System and method for control of security configurations

US 8,225,087 B2
Filed: 11/21/2008
Issued: 07/17/2012
Est. Priority Date: 07/29/2002
Status: Expired due to Term

First Claim

Patent Images

1. A device having configurable security, comprising:

a data memory configured to store configuration information;

a cipher engine configured to encrypt data using either a first encryption technique or a second encryption technique, stronger than the first encryption technique, based on the configuration information stored in the data memory, wherein the configuration information initially instructs the cipher engine to encrypt data using the first encryption technique; and

a configuration manager configured;

(i) to receive a new configuration information via a network connection, the new configuration information indicating whether a server has determined that the cipher engine is authorized by an export compliance authority to use a second encryption technique stronger than the first encryption technique,(ii) to authenticate the new configuration information, and,(iii) if the new configuration information is determined to be authentic and indicates that the server has determined that the cipher engine is authorized by the export compliance authority to use the second encryption technique, to store the new configuration information in the data memory to configure the cipher engine to encrypt data using the second encryption technique.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for using cryptographic techniques to configure data processing systems. A configuration manager cryptographically controls the configuration of a system by ensuring that only authorized users or applications can change the configuration. For example, requests to change configuration information may include authenticated and/or encrypted data. These cryptographic techniques are employed to enable and/or disable functions, features and capabilities of a system. For example, a system may be reconfigured to provide strong or weak encryption based on parameters in the configuration information.

Citations

28 Claims

1. A device having configurable security, comprising:
- a data memory configured to store configuration information;
  
  a cipher engine configured to encrypt data using either a first encryption technique or a second encryption technique, stronger than the first encryption technique, based on the configuration information stored in the data memory, wherein the configuration information initially instructs the cipher engine to encrypt data using the first encryption technique; and
  
  a configuration manager configured;
  
  (i) to receive a new configuration information via a network connection, the new configuration information indicating whether a server has determined that the cipher engine is authorized by an export compliance authority to use a second encryption technique stronger than the first encryption technique,(ii) to authenticate the new configuration information, and,(iii) if the new configuration information is determined to be authentic and indicates that the server has determined that the cipher engine is authorized by the export compliance authority to use the second encryption technique, to store the new configuration information in the data memory to configure the cipher engine to encrypt data using the second encryption technique.
- View Dependent Claims (2, 5, 6, 7, 8, 22)
- - 2. The device of claim 1, wherein the first encryption technique is a weak encryption technique.
  - 5. The device of claim 1, wherein the configuration manager is configured to enable or disable one or more parallel computational components in response to the new configuration information.
  - 6. The device of claim 1, wherein the configuration manager is configured to decrypt the new configuration information.
  - 7. The device of claim 1, wherein the second encryption technique uses a key having greater than 64 bits and the first encryption technique uses a key having 64 bits or less.
  - 8. The device of claim 1, wherein the configuration manager is configured to only store the new configuration information in the data memory to configure the cipher engine when modification of the configuration information is enabled.
  - 22. The device of claim 1, wherein the first encryption technique uses a longer key than the second encryption technique.

3. The device of 1, wherein the configuration manager is configured to adjust a clock speed in response to the new configuration information.
- View Dependent Claims (4)
- - 4. The device of claim 3, wherein the configuration manager is configured to enable or disable one or more parallel computational components in response to the new configuration information.

9. A system for configuring security of a host device initially configured to use a first encryption technique, comprising:
- a registration application configured to enable a user to register the host device with an export compliance authority, determines that the host device is authorized to use a second encryption technique that is stronger than the first encryption technique, and, upon receiving approval of the export compliance authority, to send data to the host device via one or more networks, the data indicating that the registration application has determined that the host device is authorized to use the second encryption technique,wherein the data instructs the host device to use the second encryption technique.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 23)
- - 10. The system of claim 9, wherein the data sent to the host device is able to instruct the host device to adjust a clock speed of the host.
  - 11. The system of claim 10, wherein the data sent to the host device is able to instruct the host device to enable or disable one or more parallel computational components of the host device.
  - 12. The system of claim 9, wherein the data sent to the host device is able to instruct the host device to enable or disable further modification of the host device'"'"'s security configuration.
  - 13. The system of claim 9, wherein the export compliance authority is a Department of Commerce application.
  - 14. The system of claim 9, wherein the data sent to the host device comprises configuration information and information to authenticate the configuration information to the host device, wherein the configuration information instructs the host device to update a security configuration of the host device.
  - 15. The system of claim 9, wherein the data sent to the host device comprises an upgrade utility, wherein the host device is configured to execute the upgrade utility to update a security configuration of the host device.
  - 23. The system of claim 9, wherein the first encryption technique uses a longer key than the second encryption technique.

16. A method for configuring security of a host device initially configured to use a first encryption technique, comprising:
- (a) enabling a user to register the host device with an export compliance authority;
  
  (b) receiving an approval of the export compliance authority that the host device is authorized to use a second encryption technique stronger than the first encryption technique; and
  
  (c) upon receiving the approval of the export compliance authority, sending data to the host device via one or more networks, the data indicating that the host device is authorized to use the second encryption technique,wherein the data instructs the host device to use the second encryption technique.
- View Dependent Claims (17, 18, 19, 20, 24)
- - 17. The method of claim 16, wherein the data instructs the host device to adjust a clock speed.
  - 18. The method of claim 17, wherein the data instructs the host device to enable or disable one or more parallel computational components.
  - 19. The method of claim 16, wherein the data instructs the host device to disable further modification of the host device'"'"'s security configuration.
  - 20. The method of claim 16, wherein said step (b) comprises receiving the approval of a Department of Commerce application.
  - 24. The method of claim 16, wherein first encryption technique uses a longer key than the second encryption technique.

21. A mobile device having configurable security, comprising:
- a data memory configured to store configuration information;
  
  a cipher engine configured to enable or disable a security feature of the mobile device based on the configuration information stored in the data memory, wherein the configuration information initially instructs the cipher engine to disable the security feature; and
  
  a configuration manager configured;
  
  (i) to receive a new configuration information via a network connection, the new configuration information indicating whether a server has determined that the cipher engine is authorized to use the security feature,(ii) to authenticate the new configuration information, and,(iii) if the new configuration information is determined to be authentic and indicates that the server has determined that the cipher engine is authorized to use the security feature, to store the new configuration information in the data memory to enable the security feature of the mobile device.

25. A device having configurable security, comprising:
- a data memory configured to store configuration information;
  
  a cipher engine configured to encrypt data using either a first encryption or a second encryption based on the configuration information stored in the data memory; and
  
  a configuration manager configured to receive a new configuration information via a network connection, to authenticate the new configuration information, and, if the new configuration information is authentic, to store the new configuration information in the data memory to configure the cipher engine to encrypt data using either the first encryption or the second encryption,wherein the configuration manager is configured to adjust a clock speed in response to the new configuration information.
- View Dependent Claims (26)
- - 26. The device of claim 25, wherein the configuration manager is configured to enable or disable one or more parallel computational components in response to the new configuration information.

27. A system for configuring security of a host device, comprising:
- a registration application configured to enable a user to register the host device with an export compliance authority and, upon receiving approval of the export compliance authority, to send data to the host device via one or more networks,wherein the data instructs the host device whether to use either a first encryption or a second encryption, wherein the data sent to the host device is able to instruct the host device to adjust a clock speed of the host.

28. A method for configuring security of a host device, comprising:
- (a) enabling a user to register the host device with an export compliance authority;
  
  (b) receiving an approval of the export compliance authority; and
  
  (c) sending data to the host device via one or more networks upon receiving the approval of the export compliance authority,wherein the data instructs the host device whether to use either a first encryption or a second encryption, wherein the data instructs the host device to adjust a clock speed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark L.
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Lakhia, Viral

Application Number

US12/275,551
Publication Number

US 20090106555A1
Time in Patent Office

1,334 Days
Field of Search

726 1- 6, 726 17- 19, 713/155, 713/166, 713/156, 713/168, 713/173, 713/176, 713/182, 713/189, 705/67
US Class Current

713/155
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

System and method for control of security configurations

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for control of security configurations

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links