Key transformation unit for a tamper resistant module
First Claim
1. A method for securely loading an executable software application from an application provider onto a tamper resistant module (TRM) having a memory over a communications network, said method comprising the steps of:
- providing a TRM private key and a TRM public key for said TRM;
encrypting at least one portion of said executable software application using an associated transport key, each said portion also having an associated location;
creating an application unit which comprises said portion of said executable software application;
encrypting said associated transport key and an indicator of said associated location using said TRM public key;
forming a key transformation unit (KTU), said KTU comprising said associated transport key and said indicator;
transmitting said application unit and said KTU to said TRM;
decrypting said KTU using said TRM private key to recover said associated transport key and said indicator;
identifying said portion of said executable software application;
decrypting said portion of said executable software application using said associated transport key;
storing said portion of said executable software application in said memory on said TRM for subsequent execution;
providing for a software application provider (SAP) an SAP key set comprising an SAP public key and an SAP private key, wherein said step of encrypting at least one portion of said executable software further comprises using said SAP private key to sign said portion, thereby producing a signed application;
providing for a certification authority (CA) a CA key set comprising a CA public key and a CA private key;
encrypting said SAP public key using said CA private key to produce an application load certificate; and
transmitting said signed application and said application load certificate to said TRM.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).
103 Citations
8 Claims
-
1. A method for securely loading an executable software application from an application provider onto a tamper resistant module (TRM) having a memory over a communications network, said method comprising the steps of:
-
providing a TRM private key and a TRM public key for said TRM;
encrypting at least one portion of said executable software application using an associated transport key, each said portion also having an associated location;
creating an application unit which comprises said portion of said executable software application;
encrypting said associated transport key and an indicator of said associated location using said TRM public key;
forming a key transformation unit (KTU), said KTU comprising said associated transport key and said indicator;
transmitting said application unit and said KTU to said TRM;
decrypting said KTU using said TRM private key to recover said associated transport key and said indicator;
identifying said portion of said executable software application;
decrypting said portion of said executable software application using said associated transport key;
storing said portion of said executable software application in said memory on said TRM for subsequent execution;
providing for a software application provider (SAP) an SAP key set comprising an SAP public key and an SAP private key, wherein said step of encrypting at least one portion of said executable software further comprises using said SAP private key to sign said portion, thereby producing a signed application;
providing for a certification authority (CA) a CA key set comprising a CA public key and a CA private key;
encrypting said SAP public key using said CA private key to produce an application load certificate; and
transmitting said signed application and said application load certificate to said TRM. - View Dependent Claims (2, 3, 4)
-
-
5. Tamper resistant module (TRM) apparatus, comprising:
-
at least one TRM having a memory;
an executable software application provided by a software application provider to said TRM;
a communications link coupled to said TRM and to said software application provider;
a TRM public key and a TRM private key for said TRM; and
an arrangement;
wherein;
a portion of said executable software application is encrypted by said software application provider using an associated transport key, each said portion having an associated location;
an application unit is created, said application unit comprising said portion of said executable software application;
said associated transport key and an indicator of said associated location are encrypted using said TRM public key;
a key transformation unit (KTU) is formed, said KTU comprising said associated transport key and said indicator;
said application unit and said KTU are transmitted to said TRM over said communications link;
said KTU is decrypted on said TRM using said TRM private key to recover said associated transport key and said indicator;
said portion of said executable software application is identified;
said portion of said executable software application is decrypted on said TRM using said associated transport key for each said portion to recover said executable software application;
said executable software application is stored on said TRM for subsequent execution;
a certification authority (CA) is provided with a CA key set comprising a CA public key and a CA private key;
a software application provider (SAP) is provided with an SAP key set comprising an SAP public key and an SAP private key;
said CA private key is used to sign said SAP public key to produce an application load certificate;
said SAP private key is used to further sign said portion of said executable software application to produce a signed application; and
said signed application and said application load certificate are transmitted to said TRM. - View Dependent Claims (6, 7, 8)
-
Specification