Method for programming on-chip non-volatile memory in a secure processor, and a device so programmed
First Claim
Patent Images
1. A device comprising:
- on-chip non-volatile memory including;
a device ID;
a private key;
an issuer ID;
a first signature;
a certificate generating module coupled to the non-volatile memory configured to;
read the device ID, the private key, the issuer ID, and the first signature from the non-volatile memory;
compute a public key as a function of the private key;
construct a device certificate as a function of the device ID, the issuer ID, the public key, and the first signature;
an interface coupled to the certificate generating module, wherein, in operation, a request for the device certificate is received on the interface, the certificate generating module constructs the device certificate, and the device certificate is sent via the interface in response to the request;
wherein the device is further configured to;
create a temporary key pair having two keys, a temporary public key and a temporary private key, using a number generator;
create an application certificate by signing data including the temporary public key, using a stored private key;
using the temporary private key to compute a second signature as a function of a random number;
wherein the second signature and the random number are sent via the interface in response to the request, along with the device certificate.
4 Assignments
0 Petitions
Accused Products
Abstract
An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.
151 Citations
24 Claims
-
1. A device comprising:
-
on-chip non-volatile memory including; a device ID; a private key; an issuer ID; a first signature; a certificate generating module coupled to the non-volatile memory configured to; read the device ID, the private key, the issuer ID, and the first signature from the non-volatile memory; compute a public key as a function of the private key; construct a device certificate as a function of the device ID, the issuer ID, the public key, and the first signature; an interface coupled to the certificate generating module, wherein, in operation, a request for the device certificate is received on the interface, the certificate generating module constructs the device certificate, and the device certificate is sent via the interface in response to the request; wherein the device is further configured to; create a temporary key pair having two keys, a temporary public key and a temporary private key, using a number generator; create an application certificate by signing data including the temporary public key, using a stored private key; using the temporary private key to compute a second signature as a function of a random number; wherein the second signature and the random number are sent via the interface in response to the request, along with the device certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device, comprising:
-
a means for computing a public key as a function of a private key; a means for constructing a device certificate as a function of a device ID, an issuer ID, the public key, and a first signature; a means for receiving a request for the device certificate; a means for creating a temporary key pair having two keys, a temporary public key and a temporary private key, using a number generator; a means for creating an application certificate by signing data including the temporary public key, using a stored private key; a means for using the temporary private key to compute a second signature as a function of a pseudo-random number; a means for sending the second signature and the pseudo-random number in response to a request, along with the device certificate. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method, comprising:
using a computer processor; computing a public key as a function of a private key; constructing a device certificate as a function of a device ID, an issuer ID, the public key, and a first signature; receiving a request for the device certificate; creating a temporary key pair having two keys, a temporary public key and a temporary private key, using a number generator; creating an application certificate by signing data including the temporary public key, using a stored private key; using the temporary private key to compute a second signature as a function of a pseudo-random number; sending the second signature and the pseudo-random number in response to a request, along with the device certificate. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
Specification