TRUSTED MOBILE PLATFORM ARCHITECTURE

US 20090282254A1
Filed: 01/26/2009
Published: 11/12/2009
Est. Priority Date: 12/11/2003
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus comprising:

one or more cryptographic units; and

a memory to store one or more data encryption keys and an associated header for the one or more data encryption keys, wherein the associated header defines which of the one or more cryptographic units are to use the data encryption key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, an apparatus includes one or more cryptographic units. The apparatus also includes a memory to store one or more data encryption keys and an associated header for the one or more data encryption keys. The associated header defines which of the one or more cryptographic units are to use the data encryption key.

27 Citations

View as Search Results

26 Claims

1. An apparatus comprising:
- one or more cryptographic units; and
  
  a memory to store one or more data encryption keys and an associated header for the one or more data encryption keys, wherein the associated header defines which of the one or more cryptographic units are to use the data encryption key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the associated header defines a usage type for the data encryption key.
  - 3. The apparatus of claim 2 further comprising a controller to restrict which of the one more cryptographic units are to use the data encryption key and a type of operation based on the associated header for the data encryption key.
  - 4. The apparatus of claim 1, wherein the associated header defines an identification of a key encryption key used to encrypt the one or more data encryption keys.
  - 5. The apparatus of claim 1, wherein the one or more cryptographic units is from a group consisting of an advanced encryption standard unit, a data encryption standard unit, a message digest unit and a secure hash algorithm unit or an exponential algorithmic unit.

6. An apparatus comprising:
- a cryptographic processor within a wireless device, the cryptographic processor comprising;
  
  a first cryptographic unit to generate an intermediate result from execution of a first operation; and
  
  a second cryptographic unit to generate a final result from execution of a second operation based on the intermediate result, wherein the intermediate result is not accessible external to the cryptographic processor.
- View Dependent Claims (7, 8)
- - 7. The apparatus of claim 6, wherein the first cryptographic unit and the second cryptographic unit are from a group consisting of an advanced encryption standard unit, a data encryption standard unit, a message digest unit and a secure hash algorithm unit or an exponential algorithmic unit.
  - 8. The apparatus of claim 6, wherein the first operation includes the use of a cryptographic key, wherein the cryptographic key is not loaded into the first cryptographic unit until the cryptographic key is authenticated.

9. A system comprisinga dipole antenna to receive a communication;
- an application processor to generate a primitive instruction for a cryptographic operation that is to use a cryptographic key based on the communication; and
  
  a cryptographic processor that comprises;
  
  a memory to store the cryptographic key;
  
  a number of cryptographic units, wherein one of the number of cryptographic units is to generate a challenge to the use of the cryptographic key, wherein the application processor is to generate a response to the challenge; and
  
  a controller to load the cryptographic key into one of the number of cryptographic units for execution of the cryptographic operation if the response is correct.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein the cryptographic processor further comprises a nonvolatile memory that is to store a number of microcode instructions, wherein the controller is to load the cryptographic key into one of the number of cryptographic units based on at least part of the number of microcode instructions.
  - 11. The system of claim 9, wherein the controller is to abort execution of the cryptographic operation if the response is not correct.
  - 12. The system of claim 9, wherein the response includes a hash of a password associated with the cryptographic key.

13. A system comprising:
- an application processor, within a wireless device, to generate a primitive instruction related to a cryptographic operation; and
  
  a cryptographic processor, within the wireless device, the cryptographic processor comprising;
  
  a controller to receive the primitive instruction, wherein the controller is to retrieve a number of microcode instructions from a nonvolatile memory within the cryptographic processor;
  
  a first functional unit to generate an intermediate result from execution of a first operation based on a first of the number of microcode instructions; and
  
  a second functional unit to generate a final result for the cryptographic operation based on the intermediate result, from execution of a second operation based on a second of the number of microcode instructions, wherein the intermediate result is not accessible external to the cryptographic processor.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the cryptographic processor further comprises a volatile memory to store a cryptographic key.
  - 15. The system of claim 14, wherein the second functional unit is to use the cryptographic key to generate the final result, wherein the controller is not to load the cryptographic key into the second functional unit until the application processor is to authenticate the cryptographic key.

