Programming non-volatile memory in a secure processor

US 8,601,247 B2
Filed: 10/09/2009
Issued: 12/03/2013
Est. Priority Date: 11/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a number to use as a small-signature private key;

computing a signature with a small-signature algorithm;

programming, by a manufacturer during the manufacturing of a device, a compressed certificate into a chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature;

enabling, in operation, a calling application to obtain a device certificate generated at the device using the device ID, the small-signature private key, the issuer ID, and the signature of the compressed certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, wherein the public key is a function of the small-signature private key, and wherein the device certificate is larger than the compressed certificate.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.

Citations

9 Claims

1. A method comprising:
- providing a number to use as a small-signature private key;
  
  computing a signature with a small-signature algorithm;
  
  programming, by a manufacturer during the manufacturing of a device, a compressed certificate into a chip-internal non-volatile memory of the device, wherein the compressed certificate includes a device ID, the small-signature private key, an issuer ID, and the signature;
  
  enabling, in operation, a calling application to obtain a device certificate generated at the device using the device ID, the small-signature private key, the issuer ID, and the signature of the compressed certificate, wherein the device certificate is a function of the device ID, the issuer ID, the signature, and a public key, wherein the public key is a function of the small-signature private key, and wherein the device certificate is larger than the compressed certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising programming the number in read-only memory (ROM) of the device.
  - 3. The method of claim 1, further comprising generating the number as a secret seed random number.
  - 4. The method of claim 1, further comprising computing the number using an elliptic curve digital signature algorithm (DSA).
  - 5. The method of claim 1, further comprising:
    - receiving a request for the device certificate from the calling application;
      
      reading the device ID, the small-signature private key, the issuer ID, and the signature from the non-volatile memory of the device;
      
      computing the public key as a function of the small-signature private key and common parameters;
      
      constructing the device certificate as a function of the device ID, the issuer ID, the public key, the signature, and the common parameters;
      
      providing the device certificate to the calling application.
  - 6. The method of claim 1, further comprising incrementing a runtime state of the device.
  - 7. The method of claim 3, further comprising:
    - receiving a request for a random number from the calling application;
      
      generating the random number from the number;
      
      incrementing a runtime state of the device based on the generated random number.
  - 8. The method of claim 3, further comprising:
    - generating a key from the number and a sequence number;
      
      receiving a request for a random number from the calling application;
      
      generating the random number from the key and a runtime state of the device;
      
      incrementing the runtime state of the device based on the generated random number.
  - 9. The method of claim 1, further comprising:
    - receiving the device certificate;
      
      storing the device certificate in system external storage;
      
      retrieving the device certificate from the system external storage as the device certificate is needed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Acer Cloud Technology, Inc. (Acer, Inc.)
Inventors
Srinivasan, Pramila, Princen, John
Primary Examiner(s)
Poltorak, Peter

Application Number

US12/576,904
Publication Number

US 20100095134A1
Time in Patent Office

1,516 Days
Field of Search

None
US Class Current

713/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/71   to assure secure computing ...

G06F 21/72   in cryptographic circuits

G06F 21/73   by creating or determining ...

H04L 2209/603   Digital right managament [DRM]

H04L 9/0869   involving random numbers or...

H04L 9/3066   involving algebraic varieti...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Programming non-volatile memory in a secure processor

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Programming non-volatile memory in a secure processor

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links