Method for secure distribution and configuration of asymmetric keying material into semiconductor devices
First Claim
Patent Images
1. A method comprising:
- transferring at least a first bundle to a first destination via a first link; and
transferring at least a second bundle to the first destination via a first out-of-band information carrying mechanism;
transferring a plurality of bundles to a second destination, each of the plurality of bundles including a key, a key identifier and an integrity check value and the plurality of bundles includes a third bundle arid a fourth bundle, the third bundle is a plurality of second part bundle encryption key (BEKp2) bundles, each of the BEKp2 bundles includes a second part of a bundle encryption key and a combined integrity check value associated with a first encryption key and a second encryption key;
storing a current sort encryption key (SEK) at the first destination in an internal memory;
storing a next SEK at the first destination in the internal memory;
providing the electronic component to the second destination; and
recovering a private key at the second destination from a key bundle based on the current SEK, the next SEK and the plurality of bundles received at the second destination.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method is described to secure transfer data from one location to another for storage in an electronic component. The transfer occurs with part of the data routed to a first destination and the remaining data routed to a second destination. The data routed to the first destination is for securely loading a current sort encrypted key (SEK) and a next SEK into memory of the electronic component. The data routed to the second destination includes a private key which is recovered using the current SEK and the next SEK.
18 Citations
16 Claims
-
1. A method comprising:
-
transferring at least a first bundle to a first destination via a first link; and
transferring at least a second bundle to the first destination via a first out-of-band information carrying mechanism;
transferring a plurality of bundles to a second destination, each of the plurality of bundles including a key, a key identifier and an integrity check value and the plurality of bundles includes a third bundle arid a fourth bundle, the third bundle is a plurality of second part bundle encryption key (BEKp2) bundles, each of the BEKp2 bundles includes a second part of a bundle encryption key and a combined integrity check value associated with a first encryption key and a second encryption key;
storing a current sort encryption key (SEK) at the first destination in an internal memory;
storing a next SEK at the first destination in the internal memory;
providing the electronic component to the second destination; and
recovering a private key at the second destination from a key bundle based on the current SEK, the next SEK and the plurality of bundles received at the second destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification