Secure, easy and/or irreversible customization of cryptographic device

US 6,981,149 B1
Filed: 02/15/2002
Issued: 12/27/2005
Est. Priority Date: 01/27/1998
Status: Expired due to Term

First Claim

Patent Images

1. A cryptographic device, comprising:

means for performing one or more cryptographic operations; and

a data storage device or devices for storing access permission data representing the availability of one or more cryptographic characteristics in accordance with which one or more of the cryptographic operations are performed, wherein the data storage device or devices are adapted to enable all of the access permission data of the cryptographic device to be stored in the data storage device or devices after manufacture of the cryptographic device such that once a value or values of the access permission data are stored in the data storage device or devices, the value or values of the access permission data cannot be changed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention enables a cryptographic device to be easily, securely and/or irreversibly customized to provide specified cryptographic functionality. For example, the invention can enable easy and secure modification (expansion, reduction or changing) of application code (which interacts with code stored on a cryptographic device) via the exposure of, for example, the mathematical primitive operations available on the cryptographic device. In particular, the invention can enable modification of available cryptographic operations at a relatively high level of programming abstraction, thus enabling such modification to be accomplished relatively easily. Further, the invention can enable the modification to be accomplished in a manner that does not necessitate or allow access by the application developer to other operations of the cryptographic device, thus providing security for the proprietary code and/or cryptographic keys of other persons or entities that may be present on the cryptographic device. The invention can also enable specification of permissible cryptographic characteristics of a cryptographic device from a set of available cryptographic characteristics of the cryptographic device. In particular, such specification can be done (at device fulfillment, for example) in a manner that is irreversible, thus enabling the cryptographic device to satisfy export regulations for cryptographic devices and/or to meet customer requirements for device security.

42 Citations

View as Search Results

24 Claims

1. A cryptographic device, comprising:
- means for performing one or more cryptographic operations; and
  
  a data storage device or devices for storing access permission data representing the availability of one or more cryptographic characteristics in accordance with which one or more of the cryptographic operations are performed, wherein the data storage device or devices are adapted to enable all of the access permission data of the cryptographic device to be stored in the data storage device or devices after manufacture of the cryptographic device such that once a value or values of the access permission data are stored in the data storage device or devices, the value or values of the access permission data cannot be changed.
- View Dependent Claims (2, 3)
- - 2. A cryptographic device as in claim 1, wherein the data storage device is a programmable read-only memory.
  - 3. A cryptographic device as in claim 1, wherein the cryptographic characteristics include one or more of the following:
    - availability of direct access to one or more mathematical primitive operations, availability of public key encryption, permissible maximum length of public key, permissible maximum length of DES key, and availability of DES key encryption.

4. A computer readable storage medium or media of a cryptographic device, the computer readable storage medium or media encoded with instructions and/or data, comprising:
- instructions and/or data for performing one or more cryptographic operations; and
  
  access permission data stored in accordance with a predefined data structure, the access permission data representing an availability of one or more cryptographic characteristics in accordance with which one or more cryptographic operations are performed by the cryptographic device, wherein all of the access permission data is stored in a storage medium or media after manufacture of the cryptographic device such that once a value or values of the access permission data are stored in the storage medium or media, the value or values of the access permission data cannot be changed.
- View Dependent Claims (5, 6)
- - 5. A computer readable storage medium or media as in claim 4, wherein the cryptographic characteristics include one or more of the following:
    - availability of direct access to one or more mathematical primitive operations, availability of public key encryption, permissible maximum length of public key, permissible maximum length of DES key, and availability of DES key encryption.
  - 6. A computer readable storage medium or media as in claim 4, further comprising a programmable read-only memory for storing the access permission data.

7. A cryptographic device, comprising:
- a processor for executing instructions and/or accessing data to perform one or more cryptographic operations that each necessitate the performance of one or more sub-operations;
  
  one or more data storage devices for storing a first set of instructions and/or data used to perform one or more sub-operations of a cryptographic operation, and a second set of instructions and/or data, distinct from the first set of instructions and/or data, used to perform the one or more cryptographic operations, wherein the second set of instructions and/or data includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed; and
  
