System and method for control of security configurations
First Claim
Patent Images
1. A device having configurable security, comprising:
- a data memory configured to store configuration information;
a cipher engine configured to encrypt data using either a first encryption technique or a second encryption technique, stronger than the first encryption technique, based on the configuration information stored in the data memory, wherein the configuration information initially instructs the cipher engine to encrypt data using the first encryption technique; and
a configuration manager configured;
(i) to receive a new configuration information via a network connection, the new configuration information indicating whether a server has determined that the cipher engine is authorized by an export compliance authority to use a second encryption technique stronger than the first encryption technique,(ii) to authenticate the new configuration information, and,(iii) if the new configuration information is determined to be authentic and indicates that the server has determined that the cipher engine is authorized by the export compliance authority to use the second encryption technique, to store the new configuration information in the data memory to configure the cipher engine to encrypt data using the second encryption technique.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for using cryptographic techniques to configure data processing systems. A configuration manager cryptographically controls the configuration of a system by ensuring that only authorized users or applications can change the configuration. For example, requests to change configuration information may include authenticated and/or encrypted data. These cryptographic techniques are employed to enable and/or disable functions, features and capabilities of a system. For example, a system may be reconfigured to provide strong or weak encryption based on parameters in the configuration information.
-
Citations
28 Claims
-
1. A device having configurable security, comprising:
-
a data memory configured to store configuration information; a cipher engine configured to encrypt data using either a first encryption technique or a second encryption technique, stronger than the first encryption technique, based on the configuration information stored in the data memory, wherein the configuration information initially instructs the cipher engine to encrypt data using the first encryption technique; and a configuration manager configured; (i) to receive a new configuration information via a network connection, the new configuration information indicating whether a server has determined that the cipher engine is authorized by an export compliance authority to use a second encryption technique stronger than the first encryption technique, (ii) to authenticate the new configuration information, and, (iii) if the new configuration information is determined to be authentic and indicates that the server has determined that the cipher engine is authorized by the export compliance authority to use the second encryption technique, to store the new configuration information in the data memory to configure the cipher engine to encrypt data using the second encryption technique. - View Dependent Claims (2, 5, 6, 7, 8, 22)
-
- 3. The device of 1, wherein the configuration manager is configured to adjust a clock speed in response to the new configuration information.
-
9. A system for configuring security of a host device initially configured to use a first encryption technique, comprising:
-
a registration application configured to enable a user to register the host device with an export compliance authority, determines that the host device is authorized to use a second encryption technique that is stronger than the first encryption technique, and, upon receiving approval of the export compliance authority, to send data to the host device via one or more networks, the data indicating that the registration application has determined that the host device is authorized to use the second encryption technique, wherein the data instructs the host device to use the second encryption technique. - View Dependent Claims (10, 11, 12, 13, 14, 15, 23)
-
-
16. A method for configuring security of a host device initially configured to use a first encryption technique, comprising:
-
(a) enabling a user to register the host device with an export compliance authority; (b) receiving an approval of the export compliance authority that the host device is authorized to use a second encryption technique stronger than the first encryption technique; and (c) upon receiving the approval of the export compliance authority, sending data to the host device via one or more networks, the data indicating that the host device is authorized to use the second encryption technique, wherein the data instructs the host device to use the second encryption technique. - View Dependent Claims (17, 18, 19, 20, 24)
-
-
21. A mobile device having configurable security, comprising:
-
a data memory configured to store configuration information; a cipher engine configured to enable or disable a security feature of the mobile device based on the configuration information stored in the data memory, wherein the configuration information initially instructs the cipher engine to disable the security feature; and a configuration manager configured; (i) to receive a new configuration information via a network connection, the new configuration information indicating whether a server has determined that the cipher engine is authorized to use the security feature, (ii) to authenticate the new configuration information, and, (iii) if the new configuration information is determined to be authentic and indicates that the server has determined that the cipher engine is authorized to use the security feature, to store the new configuration information in the data memory to enable the security feature of the mobile device.
-
-
25. A device having configurable security, comprising:
-
a data memory configured to store configuration information; a cipher engine configured to encrypt data using either a first encryption or a second encryption based on the configuration information stored in the data memory; and a configuration manager configured to receive a new configuration information via a network connection, to authenticate the new configuration information, and, if the new configuration information is authentic, to store the new configuration information in the data memory to configure the cipher engine to encrypt data using either the first encryption or the second encryption, wherein the configuration manager is configured to adjust a clock speed in response to the new configuration information. - View Dependent Claims (26)
-
-
27. A system for configuring security of a host device, comprising:
-
a registration application configured to enable a user to register the host device with an export compliance authority and, upon receiving approval of the export compliance authority, to send data to the host device via one or more networks, wherein the data instructs the host device whether to use either a first encryption or a second encryption, wherein the data sent to the host device is able to instruct the host device to adjust a clock speed of the host.
-
-
28. A method for configuring security of a host device, comprising:
-
(a) enabling a user to register the host device with an export compliance authority; (b) receiving an approval of the export compliance authority; and (c) sending data to the host device via one or more networks upon receiving the approval of the export compliance authority, wherein the data instructs the host device whether to use either a first encryption or a second encryption, wherein the data instructs the host device to adjust a clock speed.
-
Specification