SECURE DYNAMIC ON CHIP KEY PROGRAMMING

US 20130163764A1
Filed: 03/22/2012
Published: 06/27/2013
Est. Priority Date: 03/28/2011
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning an integrated circuit with confidential data, the method comprisingreceiving in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key,deriving in the integrated circuit the transport key by applying a key derivation function to a customer identifier, the customer identifier having been previously stored in the integrated circuit,decrypting in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data,deriving in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier, the integrated circuit identifier having been previously stored in the integrated circuit,encrypting in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, andstoring the re-encrypted confidential data in a confidential data memory of the integrated circuit.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provisioning an integrated circuit with confidential data, by receiving in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key, deriving in the integrated circuit the transport key by applying a key derivation function to a customer identifier, the customer identifier having been previously stored in the integrated circuit, decrypting in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data, deriving in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier, the integrated circuit identifier having been previously stored in the integrated circuit, encrypting in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, and storing the re-encrypted confidential data in a confidential data memory of the integrated circuit.

33 Citations

View as Search Results

11 Claims

1. A method for provisioning an integrated circuit with confidential data, the method comprisingreceiving in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key,deriving in the integrated circuit the transport key by applying a key derivation function to a customer identifier, the customer identifier having been previously stored in the integrated circuit,decrypting in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data,deriving in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier, the integrated circuit identifier having been previously stored in the integrated circuit,encrypting in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, andstoring the re-encrypted confidential data in a confidential data memory of the integrated circuit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as in claim 1, wherein the re-encrypted confidential data is stored in a one-time programmable memory of the integrated circuit.
  - 3. A method as in claim 2, wherein the re-encrypted confidential data is stored one bit at a time in the one-time programmable memory by a controller of the integrated circuit after the encrypted confidential data has been received completely.
  - 4. A method as in claim 1, whereinthe transport key is derived with the AES algorithm from a master transport key and the customer ID,and/orthe product key is derived with the AES algorithm from a master transport key and the integrated circuit identifier.
  - 5. A method as in claim 4, wherein the AES algorithm is executed with an AES engine, the result of a derivation being stored in an internal register of the AES engine.
  - 6. A method as in claim 1, wherein the confidential data comprises a secret key.
  - 7. A method as in claim 6, further comprising verifying that the stored secret key is correct, the verifying comprising:
    - decrypting, with the product key and within the integrated circuit, the re-encrypted secret key stored in the confidential data memory of the integrated circuit, to obtain a resulting key,encrypting a test vector embedded in the integrated circuit with the resulting key, to obtain a computed fingerprint, andcomparing the computed fingerprint with an expected fingerprint.
  - 8. A method as in claim 6, wherein the confidential data comprises a checksum of the secret key, and further comprising:
    - during a secure boot sequence, computing a checksum of the key that is stored in the confidential memory,compare the computed checksum to the received checksum, andif the computed checksum and the received checksum do not match, stopping the secure boot sequence so that the integrated circuit is not usable
  - 9. A method as in claim 1 further comprisingreceiving the customer identifier, andstoring the received customer identifier one bit at a time in a one-time programmable customer memory by a controller of the integrated circuit after the customer identifier has been received completely;
    - and/orreceiving the integrated circuit identifier, andstoring the received integrated circuit identifier one bit at a time in a one-time programmable customer memory by a controller of the integrated circuit after the integrated circuit identifier has been received completely.

10. Method for distributing confidential data comprisingderiving a transport key by applying a key derivation function to a customer identifier,sending the transport key to a customer,at the customer, encrypting confidential data with the transport key,sending the encrypted confidential data to a programming facility, andat the programming facility, provisioning an integrated circuit with the encrypted confidential data.

11. An integrated circuit configured for provisioning with confidential data, the integrated circuit comprisinga receiver configured to receive in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key,a customer identifier storage configured to a stored customer identifier,a transport key deriver configured to derive in the integrated circuit the transport key by applying a key derivation function to the customer identifier,a decrypting module configured to decrypt in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data,a integrated circuit identifier storage configured to stored an integrated circuit identifier,a product key deriver configured to derive in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier,an encrypting module to encrypt in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, anda confidential data memory configured to store the re-encrypted confidential data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
NXP B.V. (NXP Semiconductors NV)
Inventors
van den Berg, Henricus Hubertus, Gouraud, Thierry

Granted Patent

US 10,110,380 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

G06F 21/572   Secure firmware programming...

H04L 2209/12   Details relating to cryptog...

H04L 2463/061   applying further key deriva...

H04L 9/08   Key distribution or managem...

H04L 9/0822   using key encryption key

H04L 9/0866   involving user or device id...

H04W 12/35   Protecting application or s...

SECURE DYNAMIC ON CHIP KEY PROGRAMMING

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DYNAMIC ON CHIP KEY PROGRAMMING

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links