16. A method comprising:
- receiving a primitive instruction into a cryptographic processor, for execution of a cryptographic operation that uses a data encryption key that is protected within the cryptographic processor;
  
  retrieving the data encryption key and an associated header for the data encryption key, wherein the associated header defines which of one or more cryptographic units are to use the data encryption key; and
  
  performing an operation within one of the one or more cryptographic units using the data encryption key, if the associated header defines the one of the one or more cryptographic units.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein the associated header defines a usage type for the data encryption key.
  - 18. The method of claim 17, wherein performing the operation within one of the one or more cryptographic units using the data encryption key comprises performing the operation within one of the one or more cryptographic units using the data encryption key if a type of the operation is defined by the usage type.

19. A method comprising:
- receiving a primitive instruction into a cryptographic processor from an application executing on an application processor, for execution of a cryptographic operation that uses a cryptographic key that is protected within the cryptographic processor;
  
  generating a challenge for use of the cryptographic key back to the application;
  
  receiving a response to the challenge into the cryptographic processor from the application;
  
  performing the following operations, if the response is correct;
  
  loading the cryptographic key into a functional unit of the cryptographic processor; and
  
  executing an operation within the functional unit using the cryptographic key.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, further comprising aborting execution of the primitive instruction if the response is not correct.
  - 21. The method of claim 19, wherein receiving the response to the challenge into the cryptographic processor from the application includes receiving a hash of a password associated with the cryptographic key.
  - 22. The method of claim 21, wherein performing the following operations, if the response is correct comprises performing the following operations, if the hash of the password is equal to a hash of the password generated within the cryptographic processor.

23. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
- receiving a primitive instruction into a cryptographic processor, for execution of a cryptographic operation that uses a data encryption key that is protected within the cryptographic processor;
  
  retrieving the data encryption key and an associated header for the data encryption key, wherein the associated header defines which of one or more cryptographic units are to use the data encryption key; and
  
  performing an operation within one of the one or more cryptographic units using the data encryption key, if the associated header defines the one of the one or more cryptographic units.
- View Dependent Claims (24, 25)
- - 24. The machine-readable medium of claim 23, wherein the associated header defines a usage type for the data encryption key.
  - 25. The machine-readable medium of claim 24, wherein performing the operation within one of the one or more cryptographic units using the data encryption key comprises performing the operation within one of the one or more cryptographic units using the data encryption key if a type of the operation is defined by the usage type.

26. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
- receiving a primitive instruction into a cryptographic processor from an application executing on an application processor, for execution of a cryptographic operation that uses a cryptographic key that is protected within the cryptographic processor;
  
  generating a challenge for use of the cryptographic key back to the application;
  
  receiving a response to the challenge into the cryptographic processor from the application;
  
  performing the following operations, if the response is correct;
  
  loading the cryptographic key into a functional unit of the cryptographic processor; and
  
  executing an operation within the functional unit using the cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anitha Kona, David Wheller, John P. Brizek, Moinul H. Khan
Original Assignee
Anitha Kona, David Wheller, John P. Brizek, Moinul H. Khan
Inventors
Khan, Moinul H, Wheller, David, Brizek, John P., Kona, Anitha

Application Number

US12/359,952
Publication Number

US 20090282254A1
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06F 21/575   Secure boot

G06F 21/72   in cryptographic circuits

G06F 2221/2103   Challenge-response

H04L 2209/80   Wireless network architectu...

H04L 9/0822   using key encryption key

H04L 9/088   Usage controlling of secret...

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

TRUSTED MOBILE PLATFORM ARCHITECTURE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED MOBILE PLATFORM ARCHITECTURE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links