APPARATUS AND METHOD FOR A MULTI-ENTITY SECURE SOFTWARE TRANSFER

US 20160142386A1
Filed: 11/14/2014
Published: 05/19/2016
Est. Priority Date: 11/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method for a multi-entity secure software transfer, comprising:

configuring a communication interface controller at each trusted hardware entity of a first hardware entity and a second hardware entity to disallow all external access except a communication link configuration access;

establishing the communication link between the first hardware entity and the second hardware entity;

configuring write access from the second hardware entity to only a first storage at the first hardware entity; and

writing the secure software received from the second hardware entity via the communication link to the first storage at the first hardware entity.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system embodying the method for a multi-entity secure software transfer, comprising, configuring a communication interface controller at each trusted hardware entity of a first hardware entity and a second hardware entity to disallow all external access except a communication link configuration access; establishing the communication link between the first hardware entity and the second hardware entity; configuring write access from the second hardware entity to only a first storage at the first hardware entity; and writing the secure software received from the second hardware entity via the communication link to the first storage at the first hardware entity, are disclosed.

24 Citations

View as Search Results

23 Claims

1. A method for a multi-entity secure software transfer, comprising:
- configuring a communication interface controller at each trusted hardware entity of a first hardware entity and a second hardware entity to disallow all external access except a communication link configuration access;
  
  establishing the communication link between the first hardware entity and the second hardware entity;
  
  configuring write access from the second hardware entity to only a first storage at the first hardware entity; and
  
  writing the secure software received from the second hardware entity via the communication link to the first storage at the first hardware entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method as claimed in claim 1, further comprising:
    - copying the secure software from the first storage to a second storage at the first hardware entity;
      
      retrieving from a third storage at the first hardware entity a public key; and
      
      authenticating the secure software in the second storage using the public key.
  - 3. The method as claimed in claim 2, further comprises:
    - retrieving from the third storage an encryption key;
      
      decrypting the secure software in the second storage using the encryption key.
  - 4. The method as claimed in claim 1, wherein both the first hardware entity and the second hardware entity are trusted hardware entities.
  - 5. The method as claimed in claim 4, further comprising:
    - programming an authorization key into the third storage at each of the multi-entities by the hardware entities'"'"' manufacturer.
  - 6. The method as claimed in claim 4, further comprising:
    - retrieving from the third storage a link key; and
      
      encrypting the communication over the communication link by the link key.
  - 7. The method as claimed in claim 6, further comprising:
    - determining presence of a link key in the third storage;
      
      establishing the link key when the determining is negative; and
      
      programming the link key into the third storage.
  - 8. The method as claimed in claim 7, wherein the establishing a link key comprises:
    - retrieving an authorization key from the third storage;
      
      establishing trust between the first hardware entity and the second hardware entity using the authorization key; and
      
      establishing the link key by a key-exchange algorithm.
  - 9. The method as claimed in claim 4, further comprising:
    - retrieving from a third storage at the second hardware entity a link key; and
      
      encrypting the communication over the communication link by the link key.
  - 10. The method as claimed in claim 9, further comprising:
    - determining presence of a link key in the third storage;
      
      establishing the link key when the determining is negative; and
      
      programming the link key into the third storage.
  - 11. The method as claimed in claim 10, wherein the establishing a link key comprises:
    - retrieving an authorization key from the third storage;
      
      establishing trust between the first hardware entity and the second hardware entity using the authorization key; and
      
      establishing the link key by a key-exchange algorithm.
  - 12. The method as claimed in claim 9, further comprising:
    - configuring the communication interface controller at each of the first hardware entity and the second hardware entity to increase external access.

13. An apparatus for a multi-entity secure software transfer, comprising:
- a first hardware entity comprising a communication interface controller, a first storage comprising the secure software, and a controller communicatively coupled to the communication interface controller and the first storage; and
  
  a second hardware entity, comprising a communication interface controller, a first storage, and a controller communicatively coupled to the communication interface controller and the first storage;
  
  whereinthe controller at each trusted hardware entity is configured to cause the communication interface controller to disallow all external access except a communication link configuration access;
  
  the first hardware entity'"'"'s controller and the second hardware entity'"'"'s controller are configured to establish the communication link; and
  
  the second hardware entity'"'"'s controller is further configured, to allow write access from the first hardware entity to only the first storage, and to write to the first storage the secure software received over the communication link from the second hardware entity.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The apparatus as claimed in claim 13, wherein the second hardware entity further comprises:
    - a second storage communicatively coupled to the controller; and
      
      a third storage communicatively coupled to the controller;
      
      whereinthe controller is configured to copy the secure software from the first storage to the second storage, to retrieve from the third storage a public key, and to authenticate the secure software in the second storage using the public key.
  - 15. The apparatus as claimed in claim 14, wherein the controller is further configured to:
    - retrieve from the third storage an encryption key; and
      
      decrypt the secure software in the second storage using the encryption key.
  - 16. The apparatus as claimed in claim 13, wherein both the first hardware entity and the second hardware entity are trusted hardware entities.
  - 17. The apparatus as claimed in claim 16, wherein the first hardware entity further comprises:
    - a third storage; and
      
      wherein an authorization key is programmed into the third storage at each of the multi-entities by the hardware entities'"'"' manufacturer.
  - 18. The apparatus as claimed in claim 16, wherein the controller is further configured to:
    - retrieve from the third storage a link key;
      
      encrypt the communication over the communication link by the link key; and
      
      configure the communication interface controller to increase external access.
  - 19. The apparatus as claimed in claim 18, wherein the controller is further configured to:
    - determine presence of a link key in the third storage;
      
      establish a link key when the determining is negative; and
      
      program the link key into the third storage.
  - 20. The apparatus as claimed in claim 19, wherein the controller establishes a link key by being configured to:
    - retrieve an authorization key from the third storage;
      
      establish trust between the first hardware entity and the second hardware entity using the authorization key; and
      
      establish the link key by a key-exchange algorithm.
  - 21. The apparatus as claimed in claim 16, wherein the second hardware entity further comprises:
    - a third storage communicatively coupled to the controller; and
      
      wherein the controller is further configured to retrieve from the third storage a link key, to encrypt the communication over the communication link by the link key, and to configure the communication interface controller to increase external access.
  - 22. The apparatus as claimed in claim 21, wherein the controller is further configured to:
    - determine presence of a link key in the third storage;
      
      establish a link key when the determining is negative; and
      
      program the link key into the third storage.
  - 23. The apparatus as claimed in claim 22, wherein the controller establishes a link key by being configured to:
    - retrieve an authorization key from the third storage;
      
      establish trust between the first hardware entity and the second hardware entity using the authorization key; and
      
      establish the link key by a key-exchange algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Asia Pte Limited (Marvell Technology Group Limited)
Original Assignee
Cavium, LLC (Marvell Technology Group Limited)
Inventors
Snyder, Wilson Parkhurst II

Granted Patent

US 10,798,108 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/126   the source of the received ...

H04L 67/141   Setup of application sessio...

H04L 67/34   involving the movement of s...

APPARATUS AND METHOD FOR A MULTI-ENTITY SECURE SOFTWARE TRANSFER

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR A MULTI-ENTITY SECURE SOFTWARE TRANSFER

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links