METHOD AND SYSTEM FOR GENERATING A SECURE KEY
First Claim
1. A method of generating a secure key for use on a device, said method comprising:
- accessing secure device data and a secret key from said device, said secret key for authenticating boot code for execution by said device;
performing a first encryption of said secure device data to generate an encrypted result, wherein said first encryption comprises encrypting said secure device data using said secret key as an encryption key;
accessing a unique identifier of said device;
performing a logical operation on said encrypted result and said unique identifier to generate a logical result; and
performing a second encryption of said logical result to generate said secure key, wherein said second encryption comprises encrypting said logical result using said secret key as an encryption key, wherein said secure key is unique to said device, and wherein said secure key is larger than said secure device data.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system on a chip, and computer system for generating more robust keys which utilize data occupying relatively small die areas is disclosed. Embodiments provide a convenient and effective mechanism for generating a key for use in securing data on a portable electronic device, where the key is generated from repurposed data and a relatively small amount. A multi-stage encryption algorithm may be performed to generate the key, where the first stage may include encrypting the secure data, and the second stage may include encrypting the result of a logical operation on the encrypted secure data with a unique identifier of the portable electronic device. A secret key may be used as the encryption key for each stage. The result of the second encryption stage may include the generated key which may be used to perform subsequent operations on the portable electronic device.
-
Citations
21 Claims
-
1. A method of generating a secure key for use on a device, said method comprising:
-
accessing secure device data and a secret key from said device, said secret key for authenticating boot code for execution by said device; performing a first encryption of said secure device data to generate an encrypted result, wherein said first encryption comprises encrypting said secure device data using said secret key as an encryption key; accessing a unique identifier of said device; performing a logical operation on said encrypted result and said unique identifier to generate a logical result; and performing a second encryption of said logical result to generate said secure key, wherein said second encryption comprises encrypting said logical result using said secret key as an encryption key, wherein said secure key is unique to said device, and wherein said secure key is larger than said secure device data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An integrated circuit for use in a portable electronic device, said integrated circuit comprising:
-
a plurality of fuses for storing a secret key, secure device data, and a unique identifier of said portable electronic device, wherein said secret key is for authenticating boot code for execution by said integrated circuit; and a secure encryption engine coupled to said plurality of fuses and for performing a first encryption of said secure device data to generate an encrypted result, wherein said first encryption uses said secret key as an encryption key, wherein said secure encryption engine is further operable to perform a logical operation on said encrypted result and said unique identifier to generate a logical result, wherein said secure encryption engine is further operable to perform a second encryption of said logical result to generate a secure key, wherein said second encryption uses said secret key as an encryption key, wherein said secure key is unique to said portable electronic device, wherein said first and second encryption enable access to said secure key without revealing said secret key, and wherein said secure key is larger than said secure device data. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer system comprising:
-
a processor; a memory coupled to said processor; and an integrated circuit coupled to said processor, said integrated circuit comprising; a plurality of fuses for storing a secret key, secure device data, and a unique identifier of said computer system, wherein said secret key is for authenticating boot code for execution by said integrated circuit; and a secure encryption engine coupled to said plurality of fuses and for performing a first encryption of said secure device data to generate an encrypted result, wherein said first encryption uses said secret key as an encryption key, wherein said secure encryption engine is further operable to perform a logical operation on said encrypted result and said unique identifier to generate a logical result, wherein said secure encryption engine is further operable to perform a second encryption of said logical result to generate a secure key, wherein said second encryption uses said secret key as an encryption key, wherein said secure key is unique to said portable electronic device, and wherein said first and second encryption enable access to said secure key without revealing said secret key, and wherein said secure key is larger than said secure device data. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification