Key transformation unit for a tamper resistant module

US 20070180276A1
Filed: 03/29/2007
Published: 08/02/2007
Est. Priority Date: 02/21/1997
Status: Active Grant

First Claim

Patent Images

1. A method for securely transporting a software application onto a tamper resistant module (TRM) by using an individualized key set for said TRM, said method comprising the steps of:

storing a key pair unique to said TRM in a memory located on said TRM, said key pair comprising a TRM public key and a TRM private key;

retrieving said TRM public key from said TRM;

encrypting at least a portion of said software application using said TRM public key;

transmitting said portion of said software application to said TRM; and

decrypting said portion of said software application using said TRM private key to recover said portion of said software application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).

112 Citations

View as Search Results

83 Claims

1. A method for securely transporting a software application onto a tamper resistant module (TRM) by using an individualized key set for said TRM, said method comprising the steps of:
- storing a key pair unique to said TRM in a memory located on said TRM, said key pair comprising a TRM public key and a TRM private key;
  
  retrieving said TRM public key from said TRM;
  
  encrypting at least a portion of said software application using said TRM public key;
  
  transmitting said portion of said software application to said TRM; and
  
  decrypting said portion of said software application using said TRM private key to recover said portion of said software application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising the step of storing said portion of said software application on said TRM.
  - 3. The method of claim 1, wherein a certification authority (CA) digitally signs said TRM public key to produce a public key certificate unique to said TRM and stored thereon, and wherein said public key certificate is verified prior to said transmitting step.
  - 4. The method of claim 3, wherein said public key certificate is verified with a CA public key prior to said transmitting step.
  - 5. The method of claim 3, wherein said public key certificate is recovered and compared with said TRM public key.
  - 6. The method of claim 1, wherein said TRM public key and said TRM private key are provided using an asymmetric technique.
  - 7. The method of claim 6, wherein said asymmetric technique is RSA.

8. A method performed by a tamper resistant module (TRM) for processing an incoming transmission of a software application to said TRM by using an individualized key set for the TRM, the method comprising the steps of:
- receiving said incoming transmission, said incoming transmission comprising at least a portion of the software application encrypted with a TRM public key stored on said TRM, said TRM public key being part of said individualized key set;
  
  retrieving a unique TRM private key for said TRM, said TRM private key being part of said individualized key set; and
  
  decrypting said portion of said software application with said TRM private key to recover said portion of said software application.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising the step of storing said portion of said software application on said TRM.
  - 10. The method of claim 8, wherein said individualized key set is generated by asymmetric encryption.
  - 11. The method of claim 8, wherein a certification authority (CA) having a CA public key digitally signs the TRM public key stored on said TRM to produce a public key certificate unique to said TRM and stored thereon, and wherein said public key certificate is verified prior to said receiving step.
  - 12. The method of claim 11, wherein said public key certificate is retrieved prior to said receiving step.
  - 13. The method of claim 11, wherein said public key certificate is verified using said CA public key.

14. Apparatus located on a tamper resistant module (TRM) for processing an incoming transmission by using an individualized key set for said TRM, the apparatus comprising:
- means for receiving said incoming transmission, said incoming transmission comprising at least a portion of a secure software application encrypted with a TRM public key, said TRM public key being also stored on said TRM, and said TRM public key forming part of said individualized key set;
  
  means for retrieving a unique TRM private key for said TRM, said TRM private key being part of said individualized key set; and
  
  means for decrypting said portion of said software application with said TRM private key to recover said portion of the software application.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The apparatus of claim 14, further comprising means for storing said portion of said software application on said TRM.
  - 16. The apparatus of claim 14, further comprising means for retrieving a public key certificate, said public key certificate being generated by a certificate authority (CA), said CA having a CA public key, and said CA digitally signing the TRM public key stored on said TRM.
  - 17. The apparatus of claim 16, further comprising means for transmitting said public key certificate.
  - 18. The apparatus of claim 16, wherein said public key certificate is verified using said CA public key.

19. A method for securely transporting data onto a tamper resistant module (TRM) by using an individualized key set for the TRM, the method comprising the steps of:
- providing a certification authority (CA) with a CA private key and a CA public key;
  
  storing a TRM private key and a TRM public key which form said individualized key set for said TRM, in a memory located on said TRM;
  
  encrypting said TRM public key with said first CA private key to form a public key certificate;
  
  storing said public key certificate on said TRM;
  
  retrieving said stored public key certificate from said TRM;
  
  verifying said public key certificate with said CA public key to ensure that said public key certificate is valid;
  
  encrypting at least a portion of said data using said TRM public key;
  
  transporting said portion of said data to said TRM; and
  
  decrypting said portion of said data using said TRM private key to retrieve said data.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein said data comprises a software application.

21. A method for securely transporting a software application onto a personal computer (PC) having at least one multiple application tamper resistant module (TRM), by using a key set individualized for each PC and TRM combination (PC/TRM), said method comprising the steps of:
- storing a key pair unique to each said PC/TRM in a memory located on said PC/TRM, said key pair comprising a PC/TRM public key and a PC/TRM private key;
  
  retrieving said PC/TRM public key from said PC/TRM;
  
  encrypting a portion of said software application using said PC/TRM public key;
  
  transmitting said portion of said software application to said PC/TRM; and
  
  decrypting said portion of said software application using said PC/TRM private key to recover said portion of said software application.

22. A method, performed by a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each combination of PC and TRM being referred to as a PC/TRM, for processing an incoming transmission of a software application to a PC/TRM by using an individualized key set for the PC/TRM, the method comprising the steps of:
- receiving said incoming transmission, said incoming transmission comprising at least a portion of the software application encrypted with a PC/TRM public key stored on said PC/TRM, said PC/TRM public key being part of said individualized key set;
  
  retrieving a unique PC/TRM private key for said PC/TRM, said PC/TRM private key being part of said individualized key set; and
  
  decrypting said portion of said software application with said PC/TRM private key to recover said portion of said software application.

23. Apparatus located on a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each combination of PC and TRM being referred to as a PC/TRM, for processing an incoming transmission by using an individualized key set for a PC/TRM, the apparatus comprising:
- means for receiving said incoming transmission, said incoming transmission comprising at least a portion of a secure software application encrypted with a PC/TRM public key, said PC/TRM public key being also stored on said PC/TRM, and said PC/TRM public key forming part of said individualized key set;
  
  means for retrieving a unique PC/TRM private key for said PC/TRM, said PC/TRM private key being part of said individualized key set; and
  
  means for decrypting said portion of said software application with said PC/TRM private key to recover said portion of said software application.

24. A method for securely transporting data onto a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each combination of PC and TRM being referred to as a PC/TRM, by using an individualized key set for each PC/TRM, the method comprising the steps of:
- providing a certification authority (CA) with a CA private key and a CA public key;
  
  storing a PC/TRM private key and a PC/TRM public key, which form said individualized key set for said PC/TRM, in a memory located on said PC/TRM;
  
  encrypting said PC/TRM public key with said first CA private key to form a public key certificate;
  
  storing said public key certificate on said PC/TRM;
  
  retrieving said stored public key certificate from said PC/TRM;
  
  verifying said public key certificate with said CA public key to ensure that said public key certificate is valid;
  
  encrypting at least a portion of said data using said PC/TRM public key;
  
  transporting said portion of said data to said PC/TRM; and
  
  decrypting said portion of said data using said PC/TRM private key to retrieve said data.

25. A method for securely loading an executable software application from an application provider onto a tamper resistant module (TRM) having a memory over a communications network, said method comprising the steps of:
- providing a TRM private key and a TRM public key for said TRM;
  
  encrypting at least one portion of said executable software application using an associated transport key, each said portion also having an associated location;
  
  creating an application unit which comprises said portion of said executable software application;
  
  encrypting said associated transport key and an indicator of said associated location using said TRM public key;
  
  forming a key transformation unit (KTU), said KTU comprising said associated transport key and said indicator;
  
  transmitting said application unit and said KTU to said TRM;
  
  decrypting said KTU using said TRM private key to recover said associated transport key and said indicator;
  
  identifying said portion of said executable software application;
  
  decrypting said portion of said executable software application using said associated transport key; and
  
  storing said portion of said executable software application in said memory on said TRM for subsequent execution.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 26. The method of claim 25, wherein said step of encrypting at least one portion of said executable software application comprises using a symmetric technique.
  - 27. The method of claim 26, wherein said symmetric technique is DES.
  - 28. The method of claim 25, wherein said TRM public key and said TRM private key are provided using an asymmetric technique.
  - 29. The method of claim 28, wherein said asymmetric technique is RSA.
  - 30. The method of claim 25, wherein said KTU further indicates an encryption technique used to encrypt said portion of said executable software application.
  - 31. The method of claim 25, further comprising the step of enciphering a second portion of said executable software application exclusive of said at least one portion of said executable software application that is encrypted.
  - 32. The method of claim 31, wherein said second portion is encrypted using a second encryption technique, and said KTU indicates said second encryption technique.
  - 33. The method of claim 31, wherein said second portion is encrypted using a second key, and said KTU indicates said second key.
  - 34. The method of claim 32, wherein said KTU comprises a location indicator for said second portion.
  - 35. The method of claim 25, wherein said at least one portion of said executable software application comprises a quantity of portions, and said KTU comprises an indicator identifying the quantity of portions.
  - 36. The method of claim 25, further comprising the steps of:
    - providing for a software application provider (SAP) an SAP key set comprising an SAP public key and an SAP private key, wherein said step of encrypting at least one portion of said executable software further comprises using said SAP private key to sign said portion, thereby producing a signed application;
      
      providing for a certification authority (CA) a CA key set comprising a CA public key and a CA private key;
      
      encrypting said SAP public key using said CA private key to produce an application load certificate; and
      
      transmitting said signed application and said application load certificate to said TRM.
  - 37. The method of claim 36, further comprising the step of verifying said application load certificate at the TRM with said CA public key.
  - 38. The method of claim 36, further comprising the step of verifying said signed application using the SAP public key from said application load certificate to produce a verified application unit.
  - 39. The method of claim 38, further comprising the step of comparing the verified application unit to the application unit to determine whether said verified application unit and said application unit are equivalent.
  - 40. The method of claim 25, wherein said executable application is transmitted to said tamper resistant module subsequent to the issuance of said tamper resistant module.

41. Tamper resistant module (TRM) apparatus, comprising:
- at least one TRM having a memory;
  
  an executable software application provided by a software application provider to said TRM;
  
  a communications link coupled to said TRM and to said software application provider;
  
  a TRM public key and a TRM private key for said TRM; and
  
  an arrangement;
  
  wherein;
  
  a portion of said executable software application is encrypted by said software application provider using an associated transport key, each said portion having an associated location;
  
  an application unit is created, said application unit comprising said portion of said executable software application;
  
  said associated transport key and an indicator of said associated location are encrypted using said TRM public key;
  
  a key transformation unit (KTU) is formed, said KTU comprising said associated transport key and said indicator;
  
  said application unit and said KTU are transmitted to said TRM over said communications link;
  
  said KTU is decrypted on said TRM using said TRM private key to recover said associated transport key and said indicator;
  
  said portion of said executable software application is identified;
  
  said portion of said executable software application is decrypted on said TRM using said associated transport key for each said portion to recover said executable software application; and
  
  said executable software application is stored on said TRM for subsequent execution.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 42. The apparatus of claim 41, wherein said executable software application is encrypted using a symmetric technique.
  - 43. The apparatus of claim 42, wherein said symmetric technique is DES.
  - 44. The apparatus of claim 41, wherein said TRM public key and said TRM private key are provided using an asymmetric technique.
  - 45. The apparatus of claim 44, wherein said asymmetric technique is RSA.
  - 46. The apparatus of claim 41, wherein said KTU further indicates an encryption technique used to encrypt said portion of said executable software application.
  - 47. The apparatus of claim 41, wherein said arrangement further comprises enciphering a second portion of said executable software application exclusive of said portion of said executable software application that is encrypted.
  - 48. The apparatus of claim 47, wherein said second portion is encrypted using a second encryption technique, and said KTU indicates said second encryption technique.
  - 49. The apparatus of claim 47, wherein said second portion is encrypted using a second key, and said KTU indicates said second key.
  - 50. The apparatus of claim 47, wherein said KTU comprises a location indicator for said second portion of said executable software application.
  - 51. The apparatus of claim 41, wherein said KTU indicates an associated location of each portion of said executable application.
  - 52. The apparatus of claim 41, wherein said portion of said executable software application comprises a quantity of portions, and said KTU comprises an indicator identifying the quantity of portions.
  - 53. The apparatus of claim 41, wherein:
    - a certification authority (CA) is provided with a CA key set comprising a CA public key and a CA private key;
      
