Volatile device keys and applications thereof
First Claim
Patent Images
1. A method for determining a key on a device:
- generating a first volatile response using circuitry on the device, the volatile response depending on process variation in fabrication of the device;
computing first error control data that depends on the first volatile response;
storing the first error control data externally to the device;
generating a second volatile response using the circuitry on the device; and
generating the key using the externally stored first error control data and the second volatile response.
2 Assignments
0 Petitions
Accused Products
Abstract
A key is determined from a volatile response using circuitry on the device. The volatile response depend on process variation in fabrication of the device. Error control data that depends on the first volatile response can be computed, stored externally to the device, and then used to generate the key using a volatile response using the circuit. Applications of volatile keys include authentication and rights management for content and software.
245 Citations
39 Claims
-
1. A method for determining a key on a device:
-
generating a first volatile response using circuitry on the device, the volatile response depending on process variation in fabrication of the device;
computing first error control data that depends on the first volatile response;
storing the first error control data externally to the device;
generating a second volatile response using the circuitry on the device; and
generating the key using the externally stored first error control data and the second volatile response. - View Dependent Claims (2, 3, 4)
-
-
5. A method for sharing a secret with a device comprising:
-
providing a public key to the device;
generating a volatile response in the device;
encrypting the volatile response using the public key;
receiving the encrypted volatile response from the device; and
decrypting the volatile response using a private key corresponding to the public key. - View Dependent Claims (6, 7, 8)
-
-
9. A method for key generation on a device comprising:
-
generating a private key and a corresponding public key on the device without permitting disclosure of the private key outside the device, the private key not being determinable from non-volatile quantities stored on the device;
disclosing the public key from the device;
generating a second volatile response using circuitry on the device, the volatile response depending on process variation in fabrication of the device; and
regenerating the private key on the device using the second volatile response. - View Dependent Claims (10, 11, 12)
-
-
13. A method comprising:
-
generating a first volatile response on each of a plurality of device, the volatile responses depending on process variation in fabrication of the devices;
storing data outside the devices associating the devices with quantities that depend on the respective first volatile responses; and
authenticating one of the devices including generating a second volatile response on the device, and comparing a quantity that depends on the second volatile response with a quantity in the stored data. - View Dependent Claims (14, 15, 16)
-
-
17. A method for authenticating a device comprising:
-
authenticating by a first entity a first device using a first authentication method;
while authenticated using the first authentication method, establishing a shared secret between the first entity and the device, the shared secret being volatile on the device; and
while no longer authenticating the first device using the first authentication method, authenticating the first device using a second authentication method including regenerating the shared secret based on a volatile response of circuitry on the device that depends on process variation in fabrication of the device based on the first device. - View Dependent Claims (18, 19, 20)
-
-
21. A method for authenticating a device comprising:
-
authenticating the device by a first entity, including establishing a first secret shared between the first entity and the device, the first secret in the device being volatile; and
authenticating the device by a second entity, including using the first shared secret to establish a second shared secret shared between the second entity and the device. - View Dependent Claims (22, 23, 24)
-
-
25. A device comprising:
-
a volatile key generator for generating a decryption key, the device being configured to prevent disclosure of the generated decryption key outside the device;
a decryption unit coupled to the key generator for accepting the decryption key;
an interface for accepting encrypted content at the device and providing the encrypted content to the decryption unit;
a converter for processing the decrypted content; and
an interface for providing the processed decrypted content from the device. - View Dependent Claims (26, 27, 28)
-
-
29. A device comprising:
-
an interface for coupling the device to a processing system;
a volatile key generator for generating a decryption key, the device being configured to prevent disclosure of the generated decryption key outside the device;
a decryption unit coupled to the key generator for accepting the decryption key to decrypt information, including encrypted instructions, received over the interface from the processing system; and
a processor coupled to the decryption unit for executing the instructions and providing a result of the executing of the instructions on the device to the processing system.
-
-
30. A method comprising:
-
distributing software for execution on a processing system;
distributing a device for coupling to the processing system;
executing the software on the processing system, including passing encrypted instructions from the processing system to the device, generating a volatile key on the device, decrypting the instructions on the device, passing a result that depends on the decrypted instructions from the device to the processing system;
permitting execution of a portion of the software on the processing system only if the passed result matches a predetermined result. - View Dependent Claims (31, 32)
-
-
33. A proximity device comprising:
-
circuitry for generating a volatile response that varies among devices fabricated according to a common design;
programmable storage for data; and
a radio interface providing remote access to the stored data and to the volatile response. - View Dependent Claims (34, 35)
-
-
36. A method comprising:
-
storing information in a storage of a proximity device via a radio interface of the device;
accessing a volatile response of a circuit on the device, the volatile response varying among devices fabricated according to a common design; and
storing data associating the volatile response and the stored information outside the proximity device. - View Dependent Claims (37, 38, 39)
-
Specification