim 13, further comprising using the unique value in processing of a cryptographic protocol.
  - 15. The article of claim 9, further comprising instructions for obtaining the first encrypted data structure from the memory;
    - generating the encryption key based at least in part on the secret value securely stored in the device;
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device;
      
      generating a second initialization vector having a plurality of pseudo-randomly or randomly generated bits;
      
      encrypting the unique value associated with the device using the encryption key and the second initialization vector to form a second encrypted data structure;
      
      storing the second encrypted data structure in a memory of the processing system; and
      
      deleting the first encrypted data structure from the memory.
  - 16. The article of claim 15, wherein generating the second initialization vector, encrypting the second encrypted data structure, storing the second encrypted data structure, and deleting the encrypted data structure are performed every N accesses of the unique value by the device, where N is a positive integer.

17. A method of securely storing a unique value associated with a device in a processing system without exposing a unique identifier for the device comprising:
- obtaining the unique value associated with the device;
  
  initializing a monotonic counter stored in the device;
  
  generating a encryption key based at least in part on a secret value securely stored in the device;
  
  generating an initialization vector having a plurality of pseudo-randomly or randomly generated bits;
  
  updating the monotonic counter;
  
  encrypting the unique value associated with the device and the monotonic counter using the encryption key and the initialization vector to form a first encrypted data structure; and
  
  storing the first encrypted data structure in a memory of the processing system.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The method of claim 17, wherein obtaining the unique value comprises using a cryptographic protocol for communications between the device and a processing entity external to the processing system to securely obtain the unique value.
  - 19. The method of claim 17, wherein the secret value is stored in a non-volatile memory in the device.
  - 20. The method of claim 17, further comprising:
    - obtaining the first encrypted data structure from the memory;
      
      generating the encryption key based at least in part on the secret value securely stored in the device;
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device and the monotonic counter; and
      
      verifying the monotonic counter.
  - 21. The method of claim 20, further comprising using the unique value in processing of a cryptographic protocol.
  - 22. The method of claim 17, further comprising:
    - obtaining the first encrypted data structure from the memory;
      
      generating the encryption key based at least in part on the secret value securely stored in the device;
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device and the monotonic counter;
      
      generating a second initialization vector having a plurality of pseudo-randomly or randomly generated bits;
      
      updating the monotonic counter;
      
      encrypting the unique value associated with the device and the monotonic counter using the encryption key and the second initialization vector to form a second encrypted data structure;
      
      storing the second encrypted data structure in a memory of the processing system; and
      
      deleting the first encrypted data structure from the memory.
  - 23. The method of claim 22, wherein generating the second initialization vector, encrypting the second encrypted data structure, storing the second encrypted data structure, and deleting the encrypted data structure are performed every N accesses of the unique value by the device, where N is a positive integer.
  - 24. The method of claim 17, wherein initializing the monotonic counter comprises setting the monotonic counter to a pseudo-randomly generated starting value.
  - 25. The method of claim 17 or 22, wherein updating the monotonic counter comprises setting the monotonic counter to a pseudo-randomly generated value.

26. An article comprising:
- a storage medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for securely storing a unique value associated with a device in a processing system without exposing a unique identifier for the device by obtaining the unique value associated with the device;
  
  initializing a monotonic counter stored in the device;
  
  generating a encryption key based at least in part on a secret value securely stored in the device;
  
  generating an initialization vector having a plurality of pseudo-randomly or randomly generated bits;
  
  updating the monotonic counter;
  
  encrypting the unique value associated with the device and the monotonic counter using the encryption key and the initialization vector to form a first encrypted data structure; and
  
  storing the first encrypted data structure in a memory of the processing 7 system.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The article of claim 26, wherein instructions for obtaining the unique value comprises using a cryptographic protocol for communications between the device and a processing entity external to the processing system to securely obtain the unique value.
  - 28. The article of claim 26, wherein the secret value is stored in a non-volatile memory in the device.
  - 29. The article of claim 26, further comprising instructions for obtaining the first encrypted data structure from the memory;
    - generating the encryption key based at least in part on the secret value securely stored in the device;
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device and the monotonic counter; and
      
      verifying the monotonic counter.
  - 30. The article of claim 26, further comprising instructions for obtaining the first encrypted data structure from the memory;
    - generating the encryption key based at least in part on the secret value securely stored in the device;
      
      decrypting the first encrypted data structure using the encryption key to obtain the unique value associated with the device and the monotonic counter;
      
      generating a second initialization vector having a plurality of pseudo-randomly or randomly generated bits;
      
      updating the monotonic counter;
      
      encrypting the unique value associated with the device and the monotonic counter using the encryption key and the second initialization vector to form a second encrypted data structure;
      
      storing the second encrypted data structure in a memory of the processing system; and
      
      deleting the first encrypted data structure from the memory.
  - 31. The article of claim 26, wherein instructions for generating the second initialization vector, encrypting the second encrypted data structure, storing the second encrypted data structure, and deleting the encrypted data structure are performed every N accesses of the unique value by the device, where N is a positive integer.
  - 32. The article of claim 26, wherein instructions for initializing the monotonic counter comprise instructions for setting the monotonic counter to a pseudo-randomly generated starting value.
  - 33. The article of claim 26 or 30, wherein instructions for updating the monotonic counter comprise instructions for setting the monotonic counter to a pseudo-randomly generated value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brickell, Ernie F., Hall, Clifford D., Sutton, James A. II, Martinez, Alberto J., Grawrock, David W.

Granted Patent

US 7,571,329 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/73 by creating or determining ...

Method of storing unique constant values

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method of storing unique constant values

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links