PROGRAMMING NON-VOLATILE MEMORY IN A SECURE PROCESSOR
First Claim
1. A method comprising:
- providing a number to use as a small-signature private key;
computing a signature with a small-signature algorithm;
programming a compressed certificate into the chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature;
enabling, in operation, a calling application to obtain a device certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, and wherein the public key is a function of the small signature private key, wherein the device certificate is larger than the compressed certificate.
3 Assignments
0 Petitions
Accused Products
Abstract
An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.
-
Citations
10 Claims
-
1. A method comprising:
-
providing a number to use as a small-signature private key; computing a signature with a small-signature algorithm; programming a compressed certificate into the chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature; enabling, in operation, a calling application to obtain a device certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, and wherein the public key is a function of the small signature private key, wherein the device certificate is larger than the compressed certificate. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
a means for obtaining a device ID of a device; a means for obtaining an issuer ID; a means for providing a number to use as a small-signature private key; a means for computing a signature with a small-signature algorithm; a means for programming a compressed certificate into the chip-internal non-volatile memory of the device, wherein the compressed certificate includes the device ID, the small-signature private key, the issuer ID, and the signature; a means for enabling a calling application to obtain a device certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, and wherein the public key is a function of the small signature private key, wherein the device certificate is larger than the compressed certificate. - View Dependent Claims (7, 8, 9, 10)
-
Specification