SYSTEM AND METHOD FOR AUTHENTICATING A GAMING DEVICE
First Claim
1. A method for securing content to be used by a device comprising designating a plurality of portions of said content;
- storing a first value on said device;
generating a first signature on a first portion of said content, said first signature comprising a component which encrypts a second value such that said second value can be recovered using said first value;
generating a second signature on a second portion of said content, said second signature comprising a component which encrypts a third value such that said third value can be recovered using said second value; and
if more than two portions, generating other signatures that each include a component which encrypts a next value to be used by a next portion such that said next value can be recovered using a previous value recovered from a signature on a previous portion;
wherein said first value can be used to recover said second value from said first signature, said second value can be used to recover said third value from said second signature and, if necessary, said next values are recoverable using said previous values, such that a final value recovered from a respective signature on a last of said portions can be compared with said first value to authenticate said plurality of portions simultaneously.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.
-
Citations
20 Claims
-
1. A method for securing content to be used by a device comprising
designating a plurality of portions of said content; -
storing a first value on said device;
generating a first signature on a first portion of said content, said first signature comprising a component which encrypts a second value such that said second value can be recovered using said first value;
generating a second signature on a second portion of said content, said second signature comprising a component which encrypts a third value such that said third value can be recovered using said second value; and
if more than two portions, generating other signatures that each include a component which encrypts a next value to be used by a next portion such that said next value can be recovered using a previous value recovered from a signature on a previous portion;
wherein said first value can be used to recover said second value from said first signature, said second value can be used to recover said third value from said second signature and, if necessary, said next values are recoverable using said previous values, such that a final value recovered from a respective signature on a last of said portions can be compared with said first value to authenticate said plurality of portions simultaneously. - View Dependent Claims (3, 4, 5, 6)
-
-
2. The method according to claim 2 wherein each said signature is an ECPV signature with the respective portion of said content being the visible message and the respective one of said values is recoverable by using the respective one of said values and the respective portion of said content to generate a decryption key for decrypting the respective component.
-
7. A method for authenticating content to be used by a device comprising:
-
obtaining a first value stored on said device;
obtaining a first signature on a first of a plurality of portions of said content, said first signature comprising a component which encrypts a second value;
recovering said second value using said first value;
obtaining a second signature on a second of said plurality of portions of said content, said second signature comprising a component which encrypts a third value;
recovering said third value using said second value recovered from said first signature;
if more than two portions, obtaining other signatures that each include a component which encrypts a next value and recovering said next value using a previous value recovered from a signature on a previous portion; and
comparing a final value recovered from a signature on a last of said plurality of portions with said first value to authenticate all said plurality of portions simultaneously. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for downloading a new module for content to be used by a device, said method comprising:
-
obtaining a signature on an entry module for a component of said content, said component comprising a plurality of modules, each comprising a signature, one of said plurality of modules being said entry module and one of said plurality of modules being an end module, said signature on said entry module comprising a signature component which encrypts an intermediate value such that said intermediate value can be recovered using a value stored on said device, the signature on said end module comprising a signature component which encrypts a next value such that said next value can be recovered using said intermediate value, and if more than two modules exist in addition to said entry and end modules, other modules of said component having a signature which comprises a signature component which encrypts said intermediate value such that said intermediate value can be recovered using said intermediate value recovered from a respective signature on a previous module;
recovering said intermediate value from said signature on said entry module;
obtaining a signature on said new module, said signature on said new module comprising a signature component which encrypts said intermediate value such that said intermediate value can be recovered using said intermediate value;
using said intermediate value recovered from said signature on said entry module to recover said intermediate value from said signature on said new module;
obtaining said signature on said end module and using said intermediate value recovered from said signature on said new module to obtain said next value;
using said next value as a key for a keyed hash function and applying said keyed hash function to another component of said content to obtain an authentication code; and
comparing said authentication code to a stored authentication code previously generated on said another component to authenticate said new module and said content.
-
-
17. A method for securing content to be used by a device comprising:
-
preparing an encrypted image by encrypting at least a portion of said content such that said portion can be recovered by decrypting said encrypted image using a key;
encrypting said key in a first signature component which permits said key to be recovered from said first signature component using information specific to said device; and
making available to said device, a signature comprising said first signature component, to enable said device to recover said key from said first signature component using said information specific to said device and to decrypt said portion.
-
-
18. A method for authenticating content to be used by a device comprising:
-
obtaining a signature comprising a first signature component encrypting a key that can be recovered therefrom;
obtaining information specific to said device;
recovering said key from said first signature component using said information specific to said device; and
using said key to decrypt an encrypted image of at least a portion of said content to recover said portion;
wherein if said portion is operable on said device, said content is implicitly authenticated.
-
-
19. A method for securing content to be used by a device comprising:
-
designating a plaintext first portion of said content and a plaintext second portion of said content;
encrypting said plaintext first portion to create an encrypted first portion;
storing said encrypted first portion and said plaintext second portion on said device; and
generating a signature including said encrypted first portion and said plaintext second portion as components thereof wherein said signature can be used to recover said plaintext first portion from said encrypted first portion to enable said device to utilize said plaintext first portion.
-
-
20. A method for authenticating content to be used by a device comprising:
-
obtaining a signature comprising an encrypted first portion of said content and a plaintext second portion of said content as components thereof;
utilizing said signature to recover a plaintext first portion from said encrypted first portion; and
authenticating said content according to said plaintext first portion recovered from said signature.
-
Specification