SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING

US 20090169013A1
Filed: 11/26/2008
Published: 07/02/2009
Est. Priority Date: 11/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning a module with cryptographic parameters, wherein the module comprises a first nonvolatile memory, a second nonvolatile memory and a processor, the method comprising:

storing a first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory; and

storing a first program encrypted using the first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory, wherein the first program is configured to;

generate, within the module and using the processor, a second cryptographic key and a third cryptographic key;

encrypt, within the module, the second cryptographic key using the third cryptographic key, whereby encrypting the second cryptographic key with the third cryptographic key generates an encrypted second cryptographic key and a first authenticator;

store, within the first nonvolatile memory, the encrypted second cryptographic key and the first authenticator; and

store, within the second nonvolatile memory, the third cryptographic key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for and method of securely provisioning a module with cryptographic parameters, such as cryptographic keys and key tables, is presented. Such modules may be used to enable encrypted communications between mobile phones to which they are coupled. The system and method prevent a malevolent individual involved in manufacturing the modules from compromising the security of the module. In particular, the modules are provisioned by an entity different from the manufacturer.

Citations

15 Claims

1. A method of provisioning a module with cryptographic parameters, wherein the module comprises a first nonvolatile memory, a second nonvolatile memory and a processor, the method comprising:
- storing a first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory; and
  
  storing a first program encrypted using the first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory, wherein the first program is configured to;
  
  generate, within the module and using the processor, a second cryptographic key and a third cryptographic key;
  
  encrypt, within the module, the second cryptographic key using the third cryptographic key, whereby encrypting the second cryptographic key with the third cryptographic key generates an encrypted second cryptographic key and a first authenticator;
  
  store, within the first nonvolatile memory, the encrypted second cryptographic key and the first authenticator; and
  
  store, within the second nonvolatile memory, the third cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first nonvolatile memory and the second nonvolatile memory are logically partitioned portions of a single physical persistent memory.
  - 3. The method of claim 1 further comprising storing in the module additional programming, encrypted using the second cryptographic key.
  - 4. The method of claim 1 further comprising, when the module is activated, decrypting, within the module, the encrypted second cryptographic key, whereby decrypting the encrypted second cryptographic key generates a second authenticator;
    - comparing the first authenticator and the second authenticator; and
      
      disabling at least some operations of the module if a result of the comparing indicates a lack of authenticity.
  - 5. The method of claim 1 wherein the module lacks a power supply.
  - 6. The method of claim 1 wherein a form factor for the module is selected from the group consisting of:
    - SD, mini SD, micro SD, PCMCIA, P2, Compact Flash, Memory Stick, PRO Memory Stick, PRO Duo Memory Stick, Micro Memory Stick, Multi Media Card, SmartMedia Memory Card, MultiMedia Memory Card, Reduced Size MultiMedia Memory Card, MultiMedia Memory Card Mobile, MultiMedia Memory Card Plus, MultiMedia Memory Card Micro, xD Memory Card, SIP, DIP and USB.
  - 7. The method of claim 1 further comprising, prior to the step of storing a first cryptographic key, receiving the module, wherein the received module comprises a test program and a test key, wherein the test program and test key are configured to test that the module has been correctly manufactured.
  - 8. The method of claim 1 further comprising:
    - accessing a public key associated with an entity;
      
      encrypting a symmetric key using the public key, whereby an encrypted symmetric key is generated;
      
      transmitting the encrypted symmetric key to the entity;
      
      receiving, from the entity, at least one key encrypted with the symmetric key; and
      
      decrypting, within the module, the at least one key.
  - 9. The method of claim 8 further comprising:
    - encrypting the at least one key using the second cryptographic key, whereby an encrypted symmetric key is generated; and
      
      storing the encrypted symmetric key in the second nonvolatile memory.

10. A system for provisioning a module with cryptographic parameters, wherein the module comprises a first nonvolatile memory, a second nonvolatile memory and a processor, the system comprising:
- means for storing a first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory; and
  
  means for storing a first program encrypted using the first cryptographic key in at least one of the first nonvolatile memory and the second nonvolatile memory, wherein the first program is configured to;
  
  generate, within the module and using the processor, a second cryptographic key and a third cryptographic key;
  
  encrypt, within the module, the second cryptographic key using the third cryptographic key, whereby encrypting the second cryptographic key with the third cryptographic key generates an encrypted second cryptographic key and a first authenticator;
  
  store, within the first nonvolatile memory, the encrypted second cryptographic key and the first authenticator; and
  
  store, within the second nonvolatile memory, the third cryptographic key.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the first nonvolatile memory and the second nonvolatile memory are logically partitioned portions of a single physical persistent memory.
  - 12. The system of claim 10 further comprising storing in the module additional programming, encrypted using the second cryptographic key.
  - 13. The system of claim 10 wherein the first programming is further configured to, when the module is activated, decrypt, within the module, the encrypted second cryptographic key, whereby decrypting the encrypted second cryptographic key generates a second authenticator;
    - compare the first authenticator and the second authenticator; and
      
      disable at least some operations of the module if a result of the comparing indicates a lack of authenticity.
  - 14. The system of claim 10 wherein the module lacks a power supply.
  - 15. The system of claim 10 wherein a form factor for the module is selected from the group consisting of:
    - SD, mini SD, micro SD, PCMCIA, P2, Compact Flash, Memory Stick, PRO Memory Stick, PRO Duo Memory Stick, Micro Memory Stick, Multi Media Card, SmartMedia Memory Card, MultiMedia Memory Card, Reduced Size MultiMedia Memory Card, MultiMedia Memory Card Mobile, MultiMedia Memory Card Plus, MultiMedia Memory Card Micro, xD Memory Card, SIP, DIP and USB.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KoolSpan, Inc.
Original Assignee
KoolSpan, Inc.
Inventors
Fascenda, Anthony, Benware, Paul, Cichielo, Robert, Sturniolo, Emil

Granted Patent

US 8,842,836 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 21/72   in cryptographic circuits

G06F 21/76   in application-specific int...

G06F 21/78   to assure secure storage of...

H04L 2209/80   Wireless

H04L 9/0897   involving additional device...

SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR AND METHOD OF CRYPTOGRAPHIC PROVISIONING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links