Key transformation unit for a tamper resistant module
First Claim
1. A method for processing a data transmission, said method comprising the steps of:
- receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises at least one encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
decrypting said KTU onto a tamper resistant module (TRM) to recover said first key and said location indicator;
identifying said encrypted portion associated with said associated location;
decrypting said encrypted portion of said executable software application onto said TRM using said first key for each encrypted portion; and
storing said decrypted executable software application in memory of said TRM for subsequent execution.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).
105 Citations
25 Claims
-
1. A method for processing a data transmission, said method comprising the steps of:
-
receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises at least one encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
decrypting said KTU onto a tamper resistant module (TRM) to recover said first key and said location indicator;
identifying said encrypted portion associated with said associated location;
decrypting said encrypted portion of said executable software application onto said TRM using said first key for each encrypted portion; and
storing said decrypted executable software application in memory of said TRM for subsequent execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Apparatus for processing a data transmission, said apparatus comprising:
-
means for receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises an encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
means for decrypting said KTU onto a tamper resistant module (TRM) to recover said first key and said location indicator;
means for identifying said encrypted portion;
means for decrypting said encrypted portion onto said TRM using said first key for said encrypted portion; and
means for storing said decrypted executable software application in memory of said TRM for subsequent execution. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for processing a data transmission, said method comprising the steps of:
-
receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises an encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
decrypting said KTU onto a personal computer (PC) having at least one tamper resistant module (TRM) to recover said first key and said location indicator;
identifying said encrypted portion;
decrypting said encrypted portion of said executable software application onto a combination of PC and TRM (PC/TRM) using said first key for said encrypted portion; and
storing said decrypted executable software application in memory of said PC/TRM for subsequent execution.
-
-
25. Apparatus for processing a data transmission, said apparatus comprising:
-
means for receiving said data transmission, said data transmission comprising an executable software application encrypted with a first key, and a key transformation unit (KTU) encrypted with a second key, wherein said executable software application comprises an encrypted portion having an associated location, and said KTU comprises said first key and a location indicator for said associated location;
means for decrypting said KTU onto a personal computer (PC) having at least one tamper resistant module (TRM), a PC and TRM combination (PC/TRM) being operable to recover said first key and said location indicator;
means for identifying said encrypted portion;
means for decrypting said encrypted portion onto said PC/TRM using said first key for said encrypted portion; and
means for storing said decrypted portion in memory of said PC/TRM for subsequent execution.
-
Specification