Data encryption security module
First Claim
1. An information delivery system comprisingan access control system,an information protection system, anda plurality of subscriber terminals, wherein said access control system, said information protection system and said plurality of subscriber terminals each include a security module formed on an integrated circuit chip, said security module comprisinggenerator comprising means, responsive to receipt of particular stimuli via an input terminal, for generating at least a unique serial number (Sid) that is thereafter directly used to uniquely identify the security module and for generating a public key (KPid) as a function of said unique serial number, said generator further comprising;
- means for generating a symmetrical encryption key as a function of said unique serial number and a public key associated with and generated by another security module,means, responsive to receipt of an encrypted program encryption key from said other security module for decrypting said encrypted program encryption key using said symmetrical key,means for generating a device unique key (Slocal) and said program encryption key, andmeans for encrypting at least said serial number and said program encryption key using said device unique key and storing the encrypted results in memory internal to the integrated circuit.
3 Assignments
0 Petitions
Accused Products
Abstract
We have recognized that there is a strong need to control and maintain the secrecy of the intelligence that may be used by computers to communicate with another, for example, by encrypting the messages that they exchange with one another. Thus, the encryption keys used to encrypt such messages need to be managed in a highly secure manner. Accordingly, we provide an encryption module, which, in accord with an aspect of the invention, generates a unique device encryption key (Slocal), a cryptographic key formed from a unique identification key (Sid) and an associated public key (KPid), and at least one program encryption key, in which the public key is generated as a function of the unique identification key. The module then encrypts the unique identification key and program encryption key using said device encryption key and stores the encrypted result in memory internal to security module, thereby securing the keys against misappropriation. In addition, the module provides a mechanism for using the program encryption key to encrypt information that it receives from an external source and store the encrypted information in memory external to the security module, and responsive to receiving from a requester a request for the program encryption key, encrypting the program encryption key, in accord with an aspect of the invention, using a symmetrical encryption key generated as a function of a public key generated by a security module associated with the requester. The former security module then supplies the encrypted program encryption key to the requester.
-
Citations
14 Claims
-
1. An information delivery system comprising
an access control system, an information protection system, and a plurality of subscriber terminals, wherein said access control system, said information protection system and said plurality of subscriber terminals each include a security module formed on an integrated circuit chip, said security module comprising generator comprising means, responsive to receipt of particular stimuli via an input terminal, for generating at least a unique serial number (Sid) that is thereafter directly used to uniquely identify the security module and for generating a public key (KPid) as a function of said unique serial number, said generator further comprising; -
means for generating a symmetrical encryption key as a function of said unique serial number and a public key associated with and generated by another security module, means, responsive to receipt of an encrypted program encryption key from said other security module for decrypting said encrypted program encryption key using said symmetrical key, means for generating a device unique key (Slocal) and said program encryption key, and means for encrypting at least said serial number and said program encryption key using said device unique key and storing the encrypted results in memory internal to the integrated circuit. - View Dependent Claims (2, 3)
-
-
4. An integrated circuit chip comprising
means, responsive to particular stimuli, for generating at least a unique device encryption key (Slocal), a unique identification key (Sid) that is thereafter directly used to uniquely identify the integrated circuit chip and an associated public key (KPid), and at least one program encryption key, said public key being generated as a function of said unique identification key, means for encrypting the unique identification key and said at least one program encryption key using said device encryption key and storing the encrypted results in memory internal to the integrated circuit, and means, responsive to receiving from a requester a request for said at least one program encryption key, for encrypting at least one program encryption key using a symmetrical key generated as a function of (a) a public key generated by a security module associated with the requester, and (b) said unique identification key, and supplying the encrypted at least one program encryption key to the requester.
-
11. A method of operating a security module, formed on an integrated circuit chips said security module performing the steps comprising:
-
responsive to particular stimuli, generating a unique device encryption key (Slocal), a unique identification key (Sid) that is used directly thereafter to uniquely identify the integrated circuit chip and an associated public key (PKid), and at least one program encryption key, said public key being generated as a function of said unique identification key, encrypting said unique identification key and said at least one program encryption key using said device encryption key and storing the encrypted result in memory internal to said security module, encrypting particular information using said at least one program encryption key and storing the encrypted particular information in memory external to said security module, and responsive to receiving from a requester a request for said at least one program encryption key, encrypting said at least one program encryption key using a symmetrical key generated as a function of said unique identification key and a public key generated by a security module associated with the requester and supplying the encrypted at least one program encryption key to the requester. - View Dependent Claims (12, 13, 14)
-
Specification