      a software application provider (SAP) is provided with an SAP key set comprising an SAP public key and an SAP private key;
      
      said CA private key is used to sign said SAP public key to produce an application load certificate;
      
      said SAP private key is used to further sign said portion of said executable software application to produce a signed application; and
      
      said signed application and said application load certificate are transmitted to said TRM.
  - 54. The apparatus of claim 53, wherein the TRM verifies said application load certificate with said CA public key.
  - 55. The apparatus of claim 54, wherein said TRM verifies the signed application using the SAP public key from said application load certificate to produce a verified application unit.
  - 56. The apparatus of claim 55, wherein said verified application unit is compared to said application unit to determine whether said verified application unit and said application unit are equivalent.

57. A method for processing a data transmission, said method comprising the steps of:
- receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises at least one encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
  
  decrypting said KTU onto a tamper resistant module (TRM) to recover said first key and said location indicator;
  
  identifying said encrypted portion associated with said associated location;
  
  decrypting said encrypted portion of said executable software application onto said TRM using said first key for each encrypted portion; and
  
  storing said decrypted executable software application in memory of said TRM for subsequent execution.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
- - 58. The method of claim 57, wherein said second key is from a public key and private key set used in asymmetric encryption.
  - 59. The method of claim 57, wherein said KTU further indicates a technique used to encrypt said portion of said executable software application.
  - 60. The method of claim 57, further comprising the step of enciphering a second portion of said executable software application independently of said encrypted portion of said executable software application.
  - 61. The method of claim 60, wherein said second portion is encrypted using a second encryption technique, and said KTU indicates said second encryption technique.
  - 62. The method of claim 60, wherein said second portion is encrypted using a second key, and said KTU indicates said second key.
  - 63. The method of claim 60, wherein said KTU comprises a second location indicator for said second portion of said executable software application.
  - 64. The method of claim 57, wherein said KTU indicates an associated location for each portion of said executable application.
  - 65. The method of claim 57, further comprising the steps of:
    - providing a software application provider (SAP) with an SAP public key and an SAP private key;
      
      providing a certification authority (CA) with a CA public key and a CA private key;
      
      signing said SAP public key using said CA private key to produce an application load certificate;
      
      further encrypting said encrypted application using said SAP private key to produce a signed application; and
      
      transmitting said signed application and said application load certificate to said TRM.
  - 66. The method of claim 65, further comprising the step of said TRM verifying said application load certificate with said CA public key.
  - 67. The method of claim 66, further comprising the step of verifying the signed application using said SAP public key from said application load certificate to produce a verified application unit.
  - 68. The method of claim 67, wherein said verified application unit is compared to said application unit to determine whether said verified application unit and said application unit are equivalent.

69. Apparatus for processing a data transmission, said apparatus comprising:
- means for receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises an encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
  
  means for decrypting said KTU onto a tamper resistant module (TRM) to recover said first key and said location indicator;
  
  means for identifying said encrypted portion;
  
  means for decrypting said encrypted portion onto said TRM using said first key for said encrypted portion; and
  
  means for storing said decrypted executable software application in memory of said TRM for subsequent execution.
- View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77, 78, 79)
- - 70. The apparatus of claim 69, wherein said second key is from a public key and private key set used in asymmetric encryption.
  - 71. The apparatus of claim 69, wherein said KTU further indicates a technique used to encrypt said encrypted portion.
  - 72. The apparatus of claim 69, further comprising means for enciphering a second portion of said executable software application independently of said encrypted portion.
  - 73. The apparatus of claim 72, wherein said second portion is encrypted using a second encryption technique, and said KTU indicates said second encryption technique.
  - 74. The apparatus of claim 72, wherein said second portion is encrypted using a second key, and said KTU indicates said second key.
  - 75. The apparatus of claim 72, wherein said KTU comprises a location indicator for said second portion.
  - 76. The apparatus of claim 72, wherein said KTU comprises a location indicator for an associated location corresponding to each portion.
  - 77. The apparatus of claim 72, further comprising:
    - a certification authority (CA) arrangement providing a respective CA public key; and
      
      means for verifying an application load certificate using the CA public key.
  - 78. The apparatus of claim 77, further comprising means for providing a software application provider with an SAP public key for verifying the signed encrypted application using said SAP public key located in said verified application load certificate.
  - 79. The apparatus of claim 78, wherein said verified application signature is compared to said encrypted application to determine whether they are equivalent.

80. A method for securely loading an executable software application over a communications network from an application provider onto a personal computer (PC) having at least one tamper resistant module (TRM), said method comprising the steps of:
- providing a PC and TRM combination (PC/TRM) with a PC/TRM private key and a PC/TRM public key;
  
  encrypting a portion of said executable software application using an associated transport key, said portion also having an associated location;
  
  creating an application unit comprising said encrypted portion;
  
  encrypting said associated transport key and an indicator of said associated location using said PC/TRM public key;
  
  forming a key transformation unit (KTU) comprising said encrypted associated transport key and said indicator;
  
  transmitting said application unit and said KTU to said PC/TRM;
  
  decrypting said KTU using said PC/TRM private key to recover said associated transport key and said indicator;
  
  identifying said portion of said executable software application;
  
  decrypting said portion using said associated transport key; and
  
  storing said portion of said executable software application in said PC/TRM for subsequent execution.

81. Apparatus comprising:
- a personal computer (PC) having at least one tamper resistant module (TRM), each PC and TRM combination (PC/TRM) having a memory;
  
  an executable software application provided by a software application provider to said PC/TRM;
  
  a communications link coupled to said PC/TRM and to said software application provider;
  
  a PC/TRM public key and a PC/TRM private key for said PC/TRM; and
  
  an arrangement;
  
  wherein;
  
  a portion of said executable software application is encrypted by said software application provider using an associated transport key, said portion having an associated location;
  
  an application unit is created, said application unit comprising said encrypted portion of said executable software application;
  
  said associated transport key and an indicator of said associated location are encrypted using said PC/TRM public key;
  
  a key transformation unit (KTU) is formed, said KTU comprising said associated transport key and said indicator;
  
  said application unit and said KTU are transmitted to said PC/TRM over said communications link;
  
  said KTU is decrypted on said PC/TRM using said PC/TRM private key to recover said associated transport key and said indicator;
  
  said portion of said executable software application is identified;
  
  said portion of said executable software application is decrypted on said PC/TRM using said associated transport key for said portion to recover said executable software application; and
  
  said executable software application is stored on said TRM for subsequent execution.

82. A method for processing a data transmission, said method comprising the steps of:
- receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises an encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
  
  decrypting said KTU onto a personal computer (PC) having at least one tamper resistant module (TRM) to recover said first key and said location indicator;
  
  identifying said encrypted portion;
  
  decrypting said encrypted portion of said executable software application onto a combination of PC and TRM (PC/TRM) using said first key for said encrypted portion; and
  
  storing said decrypted executable software application in memory of said PC/TRM for subsequent execution.

83. Apparatus for processing a data transmission, said apparatus comprising:
- means for receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises an encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
  
  means for decrypting said KTU onto a personal computer (PC) having at least one tamper resistant module (TRM), a PC and TRM combination (PC/TRM) being operable to recover said first key and said location indicator;
  
  means for identifying said encrypted portion;
  
  means for decrypting said encrypted portion onto said PC/TRM using said first key for said encrypted portion; and
  
  means for storing said decrypted portion in memory of said PC/TRM for subsequent execution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Multos Ltd
Original Assignee
Multos Ltd
Inventors
Simmons, Ian, Miller, Stuart, Everett, David, Viner, John, Richards, Timothy, Peacham, Anthony

Granted Patent

US 7,734,923 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/194
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/77   in smart cards

G06F 2221/2115   Third party

G06K 19/0719   at least one of the integra...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/355   Personalisation of cards fo...

G06Q 20/3552   Downloading or loading of p...

G06Q 20/3574   Multiple applications on card

G06Q 20/35765   Access rights to memory zones

G06Q 20/4097   using mutual authentication...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3263   involving certificates, e.g...

Key transformation unit for a tamper resistant module

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

83 Claims

Specification

Solutions

Use Cases

Quick Links

Key transformation unit for a tamper resistant module

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

83 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links