Replacement of keys

US 20100215180A1
Filed: 06/11/2008
Published: 08/26/2010
Est. Priority Date: 09/25/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for assigning a key to a device, the method comprising:

providing a device having a processor ID (CID) and an associated processor key (CK) and comprising a memory;

at a first time, storing a personalization data ID (PDID) and associated personalization data (PD) in the memory;

at a later time, sending the CID and the PDID to a security provider and receiving an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD;

computing, in the device, a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV); and

storing the result in the memory,wherein a second function ƒ

is used to compute the value of AV, such that AV=ƒ

(CK, PDK), and f comprises an inverse function of function g, such that g(CK, ƒ

(CK, PDK))=PDK,thereby assigning the personalization data key PDK to the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for assigning a key to a device, the method including providing a device having a processor ID (CID) and an associated processor key (CK) and including a memory, at a first time, storing a personalization data ID (PDID) and associated personalization data (PD) in the memory, at a later time, sending the CID and the PDID to a security provider and receiving an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD, computing, in the device, a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV), and storing the result in the memory, wherein a second function ƒ is used to compute the value of AV, such that AV=ƒ(CK, PDK), and ƒ includes an inverse function of function g, such that g(CK, ƒ(CK, PDK))=PDK, thereby assigning the personalization data key PDK to the device. Related methods and hardware are also described.

Citations

23 Claims

1. A method for assigning a key to a device, the method comprising:
- providing a device having a processor ID (CID) and an associated processor key (CK) and comprising a memory;
  
  at a first time, storing a personalization data ID (PDID) and associated personalization data (PD) in the memory;
  
  at a later time, sending the CID and the PDID to a security provider and receiving an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD;
  
  computing, in the device, a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV); and
  
  storing the result in the memory,wherein a second function ƒ
  
  is used to compute the value of AV, such that AV=ƒ
  
  (CK, PDK), and f comprises an inverse function of function g, such that g(CK, ƒ
  
  (CK, PDK))=PDK,thereby assigning the personalization data key PDK to the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 19, 20, 21, 22, 23)
- - 2. The method according to claim 1, and wherein the sending the CID and the PDID to the secret owner is performed by at least one of:
    - the device; and
      
      a device manufacturer.
  - 3. The method according to claim 1 wherein the device comprises at least one of:
    - an integrated circuit; and
      
      specialized software.
  - 4. The method according to claim 1 and wherein the device comprises a secure kernel.
  - 5. The method according to claim 4 and also comprising:
    - the secure chip using PDK for at least one of;
      
      decryption of at least a part of the PD; and
      
      signature validation of at least a part of the PD,thereby enabling use of the PD by the secure chip.
  - 6. The method according to claim 1 wherein function ƒ
    - comprises a cryptographic encryption function and function g comprises a cryptographic decryption function.
  - 7. The method according to claim 1 wherein function ƒ
    - comprises a cryptographic decryption function and function g comprises a cryptographic encryption function.
  - 8. The method according to claim 6 and wherein the cryptographic encryption function comprises AES encryption, and the cryptographic decryption function comprises AES decryption.
  - 9. The method according to claim 6 and wherein the cryptographic encryption function comprises DES encryption, and the cryptographic decryption function comprises DES decryption.
  - 10. The method according to claim 6 and wherein the cryptographic encryption function comprises 3DES encryption, and the cryptographic decryption function comprises 3DES decryption.
  - 11. The method according to claim 6 and wherein the cryptographic encryption function comprises SERPENT encryption, and the cryptographic decryption function comprises SERPENT decryption.
  - 12. The method according to claim 6 and wherein the cryptographic encryption function comprises IDEA encryption, and the cryptographic decryption function comprises IDEA decryption.
  - 13. The method according to claim 1 and wherein the AV is digitally signed.
  - 14. The method according to claim 13 and wherein the digital signature comprises an asymmetric digital signature.
  - 15. The method according to claim 13 and wherein the digital signature comprises a symmetric digital signature.
  - 16. The method according to claim 13 and wherein the function g verifies the correctness of the digital signature.
  - 19. The method according to claim 7 and wherein the cryptographic encryption function comprises AES encryption, and the cryptographic decryption function comprises AES decryption.
  - 20. The method according to claim 7 and wherein the cryptographic encryption function comprises DES encryption, and the cryptographic decryption function comprises DES decryption.
  - 21. The method according to claim 7 and wherein the cryptographic encryption function comprises 3DES encryption, and the cryptographic decryption function comprises 3DES decryption.
  - 22. The method according to claim 7 and wherein the cryptographic encryption function comprises SERPENT encryption, and the cryptographic decryption function comprises SERPENT decryption.
  - 23. The method according to claim 7 and wherein the cryptographic encryption function comprises IDEA encryption, and the cryptographic decryption function comprises IDEA decryption.

17. A system for assigning a key to a device, the system comprising:
- a device having a processor ID (CID) and an associated processor key (CK) and comprising a memory;
  
  a personalization data ID (PDID) and associated personalization data (PD) being stored in the memory at a first time;
  
  apparatus operative to send, at a later time, the CID and the PDID to a security provider and receive an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD;
  
  a processor comprised in the device, operative to compute a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV); and
  
  the result being stored in the memory,wherein a second function ƒ
  
  is used to compute the value of AV, such that AV=ƒ
  
  (CK, PDK), and ƒ
  
  comprises an inverse function of function g, such that g(CK, ƒ
  
  (CK, PDK))=PDK,thereby assigning the personalization data key PDK to the device.

18. A system for assigning a key to a device, the system comprising:
- means for providing a device having a processor ID (CID) and an associated processor key (CK) and comprising a memory;
  
  means for storing, at a first time, a personalization data ID (PDID) and associated personalization data (PD) in the memory;
  
  means for sending, at a later time, the CID and the PDID to a security provider and receiving an activation value (AV) back from the security provider, the activation value AV being based, at least in part, on the CK and a personalization data key (PDK) associated with the PDID and the PD;
  
  means for computing, in the device, a result, based, at least in part, on the CK and the activation value, the result being produced by applying a first function g to the CK and the AV, such that the result=g(CK, AV); and
  
  means for storing the result in the memory,wherein a second function ƒ
  
  is used to compute the value of AV, such that AV=ƒ
  
  (CK, PDK), and ƒ
  
  comprises an inverse function of function g, such that g(CK, ƒ
  
  (CK, PDK))=PDK,thereby assigning the personalization data key PDK to the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
NDS Limited (Cisco Systems, Inc.)
Inventors
Fraenkel, Ittael, Levy, Yaakov Jordan, Belenky, Yaacov

Application Number

US12/733,233
Publication Number

US 20100215180A1
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

G06F 21/73   by creating or determining ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 9/0891   Revocation or update of sec...

Replacement of keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Replacement of keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links