Tamper resistant module certification authority
First Claim
1. A method for securely loading a software application onto at least one tamper resistant module (TRM), said method comprising:
- determining, based at least upon an encrypted personalization data block, whether the at least one TRM is part of a qualified set of TRM'"'"'s to accept loading of said application; and
loading the application onto the TRM only after the determining step determines that the TRM is qualified to accept the loading of the application.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparati for securely loading one or more computer software applications onto a tamper resistant module (TRM) (107) and for securely deleting one or more applications from the TRM. An embodiment of the invention comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM'"'"'s to accept loading of an application. Thereafter, the method provides for loading the application onto the TRM (107) only after the first step determines that the TRM (107) is qualified to accept the loading of the application. Another embodiment comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM'"'"'s to accept deleting of an application. Thereafter, the method provides for deleting the application from the TRM (107) only when the first step determines that the TRM (107) is qualified to accept the deleting of the application.
111 Citations
52 Claims
-
1. A method for securely loading a software application onto at least one tamper resistant module (TRM), said method comprising:
-
determining, based at least upon an encrypted personalization data block, whether the at least one TRM is part of a qualified set of TRM'"'"'s to accept loading of said application; and
loading the application onto the TRM only after the determining step determines that the TRM is qualified to accept the loading of the application.
-
-
2. A method for securely deleting a software application from at least one tamper resistant module (TRM), the method comprising:
-
determining, based at least upon an encrypted personalization data block, whether the at least one TRM is part of a qualified set of TRM'"'"'s to accept deleting of said application; and
deleting the application from the TRM only after the determining step determines that the TRM is qualified to accept the deleting of the application.
-
-
3. Secure apparatus comprising:
-
a certification authority for which a key pair comprising a public key and a private key are generated;
at least one multiple application tamper resistant module (TRM) comprising said public key of said certification authority and a TRM identifier for uniquely identifying each said TRM;
means for creating at said certification authority a personalization data block for at least one TRM identifier, means for encrypting at least one personalization data block and forwarding said at least one encrypted data block to a personalization bureau;
means for loading at said personalization bureau each said encrypted data block onto the TRM having the TRM identifier matching said encrypted personalization data block;
means for determining, based on said at least one encrypted personalization data block, whether at least one of said TRM'"'"'s is qualified to accept the loading of a specific software application;
means for authenticating said application for loading onto said at least one TRM by using said public key of said certification authority; and
loading means responsive to said determining and authenticating means for securely loading said application onto said at least one TRM. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
10. Secure apparatus comprising:
-
at least one multiple application tamper resistant module (TRM), each said TRM comprising a public key for authenticating a source of any message to said TRM from an authority holding a corresponding secret key, a TRM enablement key for facilitating TRM specific confidentiality, a TRM identifier for uniquely identifying each TRM, and memory storing an operating system;
personalization means for activating each said TRM at a personalization bureau, said personalization means comprising means for compiling a list of said TRM identifiers and means for forwarding said list to said authority;
means for creating at said authority a personalization data block for each TRM identifier forwarded to said authority, each said data block comprising TRM personalization data and an individual key set for each of said corresponding TRM'"'"'s;
means for encrypting each of said data blocks;
means for forwarding said encrypted data blocks to said personalization bureau;
means for checking whether each said TRM enablement key has been set and, when not set, for matching said corresponding TRM identifier with said encrypted data block, loading said encrypted data block onto its matched corresponding TRM, and setting said corresponding enablement key;
means for determining whether a TRM is qualified to accept the loading of a specific software application;
checking means for authenticating said specific application to be loaded by checking whether said application has been signed by said authority; and
means responsive to said determining and checking means for loading said specific application onto at least one TRM.
-
-
11. A method for securely loading at least one software application onto a tamper resistant module (TRM), said method comprising:
-
transmitting security data, comprising a public key of a certification authority, onto said TRM;
creating at said certification authority a personalization data block for said TRM, encrypting said data block, and forwarding said encrypted data block to a personalization bureau;
loading said encrypted data block onto said TRM;
determining, based at least on said encrypted data block, whether said TRM is qualified to accept the loading of a specific software application;
authenticating said application for loading onto said TRM by using said public key; and
loading said application in the event said TRM is qualified and said application is authenticated.
-
-
12. A method for securely deleting one or more software applications from a tamper resistant module (TRM), said method comprising the steps of:
-
transmitting security data, comprising a public key of a certification authority, onto said TRM;
creating at said certification authority a personalization data block for said TRM;
encrypting said data block and forwarding said encrypted data block to a personalization bureau;
loading said encrypted data block onto said TRM;
determining, based at least on said encrypted data block, whether said TRM is qualified to accept the deleting of a specific software application; and
deleting said application in the event said TRM is qualified.
-
-
13. Apparatus comprising:
-
at least one tamper resistant module (TRM); and
a software application;
wherein;
each TRM comprises TRM personalization data representative of said TRM, and said application is assigned a permissions data set representing at least one TRM upon which said application is permitted to be loaded;
said apparatus further comprising means for determining whether said TRM personalization data falls within said permissions data set.
