CERTIFICATE VERIFICATION
First Claim
1. A server comprising:
- a number generator;
a certificate request module;
a certificate verification module;
an interface, coupled to the number generator, the certificate request module, and the certificate verification module,wherein, in operationthe number generator generates a first number,the certificate request module generates a request for a device certificate, the first number and the request for a device certificate are sent via the interface, a response that includes a second number, a second signature that is generated using the second number, and a device certificate are received at the interface, and the certificate verification module validates the device certificate and the second signature, and verifies that the first number and the second number match.
3 Assignments
0 Petitions
Accused Products
Abstract
An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.
108 Citations
6 Claims
-
1. A server comprising:
-
a number generator; a certificate request module; a certificate verification module; an interface, coupled to the number generator, the certificate request module, and the certificate verification module, wherein, in operation the number generator generates a first number, the certificate request module generates a request for a device certificate, the first number and the request for a device certificate are sent via the interface, a response that includes a second number, a second signature that is generated using the second number, and a device certificate are received at the interface, and the certificate verification module validates the device certificate and the second signature, and verifies that the first number and the second number match.
-
-
2. The server of claim 9, wherein the interface receives a signature and the certificate validation module validates the signature using the device certificate.
-
3. The server of claim 9, wherein the number generator is a pseudo-random number generator.
-
4. The server of claim 9, wherein the number generator is a true random number generator.
-
5. The server of claim 9, wherein, in operation, the certificate verification module validates the device certificate using a trusted certificate chain.
-
6. The server of claim 9, further comprising a certificate database, wherein the device certificate is imported to the certificate database if validated by the certificate verification module.
Specification