PROGRAMMING NON-VOLATILE MEMORY IN A SECURE PROCESSOR

US 20100095134A1
Filed: 10/09/2009
Published: 04/15/2010
Est. Priority Date: 11/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a number to use as a small-signature private key;

computing a signature with a small-signature algorithm;

programming a compressed certificate into the chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature;

enabling, in operation, a calling application to obtain a device certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, and wherein the public key is a function of the small signature private key, wherein the device certificate is larger than the compressed certificate.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

123 Citations

10 Claims

1. A method comprising:
- providing a number to use as a small-signature private key;
  
  computing a signature with a small-signature algorithm;
  
  programming a compressed certificate into the chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature;
  
  enabling, in operation, a calling application to obtain a device certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, and wherein the public key is a function of the small signature private key, wherein the device certificate is larger than the compressed certificate.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising programming the number in read-only memory (ROM) of the device.
  - 3. The method of claim 1, further comprising generating the number as a secret seed random number.
  - 4. The method of claim 1, further comprising computing the number using an elliptic curve digital signature algorithm (DSA).
  - 5. The method of claim 1, further comprising:
    - receiving a request for a device certificate from the calling application;
      
      reading the device ID, the small-signature private key, the issuer ID, and the signature from the non-volatile memory of the device;
      
      computing the public key as a function of the small-signature private key and common parameters;
      
      constructing the device certificate as a function of the device ID, the issuer ID, the public key, the signature, and the common parameters;
      
      providing the device certificate to the calling application.

6. A system comprising:
- a means for obtaining a device ID of a device;
  
  a means for obtaining an issuer ID;
  
  a means for providing a number to use as a small-signature private key;
  
  a means for computing a signature with a small-signature algorithm;
  
  a means for programming a compressed certificate into the chip-internal non-volatile memory of the device, wherein the compressed certificate includes the device ID, the small-signature private key, the issuer ID, and the signature;
  
  a means for enabling a calling application to obtain a device certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, and wherein the public key is a function of the small signature private key, wherein the device certificate is larger than the compressed certificate.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, further comprising a means for programming the number in read-only memory (ROM) of the device.
  - 8. The system of claim 6, further comprising a means for generating the number as a secret seed random number.
  - 9. The system of claim 6, further comprising a means for computing the number using an elliptic curve digital signature algorithm (DSA).
  - 10. The system of claim 6, further comprising:
    - a means for receiving a request for a device certificate from the calling application;
      
      a means for reading the device ID, the small-signature private key, the issuer ID, and the signature from the non-volatile memory of the device;
      
      a means for computing the public key as a function of the small-signature private key and common parameters;
      
      a means for constructing the device certificate as a function of the device ID, the issuer ID, the public key, the signature, and the common parameters;
      
      a means for providing the device certificate to the calling application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd. (Samsung Group)
Original Assignee
Broadon Communications Corp. (Acer, Inc.)
Inventors
Srinivasan, Pramila, Princen, John

Granted Patent

US 8,601,247 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/33   using certificates

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

H04L 2209/603   Digital right managament [DRM]

H04L 9/0869   involving random numbers or...

H04L 9/3066   involving algebraic varieti...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

PROGRAMMING NON-VOLATILE MEMORY IN A SECURE PROCESSOR

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

PROGRAMMING NON-VOLATILE MEMORY IN A SECURE PROCESSOR

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links