Key transformation unit for a tamper resistant module
First Claim
1. A method for securely loading an executable software application from an application provider onto a tamper resistant module (TRM) having a memory over a communications network, said method comprising the steps of:
- providing a TRM private key and a TRM public key for said TRM;
encrypting at least one portion of said executable software application using an associated transport key, each said portion also having an associated location;
creating an application unit which comprises said portion of said executable software application;
encrypting said associated transport key and an indicator of said associated location using said TRM public key;
forming a key transformation unit (KTU), said KTU comprising said associated transport key and said indicator;
transmitting said application unit and said KTU to said TRM;
decrypting said KTU using said TRM private key to recover said associated transport key and said indicator;
identifying said portion of said executable software application;
decrypting said portion of said executable software application using said associated transport key; and
storing said portion of said executable software application in said memory on said TRM for subsequent execution.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).
159 Citations
24 Claims
-
1. A method for securely loading an executable software application from an application provider onto a tamper resistant module (TRM) having a memory over a communications network, said method comprising the steps of:
-
providing a TRM private key and a TRM public key for said TRM; encrypting at least one portion of said executable software application using an associated transport key, each said portion also having an associated location; creating an application unit which comprises said portion of said executable software application; encrypting said associated transport key and an indicator of said associated location using said TRM public key; forming a key transformation unit (KTU), said KTU comprising said associated transport key and said indicator; transmitting said application unit and said KTU to said TRM; decrypting said KTU using said TRM private key to recover said associated transport key and said indicator; identifying said portion of said executable software application; decrypting said portion of said executable software application using said associated transport key; and storing said portion of said executable software application in said memory on said TRM for subsequent execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Tamper resistant module (TRM) apparatus, comprising:
-
at least one TRM having a memory; an executable software application provided by a software application provider to said TRM; a communications link coupled to said TRM and to said software application provider; a TRM public key and a TRM private key for said TRM; and an arrangement;
wherein;a portion of said executable software application is encrypted by said software application provider using an associated transport key, each said portion having an associated location; an application unit is created, said application unit comprising said portion of said executable software application; said associated transport key and an indicator of said associated location are encrypted using said TRM public key; a key transformation unit (KTU) is formed, said KTU comprising said associated transport key and said indicator; said application unit and said KTU are transmitted to said TRM over said communications link; said KTU is decrypted on said TRM using said TRM private key to recover said associated transport key and said indicator; said portion of said executable software application is identified; said portion of said executable software application is decrypted on said TRM using said associated transport key for each said portion to recover said executable software application; and said executable software application is stored on said TRM for subsequent execution. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for securely loading an executable software application over a communications network from an application provider onto a personal computer (PC) having at least one tamper resistant module (TRM), said method comprising the steps of:
-
providing a PC and TRM combination (PC/TRM) with a PC/TRM private key and a PC/TRM public key; encrypting a portion of said executable software application using an associated transport key, said portion also having an associated location; creating an application unit comprising said encrypted portion; encrypting said associated transport key and an indicator of said associated location using said PC/TRM public key; forming a key transformation unit (KTU) comprising said encrypted associated transport key and said indicator; transmitting said application unit and said KTU to said PC/TRM; decrypting said KTU using said PC/TRM private key to recover said associated transport key and said indicator; identifying said portion of said executable software application; decrypting said portion using said associated transport key; and storing said portion of said executable software application in said PC/TRM for subsequent execution.
-
-
24. Apparatus comprising:
-
a personal computer (PC) having at least one tamper resistant module (TRM), each PC and TRM combination (PC/TRM) having a memory; an executable software application provided by a software application provider to said PC/TRM; a communications link coupled to said PC/TRM and to said software application provider; a PC/TRM public key and a PC/TRM private key for said PC/TRM; and an arrangement;
wherein;a portion of said executable software application is encrypted by said software application provider using an associated transport key, said portion having an associated location; an application unit is created, said application unit comprising said encrypted portion of said executable software application; said associated transport key and an indicator of said associated location are encrypted using said PC/TRM public key; a key transformation unit (KTU) is formed, said KTU comprising said associated transport key and said indicator; said application unit and said KTU are transmitted to said PC/TRM over said communications link; said KTU is decrypted on said PC/TRM using said PC/TRM private key to recover said associated transport key and said indicator; said portion of said executable software application is identified; said portion of said executable software application is decrypted on said PC/TRM using said associated transport key for said portion to recover said executable software application; and said executable software application is stored on said TRM for subsequent execution.
-
Specification