Secure, easy and/or irreversible customization of cryptographic device
First Claim
1. A cryptographic device, comprising:
- means for performing one or more cryptographic operations; and
a data storage device or devices for storing access permission data representing the availability of one or more cryptographic characteristics in accordance with which one or more of the cryptographic operations are performed, wherein the data storage device or devices are adapted to enable all of the access permission data of the cryptographic device to be stored in the data storage device or devices after manufacture of the cryptographic device such that once a value or values of the access permission data are stored in the data storage device or devices, the value or values of the access permission data cannot be changed.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention enables a cryptographic device to be easily, securely and/or irreversibly customized to provide specified cryptographic functionality. For example, the invention can enable easy and secure modification (expansion, reduction or changing) of application code (which interacts with code stored on a cryptographic device) via the exposure of, for example, the mathematical primitive operations available on the cryptographic device. In particular, the invention can enable modification of available cryptographic operations at a relatively high level of programming abstraction, thus enabling such modification to be accomplished relatively easily. Further, the invention can enable the modification to be accomplished in a manner that does not necessitate or allow access by the application developer to other operations of the cryptographic device, thus providing security for the proprietary code and/or cryptographic keys of other persons or entities that may be present on the cryptographic device. The invention can also enable specification of permissible cryptographic characteristics of a cryptographic device from a set of available cryptographic characteristics of the cryptographic device. In particular, such specification can be done (at device fulfillment, for example) in a manner that is irreversible, thus enabling the cryptographic device to satisfy export regulations for cryptographic devices and/or to meet customer requirements for device security.
42 Citations
24 Claims
-
1. A cryptographic device, comprising:
-
means for performing one or more cryptographic operations; and a data storage device or devices for storing access permission data representing the availability of one or more cryptographic characteristics in accordance with which one or more of the cryptographic operations are performed, wherein the data storage device or devices are adapted to enable all of the access permission data of the cryptographic device to be stored in the data storage device or devices after manufacture of the cryptographic device such that once a value or values of the access permission data are stored in the data storage device or devices, the value or values of the access permission data cannot be changed. - View Dependent Claims (2, 3)
-
-
4. A computer readable storage medium or media of a cryptographic device, the computer readable storage medium or media encoded with instructions and/or data, comprising:
-
instructions and/or data for performing one or more cryptographic operations; and access permission data stored in accordance with a predefined data structure, the access permission data representing an availability of one or more cryptographic characteristics in accordance with which one or more cryptographic operations are performed by the cryptographic device, wherein all of the access permission data is stored in a storage medium or media after manufacture of the cryptographic device such that once a value or values of the access permission data are stored in the storage medium or media, the value or values of the access permission data cannot be changed. - View Dependent Claims (5, 6)
-
-
7. A cryptographic device, comprising:
-
a processor for executing instructions and/or accessing data to perform one or more cryptographic operations that each necessitate the performance of one or more sub-operations; one or more data storage devices for storing a first set of instructions and/or data used to perform one or more sub-operations of a cryptographic operation, and a second set of instructions and/or data, distinct from the first set of instructions and/or data, used to perform the one or more cryptographic operations, wherein the second set of instructions and/or data includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed; and means for allowing access to the first set of instructions and/or data from a device external to the cryptographic device. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer readable storage medium or media encoded with one or more computer programs for enabling performance of cryptographic operations, comprising:
-
a first set of instructions and/or data used to perform one or more sub-operations of a cryptographic operation; a second set of instructions and/or data, distinct from the first set of instructions and/or data, used to perform the one or more cryptographic operations, wherein the second set of instructions and/or data includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed; and a third set of instructions and/or data for allowing access to the first set of instructions and/or data from a device external to a cryptographic device of which the computer readable storage medium or media are part. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A cryptographic device, comprising:
-
a processor for executing instructions and/or accessing data to perform one or more cryptographic operations that each necessitate the performance of one or more sub-operations; one or more data storage devices for storing a first set of instructions and/or data used to perform one or more sub-operations of a cryptographic operation, and a second set of instructions and/or data, distinct from the first set of instructions and/or data, used to perform the one or more cryptographic operations, wherein the second set of instructions and/or data includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed; and means for enabling a third set of instructions and/or data that is distinct from both the first and second sets of instructions and/or data, that is used to perform one or more cryptographic operations, and that includes one or more instructions that cause performance of instructions and/or access of data from the first set of instructions and/or data so that one or more of the sub-operations are performed to, after manufacture of the cryptographic device, be stored on the one or more data storage devices. - View Dependent Claims (23, 24)
-
Specification