CMOS-based stateless hardware security module

US 20060072748A1
Filed: 06/21/2005
Published: 04/06/2006
Est. Priority Date: 10/01/2004
Status: Abandoned Application

First Claim

Patent Images

1. A security processing system comprising:

at least one key generator for generating an identity cipher key within a MOS integrated circuit;

at least one one-time-programmable memory for storing the identity cipher key in the integrated circuit, the at least one one-time-programmable memory comprising thin gate-oxide fuses and configured to be capable of being implemented in the integrated circuit using any MOS process; and

at least one processor for processing data using the identity cipher key within the integrated circuit and for enforcing policy associated with key usage.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Stateless hardware security modules facilitate securing data transfers between devices in a data communication system. The stateless hardware security module may communicate with other devices via a secure communication channel to securely transfer information between the client device and another device. As a result, sensitive information such as cryptographic keys and data may be securely routed between the client device and another device. The stateless hardware security module may support a limited set of key management operations to facilitate routing of information between the client device and another device. However, the stateless hardware security module does not need to maintain state information for the keys it maintains and/or uses. As a result, the stateless hardware security module may be advantageously integrated into a variety of client devices. A stateless hardware security module may support receiving keys in a secure manner from another device and storing and using these keys within a secure boundary. A stateless hardware security module may support generating a private/public key pair within a secure boundary, maintaining the private key within the secure boundary, and exporting the public key to an authenticating entity.

138 Citations

27 Claims

1. A security processing system comprising:
- at least one key generator for generating an identity cipher key within a MOS integrated circuit;
  
  at least one one-time-programmable memory for storing the identity cipher key in the integrated circuit, the at least one one-time-programmable memory comprising thin gate-oxide fuses and configured to be capable of being implemented in the integrated circuit using any MOS process; and
  
  at least one processor for processing data using the identity cipher key within the integrated circuit and for enforcing policy associated with key usage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 wherein the at least one one-time-programmable memory is implemented in the integrated circuit using a single poly process.
  - 3. The system of claim 1 wherein the at least one one-time-programmable memory is configured to store the at least one cipher key by generating direct gate tunneling current though a gate oxide in at least a portion of the thin gate-oxide fuses.
  - 4. The system of claim 1 wherein the at least one key generator comprises an asymmetric key generator.
  - 5. The system of claim 4 wherein the identity cipher key comprises a private key.
  - 6. The system of claim 4 comprising at least one data interface for publishing a public key to at least one device external to the integrated circuit.
  - 7. The system of claim 1 comprising at least one data interface for receiving encrypted keys from at least one device.
  - 8. The system of claim 7 wherein the at least one processor decrypts encrypted keys received from the at least one device.

9. A secure data processing method comprising:
- storing at least one cipher key in at least one one-time-programmable memory in an integrated circuit, the at least one one-time-programmable memory comprising thin gate-oxide fuses and configured to be capable of being implemented in the integrated circuit using any MOS process;
  
  maintaining the at least one cipher key within a security boundary associated with the integrated circuit;
  
  using the at least one cipher key within the security boundary; and
  
  enforcing policy associated with the at least one cipher key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9 wherein the at least one one-time-programmable memory is implemented in the integrated circuit using a single poly process.
  - 11. The method of claim 9 wherein storing the at least one cipher key comprises generating direct gate tunneling current though a gate oxide in at least a portion of the thin gate-oxide fuses in the at least one one-time-programmable memory.
  - 12. The method of claim 9 comprising generating an asymmetric key within the security boundary wherein the at least one cipher key comprises a private key of the asymmetric key.
  - 13. The method of claim 9 comprising using the at least one cipher key to establish a secure communication channel between the integrated circuit and at least one device external to the integrated circuit.
  - 14. The method of claim 9 comprising:
    - receiving at least one encrypted cipher key in the integrated circuit from at least one device external to the integrated circuit; and
      
      decrypting the at least one encrypted cipher key within the security boundary.
  - 15. The method of claim 14 comprising using the decrypted at least one cipher key within the security boundary.
  - 16. The method of claim 15 wherein using the decrypted at least one cipher key is performed without maintaining state information associated with the decrypted cipher key.
  - 17. The method of claim 9 comprising:
    - receiving data in the security boundary;
      
      encrypting the data within the security boundary; and
      
      transmitting the encrypted data to at least one device external the integrated circuit.

18. A secure data processing method comprising:
- storing at least one cipher key in at least one one-time-programmable memory in an integrated circuit, the at least one one-time-programmable memory configured to be implemented in the integrated circuit using a single poly process;
  
  maintaining the at least one cipher key within a security boundary associated with the integrated circuit;
  
  using the at least one cipher key within the security boundary; and
  
  enforcing policy associated with the at least one cipher key.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18 wherein the at least one one-time-programmable memory comprises thin gate-oxide fuses.
  - 20. The method of claim 19 wherein storing the at least one cipher key comprises generating direct gate tunneling current though a gate oxide in at least a portion of the thin gate-oxide fuses in the at least one one-time-programmable memory.
  - 21. The method of claim 18 wherein the maintaining, using and enforcing are performed at least in part by at least one processor configured to be implemented in the integrated circuit using the single poly process.

22. A security processing system comprising:
- at least one data interface for receiving an identity cipher key within a CMOS integrated circuit from at least one device external to the integrated circuit;
  
  at least one one-time-programmable memory for storing the identity cipher key in the integrated circuit, the at least one one-time-programmable memory comprising thin gate-oxide fuses and configured to be capable of being implemented in the integrated circuit using any MOS process; and
  
  at least one processor for processing data using the identity cipher key within the integrated circuit and for enforcing policy associated with key usage.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The system of claim 22 wherein the at least one one-time-programmable memory is configured to store the at least one cipher key by generating direct gate tunneling current though a gate oxide in at least a portion of the thin gate-oxide fuses.
  - 24. The system of claim 22 wherein the at least one data interface, the at least one one-time-programmable memory and the at least one processor are implemented in the integrated circuit using a single poly process.
  - 25. The system of claim 22 wherein the at least one data interface is adapted to receive data to be encrypted.
  - 26. The system of claim 25 wherein the at least one processor encrypts the received data.
  - 27. The system of claim 26 wherein the at least one data interface transmits the encrypted data to at least one device external to the integrated circuit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies General IP PTE Limited (Broadcom, Inc.)
Original Assignee
Avago Technologies General IP PTE Limited (Broadcom, Inc.)
Inventors
Buer, Mark

Application Number

US11/159,669
Publication Number

US 20060072748A1
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 21/72   in cryptographic circuits

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0877   using additional device, e....

H04L 9/0897   involving additional device...

CMOS-based stateless hardware security module

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

CMOS-based stateless hardware security module

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links