SECURE SOFTWARE AND HARDWARE ASSOCIATION TECHNIQUE

US 20090217054A1
Filed: 02/24/2009
Published: 08/27/2009
Est. Priority Date: 02/25/2008
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating program code, the method comprising:

retrieving a public asymmetric encryption key associated with an original equipment manufacturer (OEM) stored in memory;

loading program code from program code memory; and

authenticating the program code by using the public key associated with the OEM.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, authenticated hardware and authenticated software are cryptographically binded using symmetric and asymmetric cryptography. Cryptographically binding the hardware and software ensures that original equipment manufacturer (OEM) hardware will only run OEM software. Cryptographically binding the hardware and software protects the OEM binary code so it will only run on the OEM hardware and cannot be replicated or altered to operate on unauthorized hardware. This cryptographic binding technique is referred to herein as secure software and hardware association (SSHA).

Citations

66 Claims

1. A method of authenticating program code, the method comprising:
- retrieving a public asymmetric encryption key associated with an original equipment manufacturer (OEM) stored in memory;
  
  loading program code from program code memory; and
  
  authenticating the program code by using the public key associated with the OEM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 38)
- - 2. The method of claim 1 wherein the program code is boot code.
  - 3. The method of claim 1 wherein the program code application software.
  - 4. The method of claim 1 wherein the program code identifies a secure location associated with the OEM storing encrypted program code, the method further comprising:
    - establishing a secure connection to the secure location;
      
      receiving a command from the secure location signed by a private asymmetric encryption key associated with the OEM requesting a chip identifier token (ChipID token);
      
      generating the ChipID token by encrypting a chip identifier (ChipID) stored in memory by using the public key associated with the OEM;
      
      transmitting the ChipID token to the secure location to be verified by the OEM by matching the ChipID against ChipIDs stored in a database;
      
      receiving encrypted program code signed by the private key associated with the OEM if the ChipID is a match;
      
      authenticating the encrypted program code by using the public key associated with the OEM; and
      
      decrypting the encrypted program code by using a code encryption key (CEK) stored in memory.
  - 5. The method of claim 4 further comprising.receiving a request signed by the private key associated with the OEM and encrypted with CEK that provides a new CEK;
    - retrieving the new CEK from the request by using the public key associated with the OEM stored in memory and decrypting the request using the CEK; and
      
      replacing the CEK stored in memory with the new CEK.
  - 6. The method of claim 4 wherein the public key associated with the OEM is stored in memory during manufacture of a semiconductor product.
  - 7. The method of claim 4 wherein the ChipID is generated and stored in memory during manufacture of a semiconductor product.
  - 8. The method of claim 7 wherein the ChipID is any number, a random number, or associated with the public and private key pair associated with the OEM.
  - 9. The method of claim 4 wherein the CEK is generated and stored in memory during manufacture of a semiconductor product.
  - 10. The method of claim 9 wherein the CEK is associated with the public and private key pair associated with the OEM.
  - 11. The method of claim 4 wherein the OEM uses the private key associated with the OEM to decrypt the ChipID token to retrieve the ChipID.
  - 12. The method of claim 4 wherein the database is created by a semiconductor provider and maintained by the OEM.
  - 13. The method of claim 4 wherein the encrypted program code encrypted by using a CEK decrypted from a code encryption key token (CEK token) by using the private key associated with the OEM, the CEK token associated with the ChipID token and stored in the database.
  - 14. The method of claim 1 further comprising performing the authentication in circuitry external to a semiconductor product.
  - 15. The method of claims 14 wherein the circuitry is between the semiconductor product and the program code memory.
  - 16. The method of claim 15 further comprising maintaining the semiconductor product in a reset state until the program code is authenticated.
  - 17. The method of claim 1 further comprising performing the authentication in circuitry internal to a semiconductor product.
  - 18. The method of claim 17 further comprising halting operation of the semiconductor product until the program code is authenticated.
  - 19. The method of claim 1 further comprising:
    - detecting whether authentication has been enabled for a semiconductor product; and
      
      if authentication has been enabled for the semiconductor product, performing the authentication, and, if authentication has not been enabled for the semiconductor product, allowing the semiconductor product to perform a normal program code loading process.
  - 20. The method of claim 1 wherein the OEM is a certificate authority issuing the public key associated with the OEM.
  - 21. The method of claim 1 further comprising performing the authentication during a first power-on sequence of a semiconductor product.
  - 22. The method of claim 1 wherein the authentication uses asymmetric cryptographic algorithms such as elliptic curve cryptography (ECC) and Rivest Shamir Adleman (RSA).
  - 23. The method of claim 1 wherein the authentication uses symmetric cryptographic algorithms such as Advanced Encryption Standard (AES) and Data Encryption Standard (DES).
  - 24. The method of claim 1 further comprising:
    - transmitting a request to a secure location associated with the OEM requesting updated program code;
      
      receiving encrypted updated program code from the secure location the encrypted updated program code signed by a private key associated with the OEM and encrypted by using a code encryption key (CEK) decrypted from a code encryption key token (CEK token) stored in a database by using the private key associated with the OEM;
      
      authenticating the encrypted updated program code by using the public key associated with the OEM; and
      
      retrieving the updated program code by using a CEK stored in memory to decrypt the encrypted updated program code.
  - 25. The method of claim 1 wherein the private key associated with the OEM is compromised, the method further comprising receiving commands encrypted by a code encryption key (CEK) decrypted from a code encryption key token (CEK token) stored in a database by using the private key associated with the OEM, the commands received over a secure physical connection with a semiconductor product to change the public key and a CEK stored in memory.
  - 26. The method of claim 1 wherein the public key associated with the OEM is stored in memory by a semiconductor provider during manufacture of a semiconductor product.
  - 27. The method of claim 1 further comprising detecting whether a bypass is enabled to prevent the authentication.
  - 38. The apparatus of claim 3I wherein the OEM uses the private key associated with the OEM to decrypt the ChipID token to retrieve the ChipID.

28. An apparatus for authenticating program code, the apparatus comprising:
- memory configured to store a public asymmetric encryption key associated with an original equipment manufacturer (OEM); and
  
  a Code Authentication Unit (CAU) configured to retrieve the public key associated with the OEM from the memory, load program code from program code memory, and authenticate the program code by using the public key associated with the OEM.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 29. The apparatus of claim 28 wherein the program code is boot code.
  - 30. The apparatus of claim 28 wherein the program code is application software.
  - 31. The apparatus of claim 28 wherein the program code identifies a secure location associated with the OEM storing encrypted program code, the apparatus further comprising:
    - First Time Boot Logic (FTBL) configured to establish a secure connection to the secure location, receive a command from the secure location signed by a private asymmetric encryption key associated with the OEM requesting a chip identifier token (ChipID token), generate the ChipID token by encrypting a chip identifier (ChipID) stored in memory by using the public key associated with the OEM, transmit the ChipID token to the secure location to be verified by the OEM by matching the ChipID against ChipIDs stored in a database, and receive encrypted program code if the ChipID is a match; and
      
      Code Decryption Logic (CDL) configured to decrypt the encrypted program code by using a code encryption key (CEK) stored in memory;
      
      wherein the CAL is further configured to authenticate the encrypted program code by using the public key associated with the OEM.
  - 32. The apparatus of claim 31 wherein the FTBL is further configured to receive a request signed by the private key associated with the OEM and encrypted with the CEK that provides a new CEK, wherein the CDL is further configured to decrypt the request using the CEK, and wherein the FTBL is further configured to retrieve the new CEK from the request by using the public key associated with the OEM stored in memory, and replace the CEK stored in memory with the new CEK.
  - 33. The apparatus of claim 31 wherein the public key associated with the OEM is stored in memory during manufacture of a semiconductor product.
  - 34. The apparatus of claim 31 wherein the ChipID is generated and stored in memory during manufacture of a semiconductor product.
  - 35. The apparatus of claim 34 wherein the ChipID is any number, a random number, or associated with the public and private key pair associated with the OEM.
  - 36. The apparatus of claim 31 wherein the CEK is generated and stored in memory during manufacture of a semiconductor product.
  - 37. The apparatus of claim 36 wherein the CEK is associated with the public and private key pair associated with the OEM.
  - 39. The apparatus of claim 31 wherein the database is created by a semiconductor provider and maintained by the OEM.
  - 40. The apparatus of claim 31 wherein the encrypted program code is encrypted by using a CEK decrypted from a code encryption key token (CEK token) by using the private key associated with the OEM, the CEK token associated with the ChipID token and stored in the database.
  - 41. The apparatus of claim 28 wherein the apparatus is external to a semiconductor product.
  - 42. The apparatus of claim 41 wherein the apparatus is between the semiconductor product and the program code memory.
  - 43. The apparatus of claim 42 wherein the apparatus maintains the semiconductor product in a reset state until the program code is authenticated.
  - 44. The apparatus of claim 28 wherein the apparatus is internal to a semiconductor product.
  - 45. The apparatus of claim 44 wherein the apparatus halts operation of the semiconductor product until the program code is authenticated.
  - 46. The apparatus of claim 28 wherein the FTBL is further configured to detect whether authentication has been enabled for a semiconductor product, and, if authentication has been enabled for the semiconductor product, perform the authentication, and, if authentication has not been enabled for the semiconductor product, allow the semiconductor to perform a normal program code loading process.
  - 47. The apparatus of claim 28 wherein the OEM is a certificate authority issuing the public key associated with the OEM.
  - 48. The apparatus of claim 28 wherein the FTBL is further configured to perform the authentication during a first power-on sequence of a semiconductor product.
  - 49. The apparatus of claim 28 wherein the CAU uses asymmetric cryptographic standards such as elliptic curve cryptography (ECC) and Rivest Shamir Adleman (RSA).
  - 50. The apparatus of claim 28 wherein the CDL uses symmetric cryptographic algorithms such as Advanced Encryption Standard (AES) and Data Encryption Standard (DES).
  - 51. The apparatus of claim 28 wherein the FTBL is further configured to transmit a request to a secure location associated with the OEM requesting updated program code, receive encrypted updated program code from the secure location, the encrypted updated program code signed by a private key associated with the OEM and encrypted by using a code encryption key (CEK) decrypted from a code encryption key token (CEK token) stored in a database by using the private key associated with the OEM, wherein the CAU is further configured to authenticate the encrypted updated program code by using the public key associated with the OEM, and the CDL is further configured to retrieve the updated program code by using a CEK stored in memory to decrypt the encrypted updated program code.
  - 52. The apparatus of claim 28 wherein the private key associated with the OEM is compromised and the CDL is further configured to receive commands encrypted by a code encryption key (CEK) decrypted from a code encryption key token (CEK token) stored in a database by using the private key associated with the OEM, the commands received over a secure physical connection with a semiconductor product to change the public key and a CEK stored in memory.
  - 53. The apparatus of claim 28 wherein the public key associated with the OEM is stored in memory by a semiconductor provider during manufacture of a semiconductor product.
  - 54. The apparatus of claim 28 further comprising a bypass configured to prevent the authentication.