  means for allowing access to the first set of instructions and/or data from a device external to the cryptographic device.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. A cryptographic device as in claim 7, wherein the one or more sub-operations comprise one or more mathematical primitive operations.
  - 9. A cryptographic device as in claim 8, wherein the mathematical primitive operations include one or more of the following:
    - a mod reduce operation, an add operation, a subtract operation, a multiply operation, a divide operation, an exponentiate operation, an inverse modulo operation, an XOR operation, a DES operation and an random number generator operation.
  - 10. A cryptographic device as in claim 7, wherein the cryptographic operations include one or more of the following:
    - RSA encrypt, RSA decrypt, DSA sign, DSA verify, Diffie-Hellman and elliptic curve.
  - 11. A cryptographic device as in claim 7, wherein the first set of instructions and/or data used to perform one or more sub-operations are stored in a read-only memory device.
  - 12. A cryptographic device as in claim 11, wherein at least some of the second set of instructions and/or data used to perform the one or more cryptographic operations are stored in an erasable programmable read-only memory device.
  - 13. A cryptographic device as in claim 12, wherein at least some of the second set of instructions and/or data used to perform the one or more cryptographic operations are stored in a read-only memory device.
  - 14. A cryptographic device as in claim 7, wherein at least some of the second set of instructions and/or data used to perform the one or more cryptographic operations are stored in an erasable programmable read-only memory device.
  - 15. A cryptographic device as in claim 7, further comprising means for controlling access to the first and second sets of instructions and/or data, wherein:
    - the means for controlling access to the first and second set of instructions and/or data comprises the means for allowing access to the first set of instructions and/or data; and
      
      the means for allowing access to the first set of instructions and/or data does not enable access to the second set of instructions and/or data.
  - 16. A new cryptographic device as in claim 7, wherein the means for allowing comprises:
    - one or more data storage devices for storing access permission data representing the availability of access to the first set of instructions and/or data from a device external to the cryptographic device; and
      
      a processor for executing instructions and/or accessing data to evaluate a request from a device external to the cryptographic device, in view of the access permission data, to determine whether the external device is allowed to access the first set of instructions and/or data.

17. A computer readable storage medium or media encoded with one or more computer programs for enabling performance of cryptographic operations, comprising:
- a first set of instructions and/or data used to perform one or more sub-operations of a cryptographic operation;
  
  a second set of instructions and/or data, distinct from the first set of instructions and/or data, used to perform the one or more cryptographic operations, wherein the second set of instructions and/or data includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed; and
  
  a third set of instructions and/or data for allowing access to the first set of instructions and/or data from a device external to a cryptographic device of which the computer readable storage medium or media are part.
- View Dependent Claims (18, 19, 20, 21)
- - 18. A computer readable storage medium or media as in claim 17, wherein the one or more sub-operations comprise one or more mathematical primitive operations.
  - 19. A computer readable storage medium or media as in claim 18, wherein the mathematical primitive operations include one or more of the following:
    - a mod reduce operation, an add operation, a subtract operation, a multiply operation, a divide operation, an exponentiate operation, an inverse modulo operation, an XOR operation, a DES operation and an random number generator operation.
  - 20. A computer readable storage medium or media as in claim 17, wherein the cryptographic operations include one or more of the following:
    - RSA encrypt, RSA decrypt, DSA sign, DSA verify, Diffie-Hellman and elliptic curve.
  - 21. A computer readable storage medium or media as in claim 17, further comprising a fourth set of instructions and/or data for controlling access to the first and second sets of instructions and/or data, wherein:
    - the fourth set of instructions and/or data comprises the third set of instructions and/or data; and
      
      the third set of instructions and/or data does not enable access to the second set of instructions and/or data.

22. A cryptographic device, comprising:
- a processor for executing instructions and/or accessing data to perform one or more cryptographic operations that each necessitate the performance of one or more sub-operations;
  
  one or more data storage devices for storing a first set of instructions and/or data used to perform one or more sub-operations of a cryptographic operation, and a second set of instructions and/or data, distinct from the first set of instructions and/or data, used to perform the one or more cryptographic operations, wherein the second set of instructions and/or data includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed; and
  
  means for enabling a third set of instructions and/or data that is distinct from both the first and second sets of instructions and/or data, that is used to perform one or more cryptographic operations, and that includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed to, after manufacture of the cryptographic device, be stored on the one or more data storage devices.
- View Dependent Claims (23, 24)
- - 23. A cryptographic device as in claim 22, wherein the first set of instructions and/or data used to perform one or more sub-operations are stored in a read-only memory device.
  - 24. A cryptographic device as in claim 22, wherein at least some of the second and/or third sets of instructions and/or data used to perform one or more cryptographic operations are stored in an erasable programmable read-only memory device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SPEX Technologies, Inc.
Original Assignee
Spyrus, Inc.
Inventors
Sabett, Randy V., Piper, Gregory W., Housley, Russell D.
Primary Examiner(s)
Smithers, Matthew

Application Number

US10/077,841
Time in Patent Office

1,411 Days
Field of Search

713/189, 713/164, 713/166, 713/172
US Class Current

713/189
CPC Class Codes

H04L 9/06 the encryption apparatus us...

Secure, easy and/or irreversible customization of cryptographic device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secure, easy and/or irreversible customization of cryptographic device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links