-
-
14. Apparatus comprising:
at least one tamper resistant module (TRM), a software application to be loaded onto a TRM, and means for determining whether a TRM is qualified to accept the loading of said application onto said TRM, wherein each TRM comprises TRM personalization data, and said application is assigned application permissions data representing at least one TRM upon which said application is permitted to be loaded. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
21. Apparatus comprising:
-
at least one tamper resistant module (TRM); and
a software application;
wherein;
said TRM comprises TRM personalization data representative of said TRM, and said application is assigned a permissions data set representing at least one TRM upon which said application is permitted to be loaded;
said apparatus further comprising means for determining whether said personalization data falls within said permissions data set. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for loading a software application onto a TRM, said method comprising:
determining whether said TRM is qualified to accept the loading of said application onto said TRM, wherein said determining step comprises the substeps of;
providing said TRM with personalization data;
assigning to said application permissions data representing at least one set of TRM'"'"'s upon which said application is permitted to be loaded;
comparing said personalization data with said permissions data; and
loading said application onto said TRM, provided said personalization data falls within said set of TRM'"'"'s upon which said application is permitted to be loaded. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
-
39. A method for deleting a software application from a TRM, said method comprising the steps of:
determining whether said TRM is qualified to delete said application based upon permissions data associated with said application, wherein said determining step comprises the substeps of;
providing said TRM with personalization data;
assigning to said application permissions data representing at least one set of TRM'"'"'s from which said application is permitted to be deleted;
comparing said personalization data with said permissions data; and
deleting said application from said TRM provided said personalization data falls within said set of TRM'"'"'s from which said application is permitted to be deleted. - View Dependent Claims (40, 41, 42, 43)
-
44. Apparatus comprising:
-
at least one tamper resistant module (TRM);
a software application to be deleted from said TRM; and
means for determining whether a TRM is qualified to delete said application from said TRM, wherein each TRM comprises TRM personalization data, and said application is assigned application permissions data representing at least one TRM from which said application is permitted to be deleted. - View Dependent Claims (45, 46)
-
-
47. Secure apparatus comprising:
-
a certification authority for which a key pair comprising a public key and a private key are generated;
a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each PC and TRM combination (PC/TRM) comprising said public key of said certification authority and an identifier for uniquely identifying each said PC/TRM;
means for creating at said certification authority a personalization data block for at least one PC/TRM identifier;
means for encrypting at least one personalization data block and forwarding said at least one encrypted data block to a personalization bureau;
means for loading at said personalization bureau each said encrypted data block onto the PC/TRM having the PC/TRM identifier matching said encrypted personalization data block;
means for determining, based on said at least one encrypted personalization data block, whether at least one of said PC/TRM'"'"'s is qualified to accept the loading of a specific software application;
means for authenticating said application for loading onto said at least one PC/TRM by using said public key of said certification authority; and
loading means responsive to said determining and authenticating means for securely loading said application onto said at least one PC/TRM.
-
-
48. Secure apparatus comprising:
-
a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each said PC and TRM combination (PC/TRM) having a public key for authenticating a source of any message to said PC/TRM from an authority holding a corresponding secret key, a PC/TRM enablement key for facilitating PC/TRM specific confidentiality, an identifier for uniquely identifying each PC/TRM, and memory storing an operating system;
personalization means for activating each said PC/TRM at a personalization bureau, said personalization means comprising means for compiling a list of said PC/TRM identifiers and means for forwarding said list to said authority;
means for creating at said authority a personalization data block for each PC/TRM identifier forwarded to said authority, each said data block comprising PC/TRM personalization data and an individual key set for each of said corresponding PC/TRM'"'"'s;
means for encrypting each of said data blocks;
means for forwarding said encrypted data blocks to said personalization bureau;
means for checking whether each said PC/TRM enablement key has been set and, when not set, for matching said corresponding PC/TRM identifier with said encrypted data block, loading said encrypted data block onto its matched corresponding PC/TRM, and setting said corresponding enablement key;
means for determining whether a PC/TRM is qualified to accept the loading of a specific software application;
checking means for authenticating said specific application to be loaded by checking whether said application has been signed by said authority; and
means responsive to said determining and checking means for loading said specific application onto at least one PC/TRM.
-
-
49. Apparatus comprising:
-
a personal computer (PC) having at least one tamper resistant module (TRM); and
a software application;
wherein;
each PC and TRM combination (PC/TRM) comprises PC/TRM personalization data representative of said PC/TRM, and said application is assigned a permissions data set representing at least one PC/TRM upon which said application is permitted to be loaded;
said apparatus further comprising means for determining whether said PC/TRM personalization data falls within said permissions data set.
-
-
50. Apparatus comprising:
a personal computer (PC) having at least one tamper resistant module (TRM), a software application to be loaded onto a PC and TRM combination (PC/TRM), and means for determining whether a PC/TRM is qualified to accept the loading of said application onto said PC/TRM, wherein each PC/TRM comprises PC/TRM personalization data, and said application is assigned application permissions data representing at least one PC/TRM upon which said application is permitted to be loaded.
-
51. Apparatus comprising:
-
a personal computer (PC), having at least one tamper resistant module (TRM); and
a software application;
wherein;
each PC and TRM combination (PC/TRM) comprises PC/TRM personalization data representative of said PC/TRM, and said application is assigned a permissions data set representing at least one PC/TRM upon which said application is permitted to be loaded;
said apparatus further comprising means for determining whether said personalization data falls within said permissions data set.
-
-
52. Apparatus comprising:
-
a personal computer (PC) having at least one tamper resistant module (TRM);
a software application to be deleted from a PC and TRM combination (PC/TRM); and
means for determining whether a PC/TRM is qualified to delete said application from said PC/TRM, wherein each PC/TRM comprises PC/TRM personalization data, and said application is assigned application permissions data representing at least one PC/TRM from which said application is permitted to be deleted.
-
Specification