55. A method of initializing circuitry for authenticating program code, the method comprising:
- generating a chip identifier (ChipID) associated with a semiconductor product;
  
  generating a code encryption key (CEK) associated with the ChipID; and
  
  storing a public asymmetric encryption key associated with an original equipment manufacturer (OEM), the ChipID, and the CEK in memory.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 56. The method of claim 55 further comprising:
    - encrypting the ChipID using the public key associated with the OEM to generate a chip identifier token (ChipID token);
      
      encrypting the CEK using the public key associated with the OEM to generate a CEK token; and
      
      storing the ChipID token and the CEK token to a database.
  - 57. The method of claim 56 further comprising:
    - signing the database by using a private key associated with a semiconductor provider;
      
      transferring the signed database to the OEM to be maintained by the OEM; and
      
      destroying the database created by the semiconductor provider.
  - 58. The method of claim 56 wherein the database is created by the semiconductor provider and maintained by the OEM.
  - 59. The method of claim 55 further comprising enabling the authentication.
  - 60. The method of claim 59 wherein authentication is enabled by burning a fuse.
  - 61. The method of claim 59 wherein authentication is enabled by writing a value to one-time programmable (OTP) memory.
  - 62. The method of claim 55 wherein the ChipID is a random number.
  - 63. The method of claim 55 wherein the public key associated with the OEM, the ChipID, and the CEK are stored in non-volatile memory.
  - 64. The method of claim 63 wherein the non-volatile memory is one-time programmable (OTP) memory.

65. A computer readable medium having computer readable program codes embodied therein for authenticating program code, the computer readable medium program codes performing functions comprising:
- retrieving a public asymmetric encryption key associated with an original equipment manufacturer (OEM) stored in memory;
  
  loading program code from program code memory; and
  
  authenticating the program code by using the public key associated with the OEM.
- View Dependent Claims (66)
- - 66. The computer readable medium of claim 65 wherein the program code identifies a secure location associated with the OEM storing encrypted program code, the computer readable medium program codes performing functions further comprising:
    - establishing a secure connection to the secure location;
      
      receiving a command from the secure location signed by a private asymmetric encryption key associated with the OEM requesting a chip identifier token (ChipID token);
      
      generating the ChipID token by encrypting a chip identifier (ChipID) stored in memory by using the public key associated with the OEM;
      
      transmitting the ChipID token to the secure location to be verified by the OEM by matching the ChipID against ChipIDs stored in a database;
      
      receiving encrypted program code signed by the private key associated with the OEM if the ChipID is a match;
      
      authenticating the encrypted program code by using the public key associated with the OEM; and
      
      decrypting the encrypted program code by using a code encryption key (CEK) stored in memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
Cavium, LLC (Marvell Technology Group Limited)
Inventors
Hussain, Muhammad R., Badr, Imran, Kessler, Richard E., Haider, Amer

Granted Patent

US 8,677,144 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

SECURE SOFTWARE AND HARDWARE ASSOCIATION TECHNIQUE

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

66 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE SOFTWARE AND HARDWARE ASSOCIATION TECHNIQUE

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

66 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links