Tamper resistant module certification authority
First Claim
1. Secure apparatus comprising:
- a certification authority for which a key pair comprising a public key and a private key are generated;
at least one multiple application tamper resistant module (TRM) comprising said public key of said certification authority and a TRM identifier for uniquely identifying each said TRM;
means for creating at said certification authority a personalization data block for at least one TRM identifier, means for encrypting at least one personalization data block and forwarding said at least one encrypted data block to a personalization bureau;
means for loading at said personalization bureau each said encrypted data block onto the TRM having the TRM identifier matching said encrypted personalization data block;
means for determining, based on said at least one encrypted personalization data block, whether at least one of said TRM'"'"'s is qualified to accept the loading of a specific software application;
means for authenticating said application for loading onto said at least one TRM by using said public key of said certification authority; and
loading means responsive to said determining and authenticating means for securely loading said application onto said at least one TRM.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparati for securely loading one or more computer software applications onto a tamper resistant module (TRM) (107) and for securely deleting one or more applications from the TRM. An embodiment of the invention comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM'"'"'s to accept loading of an application. Thereafter, the method provides for loading the application onto the TRM (107) only after the first step determines that the TRM (107) is qualified to accept the loading of the application. Another embodiment comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM'"'"'s to accept deleting of an application. Thereafter, the method provides for deleting the application from the TRM (107) only when the first step determines that the TRM (107) is qualified to accept the deleting of the application.
-
Citations
11 Claims
-
1. Secure apparatus comprising:
-
a certification authority for which a key pair comprising a public key and a private key are generated;
at least one multiple application tamper resistant module (TRM) comprising said public key of said certification authority and a TRM identifier for uniquely identifying each said TRM;
means for creating at said certification authority a personalization data block for at least one TRM identifier, means for encrypting at least one personalization data block and forwarding said at least one encrypted data block to a personalization bureau;
means for loading at said personalization bureau each said encrypted data block onto the TRM having the TRM identifier matching said encrypted personalization data block;
means for determining, based on said at least one encrypted personalization data block, whether at least one of said TRM'"'"'s is qualified to accept the loading of a specific software application;
means for authenticating said application for loading onto said at least one TRM by using said public key of said certification authority; and
loading means responsive to said determining and authenticating means for securely loading said application onto said at least one TRM. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Secure apparatus comprising:
-
at least one multiple application tamper resistant module (TRM), each said TRM comprising a public key for authenticating a source of any message to said TRM from an authority holding a corresponding secret key, a TRM enablement key for facilitating TRM specific confidentiality, a TRM identifier for uniquely identifying each TRM, and memory storing an operating system;
personalization means for activating each said TRM at a personalization bureau, said personalization means comprising means for compiling a list of said TRM identifiers and means for forwarding said list to said authority;
means for creating at said authority a personalization data block for each TRM identifier forwarded to said authority, each said data block comprising TRM personalization data and an individual key set for each of said corresponding TRM'"'"'s;
means for encrypting each of said data blocks;
means for forwarding said encrypted data blocks to said personalization bureau;
means for checking whether each said TRM enablement key has been set and, when not set, for matching said corresponding TRM identifier with said encrypted data block, loading said encrypted data block onto its matched corresponding TRM, and setting said corresponding enablement key;
means for determining whether a TRM is qualified to accept the loading of a specific software application;
checking means for authenticating said specific application to be loaded by checking whether said application has been signed by said authority; and
means responsive to said determining and checking means for loading said specific application onto at least one TRM.
-
-
9. A method for securely loading at least one software application onto a tamper resistant module (TRM), said method comprising:
-
transmitting security data, comprising a public key of a certification authority, onto said TRM;
creating at said certification authority a personalization data block for said TRM, encrypting said data block, and forwarding said encrypted data block to a personalization bureau;
loading said encrypted data block onto said TRM;
determining, based at least on said encrypted data block, whether said TRM is qualified to accept the loading of a specific software application;
authenticating said application for loading onto said TRM by using said public key; and
loading said application in the event said TRM is qualified and said application is authenticated.
-
-
10. A method for securely deleting one or more software applications from a tamper resistant module (TRM), said method comprising the steps of:
-
transmitting security data, comprising a public key of a certification authority, onto said TRM;
creating at said certification authority a personalization data block for said TRM;
encrypting said data block and forwarding said encrypted data block to a personalization bureau;
loading said encrypted data block onto said TRM;
determining, based at least on said encrypted data block, whether said TRM is qualified to accept the deleting of a specific software application; and
deleting said application in the event said TRM is qualified.
-
-
11. Secure apparatus comprising:
-
a certification authority for which a key pair comprising a public key and a private key are generated;
a personal computer (PC) having at least one multiple application tamper resistant module (TRM), each PC and TRM combination (PC/TRM) comprising said public key of said certification authority and an identifier for uniquely identifying each said PC/TRM;
means for creating at said certification authority a personalization data block for at least one PC/TRM identifier;
means for encrypting at least one personalization data block and forwarding said at least one encrypted data block to a personalization bureau;
means for loading at said personalization bureau each said encrypted data block onto the PC/TRM having the PC/TRM identifier matching said encrypted personalization data block;
means for determining, based on said at least one encrypted personalization data block, whether at least one of said PC/TRM'"'"'s is qualified to accept the loading of a specific software application;
means for authenticating said application for loading onto said at least one PC/TRM by using said public key of said certification authority; and
loading means responsive to said determining and authenticating means for securely loading said application onto said at least one PC/TRM.
-
Specification