System and method for configuring and registering a cryptographic device
First Claim
1. A method for configuring a cryptographic device comprising:
- loading a device serial number into a non-volatile memory of the cryptographic device;
producing a key within the cryptographic device the key being stored in the non-volatile memory;
producing a cryptographic key pair within the cryptographic device the cryptographic key pair including a public key and a private key;
encrypting the private key with the key; and
exporting the device serial number, the public key and the private key encrypted with the key to a database remotely located from the cryptographic device without storage of the public key and the private key internally within the cryptographic device.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method for configuring and registering a cryptographic device. The configuration phase involves loading a device serial number (DSER) and a symmetric key (SK) into non-volatile memory of the cryptographic device. The non-volatile memory is integrated with processing logic of the cryptographic device. DSER is provided by an external source while SK is generated within the cryptographic device. The registration phase involves providing DSER to a database that contains cryptographic information associated with each cryptographic device manufactured. The cryptographic information includes at least a public key and a private key encrypted with SK. DSER is used to locate the appropriate cryptographic information and to transmit the cryptographic information to an electronic system having the cryptographic device.
315 Citations
18 Claims
-
1. A method for configuring a cryptographic device comprising:
-
loading a device serial number into a non-volatile memory of the cryptographic device; producing a key within the cryptographic device the key being stored in the non-volatile memory; producing a cryptographic key pair within the cryptographic device the cryptographic key pair including a public key and a private key; encrypting the private key with the key; and exporting the device serial number, the public key and the private key encrypted with the key to a database remotely located from the cryptographic device without storage of the public key and the private key internally within the cryptographic device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for registering a cryptographic device comprising:
-
establishing a communication channel between a database and an electronic system implemented with the cryptographic device, the cryptographic device including non-volatile memory storing a key and a device serial number; transmitting a message to the database, the message including the device serial number contained in the cryptographic device; and receiving a public key and a private key encrypted with the key associated with the cryptographic device, the public key and the private key having been originally generated internally within the cryptographic device but now stored within the database in lieu of the cryptographic device itself. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a chipset; a non-volatile memory element coupled to the chipset; a cryptographic device coupled to the chipset, the cryptographic device including processing logic having a small amount of device non-volatile memory, the non-volatile memory containing a device serial number and a key; and a transceiver to download a public key of the system and a corresponding private key encrypted with the key into the non-volatile memory during registration, the public and private keys having been originally generated internally within the cryptographic device during a prior configuration stage for exclusive storage outside the cryptoraphic device prior to registration.
-
-
15. A cryptographic device comprising:
-
a random number generator to generate at least one random number to produce a symmetric key, a public key and a private key associated with the cryptographic device; a non-volatile memory including the symmetric key; and a processing unit coupled to the random number generator and the non-volatile memory, the processing unit to control (i) loading of the key into the non-volatile memory, (ii) encrypting of the private key with the symmetric key, and (iii) outputting of the public key and the encrypted private key without storage of the public key and the private key within the cryptographic device during configuration of the cryptographic device. - View Dependent Claims (16, 17, 18)
-
Specification