METHODS CIRCUITS DEVICES AND SYSTEMS FOR PROVISIONING OF CRYPTOGRAPHIC DATA TO ONE OR MORE ELECTRONIC DEVICES

US 20110116635A1
Filed: 12/09/2010
Published: 05/19/2011
Est. Priority Date: 11/16/2009
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

a cryptographic material provisioning (CMP) module adapted to process a provisioning message with a first message portion which is encrypted with a native key of said device and includes first cryptographic material along with a first permissions data vector,wherein said CPM is further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods, circuit, devices and systems for provisioning cryptographic material to a target device. According to embodiments, a cryptographic material provisioning (CMP) module may be adapted to process a provisioning message with a first message portion which is encrypted with a native key of the target device and which includes first cryptographic material along with a first permissions data vector, wherein the CMP may be further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.

Citations

14 Claims

1. An electronic device comprising:
- a cryptographic material provisioning (CMP) module adapted to process a provisioning message with a first message portion which is encrypted with a native key of said device and includes first cryptographic material along with a first permissions data vector,wherein said CPM is further adapted to process data bits of a second portion of the provisioning message using the first cryptographic material and in accordance with usage limitations defined in the first permissions data vector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device according to claim 1, wherein the first cryptographic material is used to extract from the message a first functional key associated with at least a first process or application running on the device.
  - 3. The device according to claim 1, wherein some or all of the first message portion is digitally signed using the native key.
  - 4. The device according to claim 2, wherein said at least first process or application uses the first functional key for a process selected from the group consisting of (1) decrypting data, (2) encrypting data, (3) digital rights management, (4) signature generation, and (5) signature verification.
  - 5. The device according to claim 2, wherein said CPM is adapted to restrict usage of the first cryptographic material in accordance with a key type designated in the first permissions data vector.
  - 6. The device according to claim 1, wherein the data bits of the second portion of the provisioning message further include a second permissions data vector, and wherein said CPM is adapted to restrict usage of cryptographic material in the second portion in accordance with key types designated by both the first and second permissions data vectors.
  - 7. The device according to claim 6, wherein said CPM is adapted to process a third portion of the provisioning message using second cryptographic material from the second message portion.
  - 8. The device according to claim 7, wherein said CPM is adapted to regulate usage of the any extracted functional keys in accordance with all usage limitations of all permissions data vectors within the provisioning message.
  - 9. The device according to claim 1, wherein the first permissions data vector defines functional key types which may be included in the provisioning message.
  - 10. The device according to claim 9, wherein said CPM is adapted not to process cryptographic material in the provisioning message associated with functional keys of a type different from those types defined in the permission data vector.

11. A key provisioning message preamble generator comprising:
- an encryption module adapted to encrypt, using a native key of a target device, first cryptographic material along with a permissions data vector defining usage limitations of the first cryptographic material within the target device.
- View Dependent Claims (12, 13, 14)
- - 12. The generator according to claim 11, wherein said encryption module is further adapted to digitally sign the provisioning message preamble with the native key.
  - 13. The generator according to claim 12, wherein the native key is composed of two or more key shares stored on different mediums.
  - 14. The generator according to claim 13, wherein the native key is constructed from all shares as part of the process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Ltd. (United Kingdom) (SoftBank Group Corp.)
Original Assignee
Sansa Security, Inc. (SoftBank Group Corp.)
Inventors
BAR-EL, Hagai

Granted Patent

US 8,687,813 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 9/0877 using additional device, e....

H04L 9/088 Usage controlling of secret...

METHODS CIRCUITS DEVICES AND SYSTEMS FOR PROVISIONING OF CRYPTOGRAPHIC DATA TO ONE OR MORE ELECTRONIC DEVICES

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS CIRCUITS DEVICES AND SYSTEMS FOR PROVISIONING OF CRYPTOGRAPHIC DATA TO ONE OR MORE ELECTRONIC DEVICES

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links