SECURE FACTORY DATA GENERATION AND RESTORATION
First Claim
1. A system for managing factory-generated data for an electronic device, the system comprising:
- a first factory server coupled to one or more storage systems, to store calibration data generated for one or more modules of the electronic device, the calibration data associated with the one or more modules via a module identifier that is unique to each of the modules, and to transmit the calibration data to the one or more storage systems;
a second factory server coupled to the one or more storage systems, to retrieve the calibration data associated with the one or more modules from the one or more storage systems, and to assemble a set of factory data for the electronic device, the factory data including the calibration data, the factory data associated with the electronic device via a device identifier that is unique to the electronic device; and
a sealing server coupled to the one or more storage systems, the sealing server to, in response to a request from the electronic device, authenticate the set of factory data for the electronic device via the module identifier of each module, and to create a cryptographic association between the set of factory data and the electronic device after the authentication, wherein a manifest of the cryptographic association is stored on the electronic device.
1 Assignment
0 Petitions
Accused Products
Abstract
In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory-generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.
-
Citations
20 Claims
-
1. A system for managing factory-generated data for an electronic device, the system comprising:
-
a first factory server coupled to one or more storage systems, to store calibration data generated for one or more modules of the electronic device, the calibration data associated with the one or more modules via a module identifier that is unique to each of the modules, and to transmit the calibration data to the one or more storage systems; a second factory server coupled to the one or more storage systems, to retrieve the calibration data associated with the one or more modules from the one or more storage systems, and to assemble a set of factory data for the electronic device, the factory data including the calibration data, the factory data associated with the electronic device via a device identifier that is unique to the electronic device; and a sealing server coupled to the one or more storage systems, the sealing server to, in response to a request from the electronic device, authenticate the set of factory data for the electronic device via the module identifier of each module, and to create a cryptographic association between the set of factory data and the electronic device after the authentication, wherein a manifest of the cryptographic association is stored on the electronic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of authenticating factory-generated data for an electronic device, the method comprising:
-
receiving a request to cryptographically sign a set of factory-generated data associated with modules of the electronic device, the request including a certificate of the electronic device and signed with a cryptographic signature of the electronic device; verifying the authenticity of the signature of the request, and when the request is authentic, verifying each element in the set of factory data; and cryptographically signing the set of factory data when each element in the set of factory data is authentic. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. An electronic device comprising:
-
a storage module to store factory-generated data; at least one electronic module having factory-generated data stored on the storage module, the factory-generated data including calibration or provisioning data for the at least one electronic module; and one or more processors having one or more processor cores, each processor coupled to memory, the storage module, and the at least one electronic module, at least one of the one or more processors configured to perform a trust verification on the factory-generated data stored on the storage module before loading the factory-generated data into memory. - View Dependent Claims (20)
-
Specification