VERIFICATION AND PROTECTION OF GENUINE SOFTWARE INSTALLATION USING HARDWARE SUPER KEY

US 20120079277A1
Filed: 09/24/2010
Published: 03/29/2012
Est. Priority Date: 09/24/2010
Status: Active Grant

First Claim

Patent Images

1. A management engine device, comprising logic to:

retrieve a user key by applying a user key decryption algorithm to an encrypted user key received from a user application;

create a management engine key by applying a management engine key creation algorithm to the user key;

encrypt the management engine key by applying a management engine key encryption algorithm to the management engine key;

send the encrypted management engine key to a remote server;

retrieve a server key by applying a server key decryption algorithm to an encrypted server key received from the remote server, the management engine device to receive the encrypted server key from the remote server in response to sending the management engine key to the remote server;

perform a hash combination of the user key, the management engine key, and the server key to create a super key;

perform an authentication of the super key; and

send a management engine certification to the user application in response to the super key being successfully authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device, system, and method are disclosed. In one embodiment the device receives a user key from a user application. The device then creates a management engine key by applying a management engine key creation algorithm to the user key. Then the device sends the management engine key to a remote server. Later, the device retrieves a server key from the remote server. The device next performs a hash combination of the user key, the management engine key, and the server key to create a super key. Once the super key has been created, the device authenticates the super key, and if the super key is valid, the device then sends a management engine certification to the user application.

10 Citations

View as Search Results

24 Claims

1. A management engine device, comprising logic to:
- retrieve a user key by applying a user key decryption algorithm to an encrypted user key received from a user application;
  
  create a management engine key by applying a management engine key creation algorithm to the user key;
  
  encrypt the management engine key by applying a management engine key encryption algorithm to the management engine key;
  
  send the encrypted management engine key to a remote server;
  
  retrieve a server key by applying a server key decryption algorithm to an encrypted server key received from the remote server, the management engine device to receive the encrypted server key from the remote server in response to sending the management engine key to the remote server;
  
  perform a hash combination of the user key, the management engine key, and the server key to create a super key;
  
  perform an authentication of the super key; and
  
  send a management engine certification to the user application in response to the super key being successfully authenticated.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The management engine of claim 1, further comprising:
    - a memory storage location to store at least a super key master value, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
  - 3. The management engine of claim 1, wherein the encrypted user key and the certification are sent between the user application and the management engine via an out-of-band channel.
  - 4. The management engine of claim 1, wherein the management engine key and the encrypted server key are sent between the management engine and the remote server via an out-of-band channel.
  - 5. The management engine of claim 1, wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
  - 6. The management engine of claim 1, further comprising:
    - memory storage locations to store at least the user key, the management engine key, and the server key.

7. A system, comprising:
- a management engine toretrieve a user key by applying a user key decryption algorithm to an encrypted user key received from a user application;
  
  create a management engine key by applying a management engine key creation algorithm to the user key;
  
  encrypt the management engine key by applying a management engine key encryption algorithm to the management engine key;
  
  send the encrypted management engine key to a remote server;
  
  retrieve a server key by applying a server key decryption algorithm to an encrypted server key received from the remote server, the management engine to receive the encrypted server key from the remote server in response to sending the management engine key to the remote server;
  
  perform a hash combination of the user key, the management engine key, and the server key to create a super key; and
  
  perform an authentication of the super key; and
  
  send a management engine certification to the user application in response to the super key being successfully authenticated; and
  
  the remote server toreceive the encrypted management engine key from the security engine;
  
  retrieve the management engine key by applying a management engine key decryption algorithm to the encrypted management engine key;
  
  retrieve the user key by applying a reversed management engine key creation algorithm to the management engine key;
  
  create a server key by applying a server key creation algorithm to the user key;
  
  encrypt the server key by applying a server key encryption algorithm to the server key; and
  
  send the encrypted server key to the management engine.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the management engine further comprises:
    - a memory storage location to store at least a super key master value, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
  - 9. The system of claim 7, further comprising:
    - an out-of-band channel to communicatively couple the management engine with the user application, wherein the encrypted user key and the certification are sent between the user application and the management engine via the out-of-band channel.
  - 10. The system of claim 7, further comprising:
    - an out-of-band channel to communicatively couple the management engine with the remote server, wherein the management engine key and the encrypted server key are sent between the management engine and the remote server via an out-of-band channel.
  - 11. The system of claim 7, wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
  - 12. The system of claim 7, wherein the server key creation algorithm comprises a server cryptographic hash function, wherein the user key is input into the hash function and the server key is the resulting output of the hash function.

13. A method, comprising:
- retrieving a user key by applying a user key decryption algorithm to an encrypted user key received from a user application;
  
  creating a management engine key by applying a management engine key creation algorithm to the user key;
  
  encrypting the management engine key by applying a management engine key encryption algorithm to the management engine key;
  
  sending the encrypted management engine key to a remote server;
  
  retrieving a server key by applying a server key decryption algorithm to an encrypted server key received from the remote server, the management engine to receive the encrypted server key from the remote server in response to sending the management engine key to the remote server;
  
  performing a hash combination of the user key, the management engine key, and the server key to create a super key;
  
  performing an authentication of the super key; and
  
  sending a management engine certification to the user application in response to the super key being successfully authenticated.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising:
    - storing at least a super key master value in a management engine, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
  - 15. The method of claim 13, further comprising:
    - sending the encrypted user key and the certification between the user application and the management engine via an out-of-band channel.
  - 16. The method of claim 13, further comprising:
    - sending the management engine key and the encrypted server key between the management engine and the remote server via an out-of-band channel.
  - 17. The method of claim 13, wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
  - 18. The method of claim 14, further comprising:
    - storing the user key, the management engine key, and the server key in separate storage locations in the management engine.

19. A management engine device, comprising logic to:
- receive a user key from a user application;
  
  create a management engine key by applying a management engine key creation algorithm to the user key;
  
  send the management engine key to a remote server;
  
  retrieve a server key from the remote server, the management engine device to receive the encrypted server key from the remote server in response to sending the management engine key to the remote server;
  
  perform a hash combination of the user key, the management engine key, and the server key to create a super key;
  
  perform an authentication of the super key; and
  
  send a management engine certification to the user application in response to the super key being successfully authenticated.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The management engine of claim 19, further comprising:
    - a memory storage location to store at least a super key master value, wherein the super key is successfully authenticated when the hash combination value is equivalent to the super key master value.
  - 21. The management engine of claim 19, wherein the user key and the certification are sent between the user application and the management engine via an out-of-band channel.
  - 22. The management engine of claim 19, wherein the management engine key and the server key are sent between the management engine and the remote server via an out-of-band channel.
  - 23. The management engine of claim 19, wherein the management engine key creation algorithm comprises a management engine cryptographic hash function, wherein the user key is input into the hash function and the management engine key is the resulting output of the hash function.
  - 24. The management engine of claim 19, further comprising:
    - memory storage locations to store at least the user key, the management engine key, and the server key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Ng, Patrick

Granted Patent

US 8,522,030 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 8/61   Installation

H04L 2209/12   Details relating to cryptog...

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/18   using different networks or...

H04L 9/0822   using key encryption key

VERIFICATION AND PROTECTION OF GENUINE SOFTWARE INSTALLATION USING HARDWARE SUPER KEY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

VERIFICATION AND PROTECTION OF GENUINE SOFTWARE INSTALLATION USING HARDWARE SUPER KEY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links