Method for Authorizing and Authenticating Data

US 20080267410A1
Filed: 02/27/2008
Published: 10/30/2008
Est. Priority Date: 02/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating data to be processed in a digital processing system, comprising the steps of:

generating a first key comprising a first public key portion and a first private key portion;

transferring the first public key portion and a digital representation of associated entitlements to the digital processing system;

generating a second key comprising a second public key portion and a second private key portion;

authorizing the second key using the first key producing a signature of the second key and associating entitlements with the second key, the associated entitlements being within the entitlements associated with the first key;

transferring the second public key portion and the associated signature and a digital representation of the associated entitlements to the digital processing system;

authenticating the second public key portion using the first public key portion and verifying that entitlements associated with the second public key portion are within the entitlements associated with the first public key portion.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a corresponding apparatus for authenticating data in a digital processing system (DPS) is disclosed, wherein a root/first tier key pair associated with a first tier/root authority may sign data and second tier keys for authorizing data for processing in the DPS. The first tier/root authority may pass entitlements to the authorized second tier key, which may itself authorize third tier keys and pass entitlements to said key.

36 Citations

View as Search Results

22 Claims

1. A method for authenticating data to be processed in a digital processing system, comprising the steps of:
- generating a first key comprising a first public key portion and a first private key portion;
  
  transferring the first public key portion and a digital representation of associated entitlements to the digital processing system;
  
  generating a second key comprising a second public key portion and a second private key portion;
  
  authorizing the second key using the first key producing a signature of the second key and associating entitlements with the second key, the associated entitlements being within the entitlements associated with the first key;
  
  transferring the second public key portion and the associated signature and a digital representation of the associated entitlements to the digital processing system;
  
  authenticating the second public key portion using the first public key portion and verifying that entitlements associated with the second public key portion are within the entitlements associated with the first public key portion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the entitlements associated with a key comprise the entitlement to authorize data for processing in the digital processing system and the entitlement to pass an associated entitlement to another key when authorizing said key.
  - 3. The method of claim 1, wherein the entitlements associated with a key comprise the entitlement to authorize data for processing by a specific element or elements of the digital processing system and the entitlement to pass an associated entitlement to another key when authorizing said key.
  - 4. The method of claim 1, wherein the first public key portion transferred to the digital processing system is a first tier public key accepted by the digital processing system without authentication.
  - 5. The method of claim 1, wherein the signature covers the entitlements associated with a public key.
  - 6. The method of claim 1, wherein digital representation of associated entitlements are stored in one-time programmable memory comprised in the digital processing system.
  - 7. The method of claim 1, wherein a key and the digital representation of associated entitlements are stored in one-time programmable memory comprised in the digital processing system.
  - 8. The method of claim 1, wherein a key is stored in mask programmed ROM and the digital representation of associated entitlements are stored in one-time programmable memory comprised in the digital processing system.
  - 9. The method of claim 1, wherein a transferred key and the digital representation of associated entitlements and the signature are stored in memory comprised in the digital processing system, and wherein the key and its associated entitlements are authenticated each time said key is used.
  - 10. The method of claim 1, wherein the digital processing system comprises at least two authorization domains.
  - 11. The method of claim 10, wherein there are at least two root/first tier keys, each having the entitlement for authorizing data for processing in the same domain.
  - 12. The method of claim 1, wherein the digital processing system resets itself to limited operation when detecting a fraud attempt.
  - 13. The method of claim 11, wherein each of the plurality of root/first tier keys have different entitlements for authorizing data for processing in the same domain.
  - 14. The method of claim 11 wherein each of the plurality of root/first tier keys have their entitlements for authorizing data stored in separate non volatile memory.

15. A digital processing system adapted and configured for authenticating data byreceiving a first public key portion and a digital representation of associated entitlements in the digital processing system;
- receiving a second public key portion and a digital representation of associated entitlements and an associated digital signature in the digital processing system;
  
  authenticating the second public key portion and its associated entitlements using the first public key portion and verifying that entitlements associated with the second public key portion are within the entitlements associated with the first public key portion.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The apparatus of claim 15, wherein the entitlements associated with a key comprise the entitlement to authorize data for processing in the digital processing systems and the entitlement to pass an associated entitlement to another key when authorizing said key.
  - 17. The apparatus of claim 15, wherein the first public key portion transferred to the digital processing system is a first tier public key accepted by the digital processing system without authentication.
  - 18. The apparatus of claim 15, wherein the signature covers the entitlements associated a public key.
  - 19. The apparatus of claim 15, wherein a key and the digital representation of associated entitlements are stored in one-time programmable memory comprised in the digital processing system.
  - 20. The apparatus of claim 15, wherein a transferred key and the digital representation of associated entitlements and the signature are stored in memory comprised in the digital processing system, and wherein the key and its associated entitlements are authenticated each time said key is used.
  - 21. The apparatus of claim 15 comprising at least two authorization domains.
  - 22. The apparatus of claim 21, wherein there are at least two root/first tier keys, each having the entitlement for authorizing data for processing in the same domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Dellow, Andrew

Granted Patent

US 9,246,687 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 9/3247 involving digital signatures

H04L 9/50 using hash chains, e.g. blo...

Method for Authorizing and Authenticating Data

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method for Authorizing and Authenticating Data

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links