Secure Loading And Storing Of Data In A Data Processing Device

US 20080133929A1
Filed: 09/07/2005
Published: 06/05/2008
Est. Priority Date: 10/11/2004
Status: Active Grant

First Claim

Patent Images

1-32. -32. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a method of loading data into a data processing device. The method comprises receiving a payload data item by the data processing device; performing a cryptographic authentication process to ensure the authenticity of the payload data item; storing the authenticated received payload data item in the data processing device; and integrity protecting the stored payload data item. The cryptographic authentication process comprises calculating an audit hash value of at least the received data item. Integrity protecting further comprises calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.

Citations

63 Claims

1-32. -32. (canceled)

33. A method of loading data into a data processing device, comprising the steps of:
- receiving a payload data item by the data processing device;
  
  performing a cryptographic authentication process to ensure the authenticity of the payload data item by calculating an audit hash value of at least the received data item;
  
  storing the authenticated received payload data item in the data processing device, andintegrity protecting the stored payload data item by calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 34. The method according to claim 33, wherein the step of performing a cryptographic authentication process further comprises:
    - receiving a reference hash value; and
      
      comparing the received reference hash value with the calculated audit hash value to verify the authenticity of the received payload data item.
  - 35. The method according to claim 34, wherein the step of performing a cryptographic authentication process includes digitally signing the data item according to a public key cryptosystem.
  - 36. The method according to claim 35, further comprising the steps of:
    - receiving the payload data item, a digital signature data item and a digitally signed digital certificate data item, wherein the digital certificate data item includes a first public key and wherein the digital signature data item includes a reference hash value encrypted with a first private key corresponding to the first public key;
      
      authenticating the digitally signed digital certificate data item against a root public key stored in the data processing device;
      
      authenticating the digital signature data item against the authenticated digital certificate; and
      
      comparing the received reference hash value with the calculated audit hash value to verify the authenticity of the received payload data item.
  - 37. The method according to claim 35, further comprising the step of cryptographically authenticating the reference hash value;
    - and wherein the step of calculating the reference message authentication code value is performed only if the reference hash value is successfully authenticated.
  - 38. The method according to claim 33, wherein the step of integrity protecting further comprises storing the calculated reference message authentication code value in relation to the received payload data item.
  - 39. The method according to claim 33, wherein the step of calculating the reference message authentication code value further comprises calculating the reference message authentication code value of a combined data item derived from at least the audit hash value and a random number.
  - 40. The method according to any claim 33, wherein the step of calculating the reference message authentication code value further comprises calculating the reference message authentication code value of a combined data item derived from at least the audit hash value and a version control data item.
  - 41. The method according to claim 40, further comprising the step of storing a version control data record in a version control data structure, the version control data record including information about the received payload data item including at least the version control data item.
  - 42. The method according to claim 41, wherein the stored version control data record is integrity protected.
  - 43. The method according to claim 41, wherein the version control data record comprises a version counter.
  - 44. The method according to claim 43, wherein the version control data record further comprises a back counter identifying a number of previous versions that may replace the current version of the payload data item.
  - 45. The method according to claim 33, wherein the secret key is a secret data item unique to the data processing device.
  - 46. The method according to claim 33, wherein the secret key is a secret data item known only to the data processing device.
  - 47. The method according to claim 33, wherein the step of receiving the payload data item further comprises the step of receiving a delta update of a previously received current data item, andgenerating the payload data item as an updated payload data item from the previously received current data item and the received delta update.

48. A computer program run on a data processing device, comprising:
- program code means adapted to cause the data processing device to receive a payload data item by the data processing device;
  
  perform a cryptographic authentication process to ensure the authenticity of the payload data item by calculating an audit hash value of at least the received data item;
  
  store the authenticated received payload data item in the data processing device; and
  
  integrity protect the stored payload data item by calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.

49. A data processing device comprising a first processing circuit adapted to:
- receive a payload data item by the data processing device;
  
  perform a cryptographic authentication process to ensure the authenticity of the payload data item by calculating an audit hash value of at least the received data item;
  
  store the authenticated received payload data item in the data processing device; and
  
  integrity protect the stored payload data item by calculating a reference message authentication code value of at least the audit hash value using a secret key stored in the data processing device as an input.
- View Dependent Claims (50, 51, 52)
- - 50. The data processing device according to claim 49, further comprising storage means adapted to store the received payload data item;
    - and a second processing circuit connected to the storage means and to the first processing circuit;
      
      wherein the second processing circuit is adapted to provide to the first processing circuit at least read access to the storage means.
  - 51. The data processing device according to claim 49, wherein the first processing circuit comprises local storage means for storing a root public key of an asymmetric cryptographic system.
  - 52. The data processing device according to claim 49, wherein the first processing circuit comprises local storage means for storing said secret key.

53. A method of protecting the integrity of a current version of a data item stored in a data processing device, the method comprising the steps of:
- determining a reference hash value of at least the data item;
  
  calculating a reference message authentication code value from the determined reference hash value using a secret key stored in the data processing device by calculating the reference message authentication code value from a combined data item derived from the determined reference hash value and at least a part of a version control data record, the version control data record including version control information about the current version of the data item; and
  
  storing the calculated reference message authentication code value in relation to the data item.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61)
- - 54. The method according to claim 53, wherein the version control data record comprises a version counter;
    - and wherein calculating the reference message authentication code value comprises the step of calculating a reference message authentication code value from a combined data item derived from the determined reference hash value and at least the version counter.
  - 55. A method according to claim 54, wherein the version control data record further comprises a back counter identifying a number of previous versions that may replace the current version;
    - and wherein calculating the reference message authentication code value comprises calculating a reference message authentication code value from a combined data item derived from the determined reference hash value and at least the back counter.
  - 56. The method according to claim 53, wherein the version control data record further comprises the reference hash value for the current version of the data item.
  - 57. The method according to claim 53, further comprising generating the version control data record;
    - and storing the version control data record in a version control data structure.
  - 58. The method according to claim 57, further comprising the step of integrity protecting the version control data record.
  - 59. The method according to claim 53, wherein the secret key is a secret data item unique to the data processing device.
  - 60. The method according to claim 53, wherein the secret key is a secret data item known only to the data processing device.
  - 61. The method according to claim 53, further comprising the steps of:
    - receiving a delta update of a previously received current data item; and
      
      generating the data item as an updated data item from the previously received current data item and the received delta update.

62. A method of verifying the integrity of a current version of a data item stored in a data processing device, the method comprising the steps of:
- calculating an audit hash value of the data item;
  
  calculating an audit message authentication code value from the calculated audit hash value using a secret key stored in the data processing device by calculating an audit message authentication code value from a combined data item derived from the calculated audit hash value and at least a part of the version control data record,comparing the calculated audit message authentication code value with a reference message authentication code value stored in relation to the data item; and
  
  retrieving a version control data record, the version control data record including version control information about the current version of the data item; and
  
  that calculating the audit message authentication code value comprises.

63. A data processing device comprising:
- storage means for storing a current version of a data item and a version control data record, the version control data record including version control information about the current version of the data item; and
  
  processing means adapted to determine a reference hash value of at least the data item, calculate a reference message authentication code value from the determined reference hash value using a secret key stored in the data processing device by calculating the reference message authentication code value from a combined data item derived from the determined reference hash value and at least a part of a version control data record, the version control data record including version control information about the current version of the data item, and store the calculated reference message authentication code value in relation to the data item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NovaCloud Licensing LLC
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Smeets, Bernard, Gehrmann, Christian

Granted Patent

US 8,627,086 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/179
CPC Class Codes

G06F 21/51 at application loading time...

Secure Loading And Storing Of Data In A Data Processing Device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Loading And Storing Of Data In A Data Processing Device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links