PROTECTED PORT FOR ELECTRONIC ACCESS TO AN EMBEDDED DEVICE

US 20070162759A1
Filed: 12/28/2005
Published: 07/12/2007
Est. Priority Date: 12/28/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access by a user to an embedded device comprising:

detecting an authorization request from a user device to be granted access to the embedded device at a requested protection level;

issuing a challenge phrase and a device identifier to the user device in response to the authorization request;

verifying the user device'"'"'s response to the challenge phrase; and

granting the user device access to the embedded device at the requested protection level if authorization of the user device'"'"'s response is successful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access by a user to an embedded device. A protected access port, integral with the embedded device, includes an access manager and a level controller. The access manager issues a challenge phrase using a public key of the embedded device in response to a request by a user device to access the embedded device and determines the veracity of the user'"'"'s response to the challenge phrase. A secure server stores a private key corresponding to the public encryption key of the embedded device and is operable to authenticate the user credentials and issues the response to the challenge phrase dependent upon the private key of the embedded device.

101 Citations

View as Search Results

23 Claims

1. A method for controlling access by a user to an embedded device comprising:
- detecting an authorization request from a user device to be granted access to the embedded device at a requested protection level;
  
  issuing a challenge phrase and a device identifier to the user device in response to the authorization request;
  
  verifying the user device'"'"'s response to the challenge phrase; and
  
  granting the user device access to the embedded device at the requested protection level if authorization of the user device'"'"'s response is successful.
- View Dependent Claims (2, 3, 4)
- - 2. A method in accordance with claim 1, further comprising:
    - generating a random number; and
      
      combining the random number and the requested protection level information to produce the challenge phrase.
  - 3. A method in accordance with claim 2, wherein the user device'"'"'s response comprises a verification token that includes the random number and wherein verifying the user device'"'"'s response to the challenge phrase comprises comparing the verification token with the random number used to form the challenge phrase.
  - 4. A method in accordance with claim 1, wherein granting the user device access to the embedded device at the requested protection level comprises configuring a protected JTAG port at the requested protection level.

5. A method for a user device to access an embedded device comprising:
- issuing an authorization request to the embedded device to be authorized to access at a requested protection level;
  
  receiving a challenge phrase and a device identifier from the embedded device;
  
  passing the challenge phrase, the device identifier and credentials of the user device to a secure server;
  
  receiving a response from the secure server; and
  
  passing the response to the embedded device for verification.
- View Dependent Claims (6, 7, 8)
- - 6. A method in accordance with claim 5, wherein the device identifier is embedded in the challenge phrase.
  - 7. A method in accordance with claim 5, further comprising forming a trusted connection with the secure server.
  - 8. A method in accordance with claim 5, further comprising access the embedded processor via a protected JTAG port of the embedded device.

9. A protected port for controlling access by a user device to an embedded device, the protected port comprising:
- a port controller operable to interface with the user device;
  
  an access manager operable to determine if the user device is authorized for access at a requested protection level;
  
  an access port; and
  
  a level controller responsive to the access manager and operable to control a protection level of the access port, wherein the access port is supported by an architecture specific hardware and provides limitation of access to the embedded device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A protected port in accordance with claim 9, wherein the access port comprises a communication access port.
  - 11. A protected port in accordance with claim 9, wherein the access manager comprises:
    - a random number generator operable to generate a random number in response to a request from the user device to be authorized to access the embedded device at a requested protection level; and
      
      a verification module operable to determine the veracity of a response by the user device to the challenge phrase.
  - 12. A protected port in accordance with claim 11, wherein the verification module is operable to encrypt the random number and level into a challenge phrase using a public key corresponding to a private key of the embedded device stored on a secure server and operable to verify response.
  - 13. A protected port in accordance with claim 9, wherein the level controller is operable to configure the access port at a protection level determined by the access manager and a fuse mechanism.
  - 14. A protected port in accordance with claim 9, wherein the request protection level is selected from the group consisting of unprotected, low protection, high protection, gated high protection and maximum protection.
  - 15. A protected port in accordance with claim 9, further comprising a fuse mechanism operable to prevent the user device from decreasing the protection level without authorization.
  - 16. A protected port in accordance with claim 9, wherein electrical connections between the access manager, the level controller and the access port are formed on an internal silicon layer of the embedded device.

17. A system for controlling access by a user device to an embedded device, the system comprising:
- a protected access port integral with the embedded device and comprising a access manager operable to issue a challenge phrase in response to a request sequence from the user device to access the embedded device and further operable to determine the veracity of a response by the user device to the challenge phrase;
  
  a secure server operable to store a private key of the embedded device corresponding to the public key of the embedded device; and
  
  port access equipment operable by the user device to pass the challenge phrase and user credentials to the secure connection with the secure server;
  
  wherein the secure server is further operable to authenticate the user credentials and issue the response to the challenge phrase dependent upon the private key of the embedded device, and wherein the challenge phrase comprises a cipher of the random number combined with the request sequence.
- View Dependent Claims (18)
- - 18. A system in accordance with claim 17, wherein the protected access port is a protected JTAG port.

19. An apparatus for controlling access by a user to an embedded device via a protected port comprising:
- a challenge means for issuing a challenge phrase to a user device;
  
  a authorization means for verifying a response by the user device to the challenge phrase to determine if the user is authorized for access at a requested protection level; and
  
  a level control means, responsive to the verification means, for selecting an access mode of the protected port.
- View Dependent Claims (20, 21, 22, 23)
- - 20. An apparatus in accordance with claim 19, wherein the challenge means is operable to form a challenge phrase comprising:
    - a cipher of a random number combined with request sequence encoded with a public key; and
      
      an identifier of the embedded device.
  - 21. An apparatus in accordance with claim 19, wherein the authorization means is operable to compare the response by the user device to a random number used to compose the challenge phrase.
  - 22. An apparatus in accordance with claim 19, wherein the authorization means is operable to compare the response by the user device to an arithmetic modification of a random number used to compose the challenge phrase.
  - 23. An apparatus in accordance with claim 19, wherein the protected port comprises a JTAG port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Buskey, Ronald, Frosik, Barbara

Application Number

US11/275,348
Publication Number

US 20070162759A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 11/3656   using a specific debug inte...

G06F 21/71   to assure secure computing ...

H04L 9/3271   using challenge-response

PROTECTED PORT FOR ELECTRONIC ACCESS TO AN EMBEDDED DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

101 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

PROTECTED PORT FOR ELECTRONIC ACCESS TO AN EMBEDDED DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others